Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Virus on Compaq Presario laptop! Windows police pro, windows smart

Started by wicked_princess , Oct 08 2009 03:53 PM

This topic is locked

#1
wicked_princess

Posted 08 October 2009 - 03:53 PM

Member

Member
17 posts

Will not let me download any antivirus. Will not let anything open in regular mode, computer must be run in safe mode with networking. Will not let me into reg edit. Says MBAM file is corrupted. In safe mode with networking, only internet and few other things will open. Norton will not run.

OTL logfile created on: 10/8/2009 5:47:45 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Administrator\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 68.16% Memory free
2.69 Gb Paging File | 2.47 Gb Available in Paging File | 91.72% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 44.15 Gb Free Space | 59.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-0C26778AEB
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2008/04/13 20:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/03/08 14:09:26 | 00,638,816 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/10/08 17:47:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/04/13 20:11:48 | 00,100,352 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\6to4svc.dll -- (6to4 [Auto | Stopped])
SRV - File not found -- -- (AntiPol [Auto | Stopped])
SRV - [2009/03/06 00:04:30 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Stopped])
SRV - [2008/07/25 12:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2004/08/04 08:00:00 | 00,045,568 | ---- | M] (X-Ways Software Technology) -- C:\WINDOWS\System32\BtwSrv.dll -- (BtwSrv [Auto | Stopped])
SRV - [2009/10/08 02:35:02 | 00,214,256 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\ccprovsp.exe -- (CaCCProvSP [On_Demand | Stopped])
SRV - [2008/07/25 12:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/08/04 08:00:00 | 00,094,208 | ---- | M] (Sigma Designs Inc) -- C:\WINDOWS\System32\FastNetSrv.exe -- (fastnetsrv [Auto | Stopped])
SRV - File not found -- -- (FlexService [Auto | Stopped])
SRV - [2008/07/29 22:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2008/04/13 20:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2005/03/04 13:16:18 | 00,098,304 | R--- | M] (Hewlett-Packard Development Company, L.P.) -- C:\Program Files\HPQ\shared\hpqwmi.exe -- (hpqwmi [On_Demand | Stopped])
SRV - [2008/04/13 20:11:56 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\Iasv32.dll -- (Ias [Auto | Stopped])
SRV - [2005/04/04 01:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT [On_Demand | Stopped])
SRV - [2008/07/29 20:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2007/01/04 13:10:22 | 00,280,080 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\SharedComponents\PPRT\bin\ITMRTSVC.exe -- (ITMRTSVC [Auto | Stopped])
SRV - [2009/03/10 17:09:56 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Stopped])
SRV - [2009/09/10 14:54:02 | 00,269,648 | ---- | M] () -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService [Auto | Stopped])
SRV - [2008/07/29 20:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2009/07/13 23:18:12 | 00,071,096 | ---- | M] () -- C:\Program Files\CDBurnerXP\NMSAccessU.exe -- (NMSAccessU [Auto | Stopped])
SRV - [2009/10/03 00:14:08 | 00,115,560 | R--- | M] () -- C:\Program Files\Norton AntiVirus\Engine\16.5.0.134\ccSvcHst.exe -- (Norton AntiVirus [Auto | Stopped])
SRV - [2004/08/04 08:00:00 | 00,066,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\ipxsap.dll -- (NwSapAgent [Auto | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/29 13:14:36 | 00,069,632 | ---- | M] (HP) -- C:\WINDOWS\System32\HPZipm12.exe -- (Pml Driver HPZ12 [Auto | Stopped])
SRV - [2007/08/16 22:10:16 | 00,189,704 | ---- | M] (CA, Inc.) -- C:\Program Files\CA\CA Internet Security Suite\CA Anti-Spyware\PPCtlPriv.exe -- (PPCtlPriv [On_Demand | Stopped])
SRV - [2009/08/02 20:06:23 | 01,245,064 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC [On_Demand | Stopped])
SRV - [2007/10/18 11:24:46 | 01,010,192 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxAgent.exe -- (UmxAgent [Auto | Stopped])
SRV - [2007/10/18 11:24:46 | 00,801,296 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxCfg.exe -- (UmxCfg [Auto | Stopped])
SRV - [2007/10/18 11:24:44 | 00,145,936 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxFwHlp.exe -- (UmxFwHlp [Auto | Stopped])
SRV - [2008/06/24 20:10:30 | 00,281,104 | ---- | M] (CA) -- C:\Program Files\CA\SharedComponents\HIPSEngine\UmxPol.exe -- (UmxPol [Auto | Stopped])
SRV - [2006/10/18 21:05:24 | 00,913,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc [Auto | Stopped])

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = http://news.yahoo.com/ [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://toolbar.inbox...aspx?tbid=80113
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://toolbar.ask.c...c...amp;gc=1&q=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =

