Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Malware Threat [Solved]


  • This topic is locked This topic is locked

#16
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
The best thing would be to copy/paste it into your next reply. If that doesn't work you can attach it, or upload it to dropbox (or similar) and send me a share link.
  • 0

Advertisements


#17
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hi,
Herewith the report.
Cheers!
lox.

OTL logfile created on: 3/15/2013 8:19:13 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 87.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): Reg Error: Value error.

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.87 Gb Total Space | 1.75 Gb Free Space | 6.52% Space Free | Partition Type: FAT32
Drive D: | 3.94 Gb Total Space | 1.27 Gb Free Space | 32.33% Space Free | Partition Type: FAT32
Drive E: | 23.11 Gb Total Space | 12.54 Gb Free Space | 54.25% Space Free | Partition Type: NTFS
Drive F: | 1.29 Gb Total Space | 1.00 Gb Free Space | 77.71% Space Free | Partition Type: FAT
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet003

========== Win32 Services (SafeList) ==========

SRV - [2013/02/27 21:22:18 | 000,251,248 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 08:23:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2013/02/06 11:07:02 | 000,086,752 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2013/02/06 11:06:54 | 000,565,472 | ---- | M] (Avira Operations GmbH & Co. KG) [On_Demand] -- D:\Avira\AntiVir Desktop\AVWEBGRD.EXE -- (AntiVirWebService)
SRV - [2013/02/06 11:06:52 | 000,400,608 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Avira\AntiVir Desktop\avmailc.exe -- (AntiVirMailService)
SRV - [2013/02/06 11:06:52 | 000,110,816 | ---- | M] (Avira Operations GmbH & Co. KG) [Auto] -- D:\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2012/12/14 12:49:28 | 000,682,344 | ---- | M] (Malwarebytes Corporation) [Auto] -- E:\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2012/12/14 12:49:28 | 000,398,184 | ---- | M] (Malwarebytes Corporation) [Auto] -- E:\Malwarebytes' Anti-Malware\mbamscheduler.exe -- (MBAMScheduler)
SRV - [2012/09/05 15:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\ServicePackFiles\i386\hidserv.dll -- (HidServ)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [On_Demand] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz134)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/11 14:24:06 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/11 14:24:06 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 10:56:42 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/10/09 13:09:38 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 12:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2009/07/16 09:56:46 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/07/16 09:56:34 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam 3000(UVC)
DRV - [2009/07/16 09:55:02 | 000,265,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/01/25 06:23:48 | 000,009,600 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Program Files\PC Wizard 2008\pcwiz32.sys -- (cpuz129)
DRV - [2006/12/08 13:57:42 | 012,008,064 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2005/02/20 23:05:46 | 000,036,992 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005/01/25 20:41:50 | 000,330,368 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/12 19:04:18 | 000,057,984 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005/01/03 11:51:22 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2004/12/20 00:10:00 | 001,271,463 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/12/06 02:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2004/12/01 20:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/10/10 21:24:52 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/06/16 11:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2002/04/11 15:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2002/02/11 13:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 13:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://search.autoco...?si=7148&bi=400
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page = C:\Program Files\Common Files\Microsoft Shared\Stationery\Blank.htm
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://feed.helperba...q={searchTerms}
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL = http://search.autoco...?si=7148&bi=400
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,StartPage = about:blank
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://feed.helperba...q={searchTerms}
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,Search Page = http://search.autoco...?si=7148&bi=400
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://feed.helperba...q={searchTerms}
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_171.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Mozilla Firefox\components [2013/02/27 08:22:54 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Mozilla Firefox\plugins [2013/02/27 08:22:54 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2011/10/14 01:02:08 | 000,437,835 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {ae07101b-46d4-4a98-af68-0333ea26e113} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] D:\Avira\AntiVir Desktop\avgnt.exe (Avira Operations GmbH & Co. KG)
O4 - HKLM..\Run: [epm-dm] C:\Acer\ePM\EPM-DM.exe (Acer Inc)
O4 - Startup: C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk = X:\I386\SYSTEM32\RUNDLL32.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.DOBBIN.003_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Peter_Dewar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Peter_Dewar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - D:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - D:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - D:\Avira\AntiVir Desktop\avsda.dll (Avira Operations GmbH & Co. KG)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1342118079015 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342118067796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/16 19:31:08 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/03/07 00:58:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Peter Dewar\IECompatCache
[2013/03/07 00:50:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/03/07 00:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/03/07 00:36:16 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/03/07 00:35:43 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/03/07 00:35:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/03/07 00:35:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/03/07 00:35:40 | 002,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/03/07 00:35:35 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/03/06 09:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Revo Uninstaller
[2013/03/05 12:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Application Data\dll-files.com
[2013/03/05 12:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/03/05 12:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dll-Files Fixer
[2013/03/05 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2013/03/03 02:52:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Peter Dewar\Recent
[2013/02/16 17:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Desktop\Copy of Adobe
[2013/02/15 20:17:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Documents\My Kindle Content
[2013/02/15 20:15:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Amazon
[2013/02/15 20:15:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\Amazon
[2013/02/15 20:15:39 | 000,000,000 | ---D | C] -- C:\Program Files\Amazon
[2013/02/15 20:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/02/15 01:44:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\.explorer.local
[2013/02/15 01:44:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\.explorer.cache
[2011/09/20 07:00:38 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2011/09/18 18:32:10 | 015,199,352 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Peter Dewar\7zipfree_8675.exe

========== Files - Modified Within 30 Days ==========

[2013/03/10 01:16:42 | 095,023,320 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.pad
[2013/03/10 01:16:10 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 01:16:02 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/10 01:16:02 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls Startup.job
[2013/03/10 01:16:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2013/03/10 01:16:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\spmonitor.job
[2013/03/10 01:15:46 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/10 01:15:30 | 2138,554,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/10 00:56:00 | 000,003,334 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.js
[2013/03/10 00:56:00 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk
[2013/03/10 00:35:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/10 00:22:02 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/09 18:00:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/03/09 01:50:00 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files02.fnd
[2013/03/08 16:34:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/08 14:14:22 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files01.fnd
[2013/03/08 10:15:34 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\spider.sav
[2013/03/08 00:34:54 | 000,091,648 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2013/03/07 19:54:16 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Altavista.url
[2013/03/07 11:33:36 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Skyview help.url
[2013/03/07 00:58:42 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\IE8.lnk
[2013/03/07 00:44:34 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/06 20:09:04 | 000,437,332 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2013/03/06 20:09:04 | 000,070,212 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2013/03/06 14:59:56 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
[2013/03/06 14:59:56 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dll-Files Fixer.lnk
[2013/03/06 13:40:50 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/06 13:36:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/03/06 09:28:46 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/06 09:28:46 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2013/03/05 12:41:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013/03/05 12:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dll-Files Fixer
[2013/03/03 10:02:32 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/03 02:53:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2013/03/01 23:11:40 | 000,114,220 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\bumsite.jpg
[2013/03/01 21:24:12 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Lordoxford blog.url
[2013/03/01 16:54:26 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\UK Pressure.url
[2013/03/01 15:52:28 | 001,474,410 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\Blog_Publishing.pdf
[2013/03/01 15:48:52 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Blog01.url
[2013/03/01 13:02:50 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Meritline.url
[2013/02/27 21:22:16 | 000,691,568 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/02/27 21:22:16 | 000,071,024 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/02/25 15:37:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2013/02/25 11:43:50 | 000,408,683 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\Metal Detector-555.rtf
[2013/02/16 19:05:48 | 000,013,243 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.pdf
[2013/02/16 18:00:42 | 000,013,015 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.odg
[2013/02/15 20:15:58 | 000,001,543 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Kindle.lnk
[2013/02/15 12:35:56 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\eRLog.ini
[2013/02/13 23:16:52 | 000,001,473 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\IrfanView Thumbnails.lnk
[2013/02/13 23:16:52 | 000,000,593 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\IrfanView.lnk

========== Files Created - No Company Name ==========

[2013/03/10 00:55:58 | 000,003,334 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.js
[2013/03/10 00:55:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk
[2013/03/10 00:55:43 | 095,023,320 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.pad
[2013/03/09 01:49:59 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files02.fnd
[2013/03/08 14:14:20 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files01.fnd
[2013/03/07 11:26:19 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Skyview help.url
[2013/03/07 00:58:41 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\IE8.lnk
[2013/03/06 20:06:17 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/03/06 09:28:47 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\spmonitor.job
[2013/03/06 09:28:47 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2013/03/06 09:28:45 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/06 09:28:45 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2013/03/05 12:38:28 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013/03/05 12:38:27 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/03/05 12:38:06 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
[2013/03/05 12:38:06 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dll-Files Fixer.lnk
[2013/03/03 10:02:31 | 000,211,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/01 23:25:10 | 000,114,220 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\bumsite.jpg
[2013/03/01 21:15:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Lordoxford blog.url
[2013/03/01 16:54:12 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\UK Pressure.url
[2013/03/01 15:52:25 | 001,474,410 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\Blog_Publishing.pdf
[2013/03/01 15:48:40 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Blog01.url
[2013/03/01 13:02:40 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Meritline.url
[2013/02/25 15:37:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2013/02/25 11:43:48 | 000,408,683 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\Metal Detector-555.rtf
[2013/02/16 19:05:46 | 000,013,243 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.pdf
[2013/02/16 17:59:56 | 000,013,015 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.odg
[2013/02/15 20:15:57 | 000,001,543 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Kindle.lnk
[2013/02/13 23:16:51 | 000,001,473 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\IrfanView Thumbnails.lnk
[2013/02/13 23:16:51 | 000,000,593 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\IrfanView.lnk
[2013/02/05 13:02:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013/01/12 01:59:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2013/01/10 02:09:43 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/27 02:00:01 | 000,000,538 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2012/12/22 12:58:03 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/12/22 12:58:03 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/08/25 09:18:26 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\udownload.dat
[2012/08/21 21:28:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/07/13 00:35:45 | 000,160,301 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2012/07/13 00:35:45 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2012/04/14 10:17:39 | 000,286,209 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\PCCleanerpro Scam2.jpg
[2012/04/14 10:14:40 | 000,233,180 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\PCCleanerpro Scam.jpg
[2012/03/23 15:01:25 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2012/03/23 15:01:02 | 000,035,332 | ---- | C] () -- C:\WINDOWS\uninst.exe
[2012/03/23 15:00:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2012/03/23 14:59:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/03/23 12:24:41 | 000,112,540 | ---- | C] () -- C:\WINDOWS\restart.exe
[2012/02/15 22:09:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 14:18:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/01/17 17:54:45 | 000,048,536 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/07 21:31:17 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2011/10/11 22:16:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/20 10:43:26 | 000,000,703 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2011/09/20 07:00:39 | 012,008,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2011/09/20 07:00:39 | 000,025,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2011/09/20 07:00:39 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2011/09/20 01:25:59 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/09/18 18:42:37 | 000,009,030 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\188FmQ8
[2011/09/18 18:42:37 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\69AB9E7ADF.sys
[2011/09/18 18:42:29 | 000,008,466 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\aPH03i
[2011/09/18 18:41:14 | 000,003,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/09/18 18:39:54 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/09/18 18:30:24 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\BS.Player FREE.lnk
[2011/09/18 18:30:07 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\PC Tune-Up.lnk
[2011/09/18 18:30:03 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\RealPlayer.lnk
[2011/09/18 18:30:02 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Spybot - Search & Destroy.lnk
[2011/09/18 18:29:57 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Yahoo! Player.lnk
[2011/09/18 18:29:48 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Launch Internet Explorer Browser.lnk
[2011/09/18 18:22:33 | 000,009,030 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\188FmQ8
[2011/09/18 18:22:17 | 000,091,648 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/09/18 18:22:17 | 000,008,466 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\aPH03i
[2011/09/18 08:32:55 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011/06/24 12:38:34 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pythoncom27.dll
[2011/06/24 12:38:34 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\pywintypes27.dll
[2005/06/06 03:04:15 | 000,000,194 | ---- | C] () -- C:\WINDOWS\JohnCast.ini
[2005/03/16 19:54:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/16 19:45:57 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/16 19:45:56 | 000,000,328 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/16 19:45:56 | 000,000,225 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/16 19:43:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/03/16 19:31:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/16 19:19:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/16 19:19:38 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/16 19:19:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/03/16 19:19:37 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/03/16 19:19:37 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005/03/16 19:16:22 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/16 19:16:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2005/03/16 19:15:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/16 19:09:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/16 19:02:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/05/20 17:23:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\StartupMonitor.exe
[1980/01/01 00:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[1980/01/01 00:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[1980/01/01 00:00:00 | 000,589,824 | ---- | C] () -- C:\WINDOWS\ANTIV.EXE
[1980/01/01 00:00:00 | 000,437,332 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[1980/01/01 00:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[1980/01/01 00:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[1980/01/01 00:00:00 | 000,122,880 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\skype.dat
[1980/01/01 00:00:00 | 000,070,212 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[1980/01/01 00:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[1980/01/01 00:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[1980/01/01 00:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[1980/01/01 00:00:00 | 000,004,524 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[1980/01/01 00:00:00 | 000,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[1980/01/01 00:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[1980/01/01 00:00:00 | 000,000,089 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== LOP Check ==========