IE - HKU\.DEFAULT\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-18\..\URLSearchHook: {EEE6C35D-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

IE - HKU\S-1-5-21-1606980848-1326574676-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKU\S-1-5-21-1606980848-1326574676-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1606980848-1326574676-725345543-500\S-1-5-21-1606980848-1326574676-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/10 17:09:58 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/04 03:09:09 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\qapzyh3p.dll) - {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\System32\qapzyh3p.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [cafwc] C:\Program Files\CA\CA Internet Security Suite\CA Personal Firewall\cafw.exe (CA, Inc.)
O4 - HKLM..\Run: [HPZMonitorBootKey] C:\Documents and Settings\Administrator\hpmonZ.exe (Hewlett-Packard Company)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [wikarazuy] C:\WINDOWS\System32\timarare.DLL ()
O4 - HKU\.DEFAULT..\Run: [Login Software 2009] C:\WINDOWS\TEMP\zqt829a.exe File not found
O4 - HKU\.DEFAULT..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\WINDOWS\TEMP\smss.exe ()
O4 - HKU\S-1-5-18..\Run: [Login Software 2009] C:\WINDOWS\TEMP\zqt829a.exe File not found
O4 - HKU\S-1-5-18..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\WINDOWS\TEMP\smss.exe ()
O4 - HKLM..\RunOnce: [ccube_TrustList] C:\Program Files\CA\CA Internet Security Suite\caunst.exe (Computer Associates International, Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-1606980848-1326574676-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1606980848-1326574676-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKU\S-1-5-21-1606980848-1326574676-725345543-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-1606980848-1326574676-725345543-500\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.h...DataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1006.cab (MySpace Uploader Control)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://download.divx...owserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1233256777703 (MUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {9C23D886-43CB-43DE-B2DB-112A68D7E10A} http://lads.myspace....ceUploader2.cab (MySpace Uploader Control)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_02)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_12)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.m...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\TEMP\13046xxx.dll) - C:\WINDOWS\TEMP\13046xxx.dll ()
O20 - AppInit_DLLs: (yanohide.dll) - C:\WINDOWS\System32\yanohide.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\timarare.dll) - C:\WINDOWS\System32\timarare.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (rundll32.exe) - File not found
O20 - HKLM Winlogon: Shell - (tftp.nfo) - C:\WINDOWS\System32\tftp.nfo ()
O20 - HKLM Winlogon: Shell - (beforegllav) - File not found
O20 - Winlogon\Notify\AtiExtEvent: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWnp.Dll (CA)
O21 - SSODL: vitozizis - {c2107387-9579-4579-89b8-f2d469c517bd} - C:\WINDOWS\System32\timarare.dll ()
O22 - SharedTaskScheduler: {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - iukjsf8w3jirojs9f8u3jruhsf78s3jijdif - C:\WINDOWS\System32\qapzyh3p.dll ()
O22 - SharedTaskScheduler: {c2107387-9579-4579-89b8-f2d469c517bd} - gahurihor - C:\WINDOWS\System32\timarare.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/12/14 17:51:51 | 00,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found
O35 - comfile [open] -- "%1" %* File not found
O35 - exefile [open] -- C:\WINDOWS\system32\pump.exe "%1" %* ()

NetSvcs: BtwSrv - C:\WINDOWS\System32\BtwSrv.dll (X-Ways Software Technology)
NetSvcs: 6to4 - C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
NetSvcs: Ias - C:\WINDOWS\System32\Iasv32.dll ()
NetSvcs: Iprip - Service key not found. File not found
NetSvcs: Irmon - Service key not found. File not found
NetSvcs: NWCWorkstation - Service key not found. File not found
NetSvcs: Nwsapagent - C:\WINDOWS\System32\ipxsap.dll (Microsoft Corporation)
NetSvcs: Wmi - C:\WINDOWS\System32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - Service key not found. File not found
NetSvcs: helpsvc - C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)