[2012/04/06 17:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SurfAnonymousFree
[2012/10/09 16:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera
[2009/10/18 03:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\NCode
[2008/09/23 03:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Moyea
[2010/01/21 10:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Modartt
[2009/06/13 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\LimeWire
[2009/03/08 12:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\InterTrust
[2010/02/13 12:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\IcoFX
[2008/09/27 09:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Free Download Manager
[2011/02/23 22:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Free AVI MPEG WMV MP4 FLV Video Joiner
[2008/11/30 07:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\WebEx
[2009/02/23 11:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\URSoft
[2008/10/17 00:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Uniblue
[2010/12/17 19:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Toolbar4
[2009/07/02 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Steinberg
[2009/02/26 12:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\SpinTop
[2008/09/27 18:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Software Informer
[2010/12/18 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Serif
[2010/10/06 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Remote Share
[2009/11/01 07:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\r2 Studios
[2009/11/30 19:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\PCPitstop
[2010/09/15 14:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\OutlookSync
[2010/09/15 14:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\OTi
[2009/09/04 08:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Opera
[2010/10/22 09:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Foxit
[2010/09/15 14:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\FolderSync
[2008/02/14 07:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\DNA
[2009/06/23 09:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/02 15:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Canon
[2010/09/15 23:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Canneverbe Limited
[2008/02/14 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\BitTorrent
[2010/10/22 09:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Foxit Software
[2011/09/27 16:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\ParetoLogic
[2011/09/27 16:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\DriverCure
[2011/12/22 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\SurfAnonymousFree
[2012/04/14 09:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\PCPro
[2012/05/29 01:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Docx2Rtf
[2012/05/29 01:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\NwDocx
[2012/07/20 23:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\XnView
[2012/08/17 22:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\IObit
[2012/10/04 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Partmap
[2012/11/17 17:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\ICAClient
[2012/11/22 16:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\SystemRequirementsLab
[2013/01/15 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\XYplorer
[2013/03/05 12:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\dll-files.com
[2008/09/19 01:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/10/18 03:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B9F9E1D5-C790-4BF3-916E-3090346AFDEB}
[2010/07/02 20:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/07/14 23:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2008/10/07 19:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/02/10 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/04 03:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/07 09:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/03/15 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/12/17 21:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2008/11/05 01:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2009/11/30 16:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/09/22 14:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/09 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/05/17 08:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/09/10 12:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2010/09/15 23:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/07 23:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/08/08 10:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2009/11/01 07:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2011/09/27 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/12/22 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SurfAnonymousFree
[2012/04/14 09:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/07/22 13:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6F638BFE1EDB7ABB004601467B07D329
[2012/10/04 23:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DesignSpark PCB
[2012/11/17 17:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2013/01/09 01:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\321399286846180E00003213671B1E2B
[2013/01/12 01:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software Publishing Ltd
[2013/02/15 20:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/03/05 12:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2012/12/15 03:12:34 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2013/03/09 18:00:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2013/01/25 03:02:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Privacy Controls_{528A8AB6-D399-11E1-85A5-0012F03C5722}.job
[2013/03/10 01:16:02 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/10 01:16:02 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Privacy Controls Startup.job
[2013/03/03 02:53:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2013/03/06 13:36:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/03/05 12:41:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
[2013/03/10 01:16:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedUpMyPC.job
[2013/03/10 01:16:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\spmonitor.job

========== Purity Check ==========


< End of report >
  • 0

#18
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi lordoxford,

This should get rid of the ransom screen. You also have a worm on your computer, so please don't use the flash drive needed for the step below for anything else until we can make sure it is clean. Also, avoid using any other flash drives or external drives that have been plugged into this computer.

Start OTLPE as you did previously from CD
Copy the attached Fix.txt to a USB

  • Insert your USB drive with fix.txt on it
  • Start OTLPE
  • Drag and drop fix.txt into the Custom scans and fixes box
  • If you cannot drag and drop for some reason. Then press the Run Fix button and a dialogue box will pop up asking for the location - select the file on your USB drive
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done to normal mode if possible

If the ransomware is gone now in normal mode, continue with these steps:

Step 1: Run OTL scan.

Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Please check the box next to Scan All Users.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.[list]
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

Step 2: Run adwCleaner.

Download AdwCleaner from here to your desktop
Run AdwCleaner and select Delete

Posted Image

Once done it will ask to reboot, allow this
On reboot a log will be produced at C:\ADWCleaner[XX].txt please attach that

Step 3: Run aswMBR.

Download aswMBR.exe to your desktop.
Double click the aswMBR.exe to run it Click the "Scan" button to start scan

Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply

Posted Image

Things I need in your next reply:
  • OTL log
  • Extras log
  • adwCleaner log
  • aswMBR log
  • How is your computer running now?

  • 0

#19
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hi,
Quite a programme to follow!
I Take it there are two "Fixes" necessary: (1) The "Ransom" and (2) the worm. I assume they are not related.
Do you recognise this worm? What does it do?
Not knowing when it attacked I must assume the 1TB drive, a 78GB drive and eight USB sticks are possible victims, then.
A lot of work to do.
Thanks so far!
lox.
  • 0

#20
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I am sorry. I forgot to attach the fix.txt for you to use in the first step.

Actually, we are taking out all the infections together.

When we are done with the computer, we will run a program to check the external drives. Don't use them until then.

Attached Files

  • Attached File  fix.txt   4KB   46 downloads

  • 0

#21
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I will send you a page on the worm later.
  • 0

#22
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I've searched everything that Fix.txt could have been "Attached" to!
However, with the end in sight I needed a giggle.
  • 0

#23
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I think our operations have blitzed the product key.
My only copy is (was) on the product label on the bottom of the machine.Half of this has worn off. Microsoft's local re-registration bureau would not accept the 48 char string I was instructed to enter - saying: "You may have been the victim of software piracy" - a fact I really needed to be advised of at this point.
Where is my product key stored (I suppose it is encrypted - no?)
  • 0

#24
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
I can help you get the product key, but I need to know where we stand.

Did you finish the steps? Did you find the fix.txt attached to this post?

Could you please post the logs I asked for?
  • 0

#25
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Yes I used your "Fix.txt" OK.
I understood you to say "Let it boot up as normally . . ." before starting your Step 1 (which generates OTP.log, the first of your required logs).
It is whilst letting it boot up from its HDD that I get the "Windows Product Activation" sequence of demands. I went through Microsoft's rigmarole of entering a specimen 48-character string using the phone keys and got the fatuous message about "Piracy" which I included in my last post. Log-on was refused.
The key that used to appear on "My Computer"'s properties' window which I always believed to be the software key (and which comes up if I use the key-finder currently on your boot-up CD)is rejected.
So no normal logon is possible yet.
lox.
  • 0

Advertisements


#26
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
Hi lordoxford,

I don't think the validation screen is legit. Usually, you can still log in before validating. Please boot from the CD again and run a fresh OTLPE scan so I can see what I might have missed (instructions below). Also, while you are booted to the CD, could you look for a log located in C:\_OTL\MovedFiles. It should be named with numbers describing the date and time when you ran the first fix. Please post that as well as the fresh scan.

  • Double-click on the OTLPE icon.
  • Select the Windows folder of the infected drive if it asks for a location
  • When asked "Do you wish to load the remote registry", select Yes
  • When asked "Do you wish to load remote user profile(s) for scanning", select Yes
  • Ensure the box "Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system.
  • Right click the file and select send to : select the USB drive.
  • Confirm that it has copied to the USB drive by selecting it
  • You can backup any files that you wish from this OS
  • Please post the contents of the C:\OTL.txt file in your reply.


  • 0

#27
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hi,
This is all getting a bit beyond me!
I found the "moved files" file you asked for. It is on a USB stick now.


On initiating OTLPE the program stopped in about one second having produced one file in "Notepad" which fills just one screen of type "Text documents".
"Run scan" was not offered - the program had stopped.

The system suggests this file be saved in "Moved files" under the filename "03172013_003057".
Folder "Moved files" already has a folder named "03172013_003057" and this contains a file of the same name. I've added "(2)" to the name of the new one and saved it to USB. Here they are:

(1)
========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint]> in the current context!
========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk moved successfully.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.pad moved successfully.
C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.js moved successfully.
File C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk not found.
C:\Documents and Settings\All Users\Application Data\188FmQ8 moved successfully.
C:\Documents and Settings\All Users\Application Data\69AB9E7ADF.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\aPH03i moved successfully.
C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\188FmQ8 moved successfully.
C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\aPH03i moved successfully.
C:\WINDOWS\system32\oembios.bin moved successfully.
C:\WINDOWS\system32\mlang.dat moved successfully.
C:\WINDOWS\ANTIV.EXE moved successfully.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfi009.dat moved successfully.
C:\WINDOWS\system32\dssec.dat moved successfully.
C:\Documents and Settings\Peter Dewar\Application Data\skype.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
C:\WINDOWS\system32\mib.bin moved successfully.
C:\WINDOWS\system32\perfd009.dat moved successfully.
C:\WINDOWS\system32\secupd.dat moved successfully.
C:\WINDOWS\system32\oembios.dat moved successfully.
C:\WINDOWS\ANTIV.INI moved successfully.
C:\WINDOWS\system32\Dcache.bin moved successfully.
C:\WINDOWS\system32\noise.dat moved successfully.
C:\WINDOWS\ALaunch.ini moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 03172013_003057

(2)
========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint]> in the current context!
========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ deleted successfully.
C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk moved successfully.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.pad moved successfully.
C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.js moved successfully.
File C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk not found.
C:\Documents and Settings\All Users\Application Data\188FmQ8 moved successfully.
C:\Documents and Settings\All Users\Application Data\69AB9E7ADF.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\aPH03i moved successfully.
C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\188FmQ8 moved successfully.
C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini moved successfully.
C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\aPH03i moved successfully.
C:\WINDOWS\system32\oembios.bin moved successfully.
C:\WINDOWS\system32\mlang.dat moved successfully.
C:\WINDOWS\ANTIV.EXE moved successfully.
C:\WINDOWS\system32\perfh009.dat moved successfully.
C:\WINDOWS\system32\perfi009.dat moved successfully.
C:\WINDOWS\system32\dssec.dat moved successfully.
C:\Documents and Settings\Peter Dewar\Application Data\skype.dat moved successfully.
C:\WINDOWS\system32\perfc009.dat moved successfully.
C:\WINDOWS\system32\mib.bin moved successfully.
C:\WINDOWS\system32\perfd009.dat moved successfully.
C:\WINDOWS\system32\secupd.dat moved successfully.
C:\WINDOWS\system32\oembios.dat moved successfully.
C:\WINDOWS\ANTIV.INI moved successfully.
C:\WINDOWS\system32\Dcache.bin moved successfully.
C:\WINDOWS\system32\noise.dat moved successfully.
C:\WINDOWS\ALaunch.ini moved successfully.

OTLPE by OldTimer - Version 3.1.48.0 log created on 03172013_003057

Files\Folders moved on Reboot...
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.

Registry entries deleted on Reboot...
  • 0

#28
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
I shut down and ran OTLPE again. It terminated OK leaving the attached file, OTL.txt, on screen, with the "OTL PE Version" control window in place.

OTL logfile created on: 3/17/2013 11:56:30 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 86.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): Reg Error: Value error.