========== Files/Folders - Created Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/08 01:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\11175784
[2009/09/29 20:04:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2009/10/01 01:51:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2009/10/03 04:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/10/01 01:34:13 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PC Tools
[2009/09/30 21:14:10 | 00,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/04 21:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\3814661862
[2009/09/30 21:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2009/10/03 00:43:14 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2009/10/03 00:52:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2009/09/30 21:58:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/09/30 21:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2009/09/30 21:14:10 | 00,000,000 | --SD | C] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/10/02 21:10:31 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PC Tools
[2009/10/02 23:39:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/10/02 23:13:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\vlc
[2009/10/03 03:44:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2009/09/30 21:58:15 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/10/03 00:52:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\WinRAR
[2009/09/30 21:14:10 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data
[2009/10/02 22:52:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Adobe
[2009/10/03 04:48:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\JollyBear
[2009/09/30 21:14:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft
[2009/10/03 00:22:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Symantec
[2009/10/01 01:34:23 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\PC Tools
[2009/09/25 10:32:03 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/09/29 20:04:30 | 00,000,000 | ---D | C] -- C:\Program Files\Brainiversity 2
[2009/10/08 17:44:21 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/10/01 01:51:18 | 00,000,000 | ---D | C] -- C:\Program Files\Google
[2009/09/29 21:09:54 | 00,000,000 | ---D | C] -- C:\Program Files\Jolly Bear Games
[2009/09/30 21:49:07 | 00,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2009/10/03 00:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2009/10/03 00:23:36 | 00,000,000 | R--D | C] -- C:\Program Files\Norton Support
[2009/10/03 00:12:17 | 00,000,000 | ---D | C] -- C:\Program Files\NortonInstaller
[2009/10/01 01:34:13 | 00,000,000 | ---D | C] -- C:\Program Files\PC Tools AntiVirus
[2009/10/03 00:14:35 | 00,000,000 | ---D | C] -- C:\Program Files\Symantec
[2009/10/03 00:13:43 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Sidebar
[2009/10/08 17:47:13 | 00,520,704 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\OTL.exe
[2009/10/08 17:45:01 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/10/08 02:16:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/10/08 02:12:23 | 00,664,064 | ---- | C] (ASC - AntiSpyware) -- C:\WINDOWS\System32\plugie.dll
[2009/10/03 16:58:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\ConvertXtoDVD
[2009/10/03 03:44:53 | 00,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2009/10/03 03:44:53 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PcSetup
[2009/10/03 00:44:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2009/10/03 00:14:47 | 00,036,400 | R--- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/10/03 00:14:37 | 00,124,464 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/03 00:14:37 | 00,060,808 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/03 00:14:11 | 00,310,320 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys
[2009/10/03 00:14:11 | 00,307,760 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys
[2009/10/03 00:14:11 | 00,217,392 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys
[2009/10/03 00:14:11 | 00,089,776 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys
[2009/10/03 00:14:11 | 00,043,696 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys
[2009/10/03 00:14:11 | 00,039,984 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys
[2009/10/03 00:14:11 | 00,037,296 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys
[2009/10/03 00:14:11 | 00,034,736 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys
[2009/10/03 00:14:10 | 00,482,352 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/10/03 00:14:10 | 00,258,608 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys
[2009/10/03 00:13:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV\1005000.086
[2009/10/03 00:13:46 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\NAV
[2009/10/02 23:09:41 | 00,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2009/10/01 01:34:41 | 00,206,256 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2009/10/01 01:34:41 | 00,086,888 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2009/10/01 01:34:23 | 00,028,560 | ---- | C] (PC Tools Research Pty Ltd.) -- C:\WINDOWS\System32\drivers\AVHook.sys
[2009/10/01 01:34:23 | 00,021,904 | ---- | C] (PC Tools Research Pty Ltd) -- C:\WINDOWS\System32\drivers\AVFilter.sys
[2009/10/01 01:34:23 | 00,021,904 | ---- | C] (PC Tools Research Pty Ltd ) -- C:\WINDOWS\System32\drivers\AVRec.sys