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 26.87 Gb Total Space | 1.59 Gb Free Space | 5.91% Space Free | Partition Type: FAT32
Drive D: | 931.51 Gb Total Space | 884.81 Gb Free Space | 94.99% Space Free | Partition Type: NTFS
Drive E: | 3.94 Gb Total Space | 1.25 Gb Free Space | 31.82% Space Free | Partition Type: FAT32
Drive F: | 23.11 Gb Total Space | 12.54 Gb Free Space | 54.25% Space Free | Partition Type: NTFS
Drive X: | 284.12 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet002

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (MBAMService)
SRV - File not found [Auto] -- -- (MBAMScheduler)
SRV - File not found [On_Demand] -- -- (AntiVirWebService)
SRV - File not found [Auto] -- -- (AntiVirService)
SRV - File not found [Auto] -- -- (AntiVirSchedulerService)
SRV - File not found [Auto] -- -- (AntiVirMailService)
SRV - [2013/03/17 01:22:14 | 000,253,656 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/02/27 08:23:14 | 000,115,608 | ---- | M] (Mozilla Foundation) [On_Demand] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2012/09/05 15:56:44 | 000,234,776 | ---- | M] (McAfee, Inc.) [On_Demand] -- C:\Program Files\McAfee Security Scan\3.0.285\McCHSvc.exe -- (McComponentHostService)
SRV - [2008/04/14 05:41:56 | 000,021,504 | ---- | M] (Microsoft Corporation) [Disabled] -- C:\WINDOWS\ServicePackFiles\i386\hidserv.dll -- (HidServ)
SRV - [2004/08/16 15:17:20 | 001,287,168 | ---- | M] (OSA Technologies Inc.) [On_Demand] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (cpuz134)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - [2012/12/14 16:49:28 | 000,021,104 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2012/12/11 14:24:06 | 000,134,336 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2012/12/11 14:24:06 | 000,083,944 | ---- | M] (Avira Operations GmbH & Co. KG) [File_System | Auto] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2012/11/14 10:56:42 | 000,036,552 | ---- | M] (Avira Operations GmbH & Co. KG) [Kernel | System] -- C:\WINDOWS\system32\drivers\avkmgr.sys -- (avkmgr)
DRV - [2012/10/09 13:09:38 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2011/06/02 11:08:34 | 000,011,336 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/11/11 12:26:02 | 002,216,064 | ---- | M] (Intel® Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\w29n51.sys -- (w29n51) Intel®
DRV - [2009/07/16 09:56:46 | 000,023,832 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvcflt.sys -- (FilterService)
DRV - [2009/07/16 09:56:34 | 006,756,632 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvuvc.sys -- (LVUVC) Logitech QuickCam 3000(UVC)
DRV - [2009/07/16 09:55:02 | 000,265,624 | ---- | M] (Logitech Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\lvrs.sys -- (LVRS)
DRV - [2008/01/25 06:23:48 | 000,009,600 | ---- | M] (Windows ® Codename Longhorn DDK provider) [Kernel | On_Demand] -- C:\Program Files\PC Wizard 2008\pcwiz32.sys -- (cpuz129)
DRV - [2006/12/08 13:57:42 | 012,008,064 | ---- | M] () [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\snp2sxp.sys -- (SNP2STD) USB2.0 PC Camera (SNP2STD)
DRV - [2005/02/20 23:05:46 | 000,036,992 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESD7SK.sys -- (ESDCR)
DRV - [2005/01/25 20:41:50 | 000,330,368 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ESM7SK.sys -- (ESMCR)
DRV - [2005/01/13 14:46:16 | 000,069,632 | ---- | M] () [Kernel | On_Demand] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2005/01/12 19:04:18 | 000,057,984 | ---- | M] (ENE Technology Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\EMS7SK.sys -- (EMSCR)
DRV - [2005/01/03 11:51:22 | 000,078,208 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-shd.sys -- (EpmShd)
DRV - [2004/12/20 00:10:00 | 001,271,463 | ---- | M] (Agere Systems) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/12/06 02:55:20 | 000,126,720 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k) Broadcom NetLink ™
DRV - [2004/12/01 20:40:08 | 002,300,928 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/10/10 21:24:52 | 000,045,056 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2004/07/19 13:10:00 | 000,004,096 | ---- | M] (Acer Value Labs, USA) [Kernel | Auto] -- C:\WINDOWS\system32\drivers\epm-psd.sys -- (EpmPsd)
DRV - [2004/06/16 11:19:58 | 000,046,080 | ---- | M] (SMSC) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smcirda.sys -- (SMCIRDA)
DRV - [2002/04/11 15:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)
DRV - [2002/02/11 13:13:36 | 000,119,536 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680.sys -- (STV680)
DRV - [2002/02/11 13:13:36 | 000,009,024 | ---- | M] (STMicroelectronics ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\stv680m.sys -- (STV680m)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://global.acer.com
IE - HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Local Page =
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page =
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Default_Page_URL =
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main,StartPage = about:blank
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,Default_Search_URL =
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,Search Page =
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\Peter_Dewar_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32_11_6_602_180.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_35: C:\WINDOWS\system32\npdeployJava1.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\plugin2\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.135\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Components: D:\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 19.0\extensions\\Plugins: D:\Mozilla Firefox\plugins


O1 HOSTS File: ([2011/10/14 01:02:08 | 000,437,835 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.0scan.com
O1 - Hosts: 127.0.0.1 0scan.com
O1 - Hosts: 127.0.0.1 1000gratisproben.com
O1 - Hosts: 127.0.0.1 www.1000gratisproben.com
O1 - Hosts: 127.0.0.1 1001namen.com
O1 - Hosts: 127.0.0.1 www.1001namen.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 www.1-2005-search.com
O1 - Hosts: 127.0.0.1 1-2005-search.com
O1 - Hosts: 15061 more lines...
O2 - BHO: (Java™ Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [avgnt] File not found
O4 - HKLM..\Run: [epm-dm] C:\Acer\ePM\EPM-DM.exe (Acer Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.DOBBIN.003_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Peter_Dewar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Peter_Dewar_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMBalloonTip = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - File not found
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1342118079015 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1342118067796 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-0015-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0035-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_35)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 194.168.4.100 194.168.8.100
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\ACER.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/16 19:31:08 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2010/07/10 00:32:52 | 000,000,000 | RH-D | M] - D:\autorun -- [ NTFS ]
O32 - AutoRun File - [2002/10/16 08:56:50 | 000,000,036 | RH-- | M] () - D:\autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2013/03/17 01:34:53 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2013/03/17 00:31:03 | 002,237,440 | R--- | C] (OldTimer Tools) -- C:\OTLPE.exe
[2013/03/17 00:30:57 | 000,000,000 | ---D | C] -- C:\_OTL
[2013/03/07 00:58:54 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Peter Dewar\IECompatCache
[2013/03/07 00:50:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2013/03/07 00:41:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates
[2013/03/07 00:36:16 | 000,522,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jsdbgui.dll
[2013/03/07 00:35:43 | 000,630,272 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeeds.dll
[2013/03/07 00:35:43 | 000,055,296 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msfeedsbs.dll
[2013/03/07 00:35:41 | 000,743,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iedvtool.dll
[2013/03/07 00:35:40 | 002,004,992 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\iertutil.dll
[2013/03/07 00:35:35 | 011,111,424 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ieframe.dll
[2013/03/06 09:23:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Revo Uninstaller
[2013/03/05 12:38:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Application Data\dll-files.com
[2013/03/05 12:38:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Logs
[2013/03/05 12:38:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dll-Files Fixer
[2013/03/05 12:38:04 | 000,000,000 | ---D | C] -- C:\Program Files\Dll-Files.com Fixer
[2013/03/03 02:52:57 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Peter Dewar\Recent
[2013/02/16 17:40:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Peter Dewar\Desktop\Copy of Adobe
[2011/09/20 07:00:38 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\csnp2std.dll
[2011/09/18 18:32:10 | 015,199,352 | ---- | C] (W3i, LLC) -- C:\Documents and Settings\Peter Dewar\7zipfree_8675.exe
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2013/03/17 01:39:48 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2013/03/17 01:35:58 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2013/03/17 01:35:02 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2013/03/17 01:29:52 | 2138,554,368 | -HS- | M] () -- C:\hiberfil.sys
[2013/03/17 01:26:32 | 000,001,230 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2013/03/17 01:22:16 | 000,000,830 | ---- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2013/03/17 01:22:14 | 000,693,976 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2013/03/17 01:22:14 | 000,073,432 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2013/03/17 00:33:48 | 000,005,208 | ---- | M] () -- C:\WINDOWS\System32\pid.PNF
[2013/03/10 01:16:10 | 000,000,892 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2013/03/10 01:16:02 | 000,000,482 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/10 01:16:02 | 000,000,478 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Privacy Controls Startup.job
[2013/03/10 01:16:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2013/03/10 01:16:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\tasks\spmonitor.job
[2013/03/09 18:00:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2013/03/09 01:50:00 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files02.fnd
[2013/03/08 16:34:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2013/03/08 14:14:22 | 000,000,164 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files01.fnd
[2013/03/08 10:15:34 | 000,000,492 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\spider.sav
[2013/03/07 19:54:16 | 000,000,140 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Altavista.url
[2013/03/07 11:33:36 | 000,000,184 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Skyview help.url
[2013/03/07 00:58:42 | 000,000,575 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\IE8.lnk
[2013/03/06 14:59:56 | 000,000,689 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
[2013/03/06 14:59:56 | 000,000,671 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dll-Files Fixer.lnk
[2013/03/06 13:36:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/03/06 09:28:46 | 000,000,729 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/06 09:28:46 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2013/03/05 12:41:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013/03/05 12:38:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Dll-Files Fixer
[2013/03/03 10:02:32 | 000,211,288 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/03 02:53:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\tasks\Driver Robot.job
[2013/03/01 23:11:40 | 000,114,220 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\bumsite.jpg
[2013/03/01 21:24:12 | 000,000,135 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Lordoxford blog.url
[2013/03/01 16:54:26 | 000,000,190 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\UK Pressure.url
[2013/03/01 15:52:28 | 001,474,410 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\Blog_Publishing.pdf
[2013/03/01 15:48:52 | 000,000,151 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Blog01.url
[2013/03/01 13:02:50 | 000,000,114 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Desktop\Meritline.url
[2013/03/01 02:33:08 | 006,011,392 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2013/02/25 15:37:24 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2013/02/25 11:43:50 | 000,408,683 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\Metal Detector-555.rtf
[2013/02/16 19:05:48 | 000,013,243 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.pdf
[2013/02/16 18:00:42 | 000,013,015 | ---- | M] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.odg
[8 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2013/03/17 01:29:51 | 2138,554,368 | -HS- | C] () -- C:\hiberfil.sys
[2013/03/17 00:33:46 | 000,005,208 | ---- | C] () -- C:\WINDOWS\System32\pid.PNF
[2013/03/09 01:49:59 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files02.fnd
[2013/03/08 14:14:20 | 000,000,164 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\All Files01.fnd
[2013/03/07 11:26:19 | 000,000,184 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Skyview help.url
[2013/03/07 00:58:41 | 000,000,575 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\IE8.lnk
[2013/03/06 20:06:17 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2013/03/06 09:28:47 | 000,000,268 | ---- | C] () -- C:\WINDOWS\tasks\spmonitor.job
[2013/03/06 09:28:47 | 000,000,258 | ---- | C] () -- C:\WINDOWS\tasks\SpeedUpMyPC.job
[2013/03/06 09:28:45 | 000,000,729 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\SpeedUpMyPC.lnk
[2013/03/06 09:28:45 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SpeedUpMyPC.lnk
[2013/03/05 12:38:28 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_Updates.job
[2013/03/05 12:38:27 | 000,000,276 | ---- | C] () -- C:\WINDOWS\tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/03/05 12:38:06 | 000,000,689 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Microsoft\Internet Explorer\Quick Launch\Dll-Files Fixer.lnk
[2013/03/05 12:38:06 | 000,000,671 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dll-Files Fixer.lnk
[2013/03/03 10:02:31 | 000,211,288 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2013/03/01 23:25:10 | 000,114,220 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\bumsite.jpg
[2013/03/01 21:15:51 | 000,000,135 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Lordoxford blog.url
[2013/03/01 16:54:12 | 000,000,190 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\UK Pressure.url
[2013/03/01 15:52:25 | 001,474,410 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\Blog_Publishing.pdf
[2013/03/01 15:48:40 | 000,000,151 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Blog01.url
[2013/03/01 13:02:40 | 000,000,114 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Desktop\Meritline.url
[2013/02/25 15:37:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2013/02/25 11:43:48 | 000,408,683 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\Metal Detector-555.rtf
[2013/02/16 19:05:46 | 000,013,243 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.pdf
[2013/02/16 17:59:56 | 000,013,015 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Documents\ClockFace.odg
[2013/02/05 13:02:52 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2013/01/12 01:59:51 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\WBCustomizer.dll
[2013/01/10 02:09:43 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2012/12/27 02:00:01 | 000,000,538 | ---- | C] () -- C:\WINDOWS\xxclone.ini
[2012/12/22 12:58:03 | 000,645,632 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2012/12/22 12:58:03 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2012/08/25 09:18:26 | 000,000,167 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\udownload.dat
[2012/08/21 21:28:31 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2012/07/13 00:35:45 | 000,160,301 | ---- | C] () -- C:\WINDOWS\hphins26.dat
[2012/07/13 00:35:45 | 000,000,787 | ---- | C] () -- C:\WINDOWS\hphmdl26.dat
[2012/04/14 10:17:39 | 000,286,209 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\PCCleanerpro Scam2.jpg
[2012/04/14 10:14:40 | 000,233,180 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\PCCleanerpro Scam.jpg
[2012/03/23 15:01:25 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\QTUninst.dll
[2012/03/23 15:01:02 | 000,035,332 | ---- | C] () -- C:\WINDOWS\uninst.exe
[2012/03/23 15:00:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2012/03/23 14:59:39 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2012/03/23 12:24:41 | 000,112,540 | ---- | C] () -- C:\WINDOWS\restart.exe
[2012/02/15 22:09:23 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/01/31 14:18:04 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2012/01/17 17:54:45 | 000,048,536 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/12/07 21:31:17 | 000,000,054 | ---- | C] () -- C:\WINDOWS\Player.INI
[2011/10/11 22:16:22 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/09/20 10:43:26 | 000,000,703 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2011/09/20 07:00:39 | 012,008,064 | ---- | C] () -- C:\WINDOWS\System32\drivers\snp2sxp.sys
[2011/09/20 07:00:39 | 000,025,344 | ---- | C] () -- C:\WINDOWS\System32\drivers\sncamd.sys
[2011/09/20 07:00:39 | 000,015,497 | ---- | C] () -- C:\WINDOWS\snp2std.ini
[2011/09/20 01:25:59 | 000,082,289 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2011/09/18 18:41:14 | 000,003,140 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2011/09/18 18:39:54 | 000,001,359 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2011/09/18 18:30:24 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\BS.Player FREE.lnk
[2011/09/18 18:30:07 | 000,000,414 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\PC Tune-Up.lnk
[2011/09/18 18:30:03 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\RealPlayer.lnk
[2011/09/18 18:30:02 | 000,000,855 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Spybot - Search & Destroy.lnk
[2011/09/18 18:29:57 | 000,001,496 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Yahoo! Player.lnk
[2011/09/18 18:29:48 | 000,000,705 | ---- | C] () -- C:\Documents and Settings\Peter Dewar\Application Data\Launch Internet Explorer Browser.lnk
[2011/09/18 08:32:55 | 000,001,080 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2011/06/24 12:38:34 | 000,353,280 | ---- | C] () -- C:\WINDOWS\System32\pythoncom27.dll
[2011/06/24 12:38:34 | 000,109,568 | ---- | C] () -- C:\WINDOWS\System32\pywintypes27.dll
[2005/06/06 03:04:15 | 000,000,194 | ---- | C] () -- C:\WINDOWS\JohnCast.ini
[2005/03/16 19:54:00 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/16 19:45:57 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/16 19:45:56 | 000,000,328 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/16 19:45:56 | 000,000,225 | ---- | C] () -- C:\WINDOWS\FlashSaver.dat
[2005/03/16 19:43:35 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/03/16 19:31:32 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/16 19:30:35 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/16 19:19:41 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/16 19:19:38 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/16 19:19:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2005/03/16 19:19:37 | 000,001,048 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxinit.dat
[2005/03/16 19:19:37 | 000,000,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\alcxhweq.dat
[2005/03/16 19:16:22 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/16 19:16:21 | 000,032,768 | ---- | C] () -- C:\WINDOWS\AMOVE.EXE
[2005/03/16 19:15:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/03/16 19:09:28 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/03/16 19:02:53 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[2000/05/20 17:23:48 | 000,086,016 | ---- | C] () -- C:\WINDOWS\StartupMonitor.exe