========== Files - Modified Within 14 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[6 C:\WINDOWS\*.tmp files]
[2009/10/08 17:48:48 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fitiwemo
[2009/10/08 17:47:17 | 00,520,704 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\OTL.exe
[2009/10/08 17:44:25 | 00,000,767 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/08 17:32:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/08 17:32:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/08 17:19:47 | 00,001,176 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2009/10/08 17:18:41 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/10/08 15:39:44 | 01,011,340 | -HS- | M] () -- C:\WINDOWS\System32\zodabuma.exe
[2009/10/08 02:37:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/10/08 02:35:48 | 03,184,656 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/10/08 02:18:54 | 00,550,400 | ---- | M] () -- C:\WINDOWS\System32\pump.exe
[2009/10/08 02:18:52 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wf4.dat
[2009/10/08 02:18:52 | 00,000,003 | ---- | M] () -- C:\WINDOWS\wf3.dat
[2009/10/08 02:16:24 | 00,131,731 | ---- | M] () -- C:\WINDOWS\System32\dbsinit.exe
[2009/10/08 02:12:23 | 00,664,064 | ---- | M] (ASC - AntiSpyware) -- C:\WINDOWS\System32\plugie.dll
[2009/10/08 02:12:23 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\nuar.old
[2009/10/08 02:12:22 | 00,000,030 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/08 02:00:00 | 00,000,300 | -H-- | M] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/08 01:56:51 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\t1p0_392358343424.b1k
[2009/10/08 00:58:02 | 00,169,984 | ---- | M] () -- C:\WINDOWS\mse.exe
[2009/10/07 08:27:15 | 00,022,167 | -HS- | M] () -- C:\WINDOWS\System32\fulorepi.dll
[2009/10/07 08:25:41 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\pozogere.dll
[2009/10/06 21:57:01 | 00,158,208 | ---- | M] () -- C:\WINDOWS\msd.exe
[2009/10/06 20:23:35 | 00,169,472 | -HS- | M] () -- C:\WINDOWS\System32\timarare.dll
[2009/10/06 20:23:34 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\firewege.dll
[2009/10/06 06:30:05 | 00,002,701 | -HS- | M] () -- C:\WINDOWS\System32\fezijepa.dll
[2009/10/06 06:26:44 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\vejasoso.dll
[2009/10/05 15:21:55 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\josudita.exe
[2009/10/04 21:23:08 | 00,166,400 | ---- | M] () -- C:\WINDOWS\msc.exe
[2009/10/04 21:21:55 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\pegoyoja.exe
[2009/10/04 21:21:46 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\kowajovu.dll
[2009/10/04 00:14:26 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\tajojeti.exe
[2009/10/04 00:14:17 | 00,169,472 | -HS- | M] () -- C:\WINDOWS\System32\jonotama.dll
[2009/10/04 00:14:15 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\musotiga.dll
[2009/10/03 15:28:27 | 00,000,416 | ---- | M] () -- C:\WINDOWS\tasks\PCConfidential.job
[2009/10/03 15:26:45 | 00,635,858 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/10/03 12:13:28 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vejorafa.exe
[2009/10/03 04:47:41 | 00,001,987 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Age Of Oracles-Tara's Journey.lnk
[2009/10/03 03:51:44 | 00,000,766 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CleanMyPC - Registry Cleaner.lnk
[2009/10/03 03:44:54 | 00,087,608 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2009/10/03 03:44:54 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\drivers\pcouffin.sys
[2009/10/03 03:44:54 | 00,047,360 | ---- | M] (VSO Software) -- C:\Documents and Settings\Administrator\Application Data\pcouffin.sys
[2009/10/03 03:44:54 | 00,007,887 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009/10/03 03:44:53 | 00,001,144 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009/10/03 03:44:42 | 00,000,827 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ConvertXtoDvd 3.lnk
[2009/10/03 00:14:35 | 00,124,464 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SYMEVENT.SYS
[2009/10/03 00:14:35 | 00,060,808 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\S32EVNT1.DLL
[2009/10/03 00:14:35 | 00,007,386 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/03 00:14:35 | 00,000,805 | ---- | M] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/03 00:14:12 | 00,001,896 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/10/03 00:14:11 | 00,310,320 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.sys
[2009/10/03 00:14:11 | 00,307,760 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.sys
[2009/10/03 00:14:11 | 00,217,392 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symtdi.sys
[2009/10/03 00:14:11 | 00,089,776 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symfw.sys
[2009/10/03 00:14:11 | 00,043,696 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.sys
[2009/10/03 00:14:11 | 00,039,984 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndisv.sys
[2009/10/03 00:14:11 | 00,037,296 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symndis.sys
[2009/10/03 00:14:11 | 00,036,400 | R--- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\SymIM.sys
[2009/10/03 00:14:11 | 00,034,736 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\symids.sys
[2009/10/03 00:14:10 | 00,482,352 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\cchpx86.sys
[2009/10/03 00:14:10 | 00,258,608 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.sys
[2009/10/03 00:13:59 | 00,000,172 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/10/03 00:13:58 | 00,003,373 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf
[2009/10/03 00:13:58 | 00,001,753 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf
[2009/10/03 00:13:58 | 00,001,528 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf
[2009/10/03 00:13:58 | 00,001,389 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf
[2009/10/03 00:13:58 | 00,001,383 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf
[2009/10/03 00:13:58 | 00,000,640 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf
[2009/10/03 00:13:46 | 00,009,423 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat
[2009/10/03 00:13:46 | 00,007,410 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat
[2009/10/03 00:13:46 | 00,007,372 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat
[2009/10/03 00:13:46 | 00,007,364 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT
[2009/10/03 00:13:46 | 00,007,355 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat
[2009/10/03 00:13:46 | 00,007,347 | ---- | M] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat
[2009/10/02 21:11:57 | 00,080,048 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/02 18:11:43 | 00,194,056 | -HS- | M] () -- C:\WINDOWS\System32\lutovute.exe
[2009/10/02 18:11:43 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\vavosiwo.dll
[2009/10/01 23:11:06 | 00,158,208 | ---- | M] () -- C:\WINDOWS\msb.exe
[2009/10/01 23:04:20 | 01,047,588 | -HS- | M] () -- C:\WINDOWS\System32\lapomefe.exe
[2009/10/01 23:04:12 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\domohodu.dll
[2009/10/01 11:10:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/10/01 10:10:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/10/01 09:10:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/10/01 08:10:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/10/01 08:10:22 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/01 08:10:11 | 