========== LOP Check ==========

[2012/04/06 17:41:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SurfAnonymousFree
[2012/10/09 16:24:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Opera
[2009/10/18 03:10:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\NCode
[2008/09/23 03:43:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Moyea
[2010/01/21 10:19:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Modartt
[2009/06/13 19:01:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\LimeWire
[2009/03/08 12:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\InterTrust
[2010/02/13 12:18:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\IcoFX
[2008/09/27 09:04:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Free Download Manager
[2011/02/23 22:38:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Free AVI MPEG WMV MP4 FLV Video Joiner
[2008/11/30 07:37:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\WebEx
[2009/02/23 11:55:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\URSoft
[2008/10/17 00:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Uniblue
[2010/12/17 19:20:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Toolbar4
[2009/07/02 14:29:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Steinberg
[2009/02/26 12:33:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\SpinTop
[2008/09/27 18:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Software Informer
[2010/12/18 17:13:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Serif
[2010/10/06 15:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Remote Share
[2009/11/01 07:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\r2 Studios
[2009/11/30 19:33:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\PCPitstop
[2010/09/15 14:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\OutlookSync
[2010/09/15 14:12:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\OTi
[2009/09/04 08:38:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Opera
[2010/10/22 09:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Foxit
[2010/09/15 14:17:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\FolderSync
[2008/02/14 07:02:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\DNA
[2009/06/23 09:11:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/06/02 15:05:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Canon
[2010/09/15 23:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Canneverbe Limited
[2008/02/14 07:03:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\BitTorrent
[2010/10/22 09:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Foxit Software
[2011/09/27 16:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\ParetoLogic
[2011/09/27 16:53:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\DriverCure
[2011/12/22 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\SurfAnonymousFree
[2012/04/14 09:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\PCPro
[2012/05/29 01:26:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Docx2Rtf
[2012/05/29 01:28:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\NwDocx
[2012/07/20 23:10:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\XnView
[2012/08/17 22:55:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\IObit
[2012/10/04 23:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\Partmap
[2012/11/17 17:56:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\ICAClient
[2012/11/22 16:55:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\SystemRequirementsLab
[2013/01/15 16:48:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\XYplorer
[2013/03/05 12:38:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Peter Dewar\Application Data\dll-files.com
[2008/09/19 01:45:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2009/10/18 03:10:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B9F9E1D5-C790-4BF3-916E-3090346AFDEB}
[2010/07/02 20:19:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{74D08EB8-01D1-4BAE-91E3-F30C1B031AC6}
[2010/07/14 23:59:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{65893B95-F47B-4483-B883-86BA181E9B54}
[2008/10/07 19:04:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winferno
[2010/02/10 17:44:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2008/09/04 03:54:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/07 09:39:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SystemExplorer
[2011/03/15 16:11:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2010/12/17 21:40:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Speedbit
[2008/11/05 01:36:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\RFA_Backups
[2009/11/30 16:51:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2008/09/22 14:29:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/01/09 20:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2007/05/17 08:27:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2008/09/10 12:58:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeDownloadManager.ORG
[2010/09/15 23:18:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/07/07 23:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Bluetooth
[2010/08/08 10:35:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2009/11/01 07:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\r2 Studios
[2011/09/27 16:53:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/12/22 18:11:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SurfAnonymousFree
[2012/04/14 09:38:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC1Data
[2012/07/22 13:26:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\6F638BFE1EDB7ABB004601467B07D329
[2012/10/04 23:18:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DesignSpark PCB
[2012/11/17 17:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SolarWinds
[2013/01/09 01:27:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\321399286846180E00003213671B1E2B
[2013/01/12 01:54:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Avanquest Software Publishing Ltd
[2013/02/15 20:15:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2013/03/05 12:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Logs
[2012/12/15 03:12:34 | 000,000,430 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3.job
[2013/03/09 18:00:02 | 000,000,456 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Registration3.job
[2013/01/25 03:02:02 | 000,000,458 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Privacy Controls_{528A8AB6-D399-11E1-85A5-0012F03C5722}.job
[2013/03/10 01:16:02 | 000,000,482 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Update Version3 Startup Task.job
[2013/03/10 01:16:02 | 000,000,478 | ---- | M] () -- C:\WINDOWS\Tasks\ParetoLogic Privacy Controls Startup.job
[2013/03/03 02:53:00 | 000,000,354 | ---- | M] () -- C:\WINDOWS\Tasks\Driver Robot.job
[2013/03/06 13:36:20 | 000,000,276 | ---- | M] () -- C:\WINDOWS\Tasks\DLL-Files.Com Fixer_MONTHLY.job
[2013/03/05 12:41:30 | 000,000,292 | ---- | M] () -- C:\WINDOWS\Tasks\DLL-Files.Com Fixer_Updates.job
[2013/03/10 01:16:02 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\SpeedUpMyPC.job
[2013/03/10 01:16:00 | 000,000,268 | ---- | M] () -- C:\WINDOWS\Tasks\spmonitor.job

========== Purity Check ==========


< End of report >
  • 0

#29
lordoxford

lordoxford

    Member

  • Topic Starter
  • Member
  • PipPip
  • 64 posts
Hi,
I ran another "Fixit" and two files appeared in ._OTL.

(After the fix an attempt to run produced the "This
copy of windows must be activated with Microsoft . ."
message again!)

The files are:

========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint]> in the current context!
========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
File move failed. C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk scheduled to be moved on reboot.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.pad not found.
File C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.js not found.
File C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\Documents and Settings\All Users\Application Data\188FmQ8 not found.
File C:\Documents and Settings\All Users\Application Data\69AB9E7ADF.sys not found.
File C:\Documents and Settings\All Users\Application Data\aPH03i not found.
File C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\188FmQ8 not found.
File C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
File C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\aPH03i not found.
File C:\WINDOWS\System32\oembios.bin not found.
File C:\WINDOWS\System32\mlang.dat not found.
File C:\WINDOWS\ANTIV.EXE not found.
File C:\WINDOWS\System32\perfh009.dat not found.
File C:\WINDOWS\System32\perfi009.dat not found.
File C:\WINDOWS\System32\dssec.dat not found.
File C:\Documents and Settings\Peter Dewar\Application Data\skype.dat not found.
File C:\WINDOWS\System32\perfc009.dat not found.
File C:\WINDOWS\System32\mib.bin not found.
File C:\WINDOWS\System32\perfd009.dat not found.
File C:\WINDOWS\System32\secupd.dat not found.
File C:\WINDOWS\System32\oembios.dat not found.
File C:\WINDOWS\ANTIV.INI not found.
File C:\WINDOWS\System32\Dcache.bin not found.
File C:\WINDOWS\System32\noise.dat not found.
File C:\WINDOWS\ALaunch.ini not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 03182013_160646

***************************** AND **************************

========== COMMANDS ==========
Error: Unable to interpret <[createrestorepoint]> in the current context!
========== OTL ==========
HKLM\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Administrator.DOBBIN.003_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Local Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Main\\Start Default_Page_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\Search Page| /E : value set successfully!
HKU\Peter_Dewar_ON_C\Software\Microsoft\Internet Explorer\Search\\SearchAssistant| /E : value set successfully!
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{ae07101b-46d4-4a98-af68-0333ea26e113} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ae07101b-46d4-4a98-af68-0333ea26e113}\ not found.
File move failed. C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk scheduled to be moved on reboot.
File move failed. X:\I386\SYSTEM32\RUNDLL32.EXE scheduled to be moved on reboot.
File move failed. X:\AUTORUN.INF scheduled to be moved on reboot.
File C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.pad not found.
File C:\Documents and Settings\All Users\Application Data\rgbrgebrbewg.js not found.
File C:\Documents and Settings\Peter Dewar\Start Menu\Programs\Startup\runctf.lnk not found.
File C:\Documents and Settings\All Users\Application Data\188FmQ8 not found.
File C:\Documents and Settings\All Users\Application Data\69AB9E7ADF.sys not found.
File C:\Documents and Settings\All Users\Application Data\aPH03i not found.
File C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\188FmQ8 not found.
File C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini not found.
File C:\Documents and Settings\Peter Dewar\Local Settings\Application Data\aPH03i not found.
File C:\WINDOWS\System32\oembios.bin not found.
File C:\WINDOWS\System32\mlang.dat not found.
File C:\WINDOWS\ANTIV.EXE not found.
File C:\WINDOWS\System32\perfh009.dat not found.
File C:\WINDOWS\System32\perfi009.dat not found.
File C:\WINDOWS\System32\dssec.dat not found.
File C:\Documents and Settings\Peter Dewar\Application Data\skype.dat not found.
File C:\WINDOWS\System32\perfc009.dat not found.
File C:\WINDOWS\System32\mib.bin not found.
File C:\WINDOWS\System32\perfd009.dat not found.
File C:\WINDOWS\System32\secupd.dat not found.
File C:\WINDOWS\System32\oembios.dat not found.
File C:\WINDOWS\ANTIV.INI not found.
File C:\WINDOWS\System32\Dcache.bin not found.
File C:\WINDOWS\System32\noise.dat not found.
File C:\WINDOWS\ALaunch.ini not found.

OTLPE by OldTimer - Version 3.1.48.0 log created on 03182013_160503
  • 0

#30
Buddierdl

Buddierdl

    Trusted Helper

  • Malware Removal
  • 2,524 posts
No need to run that fix anymore. I need to look over the fresh log you provided and will get back to you as soon as I can.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP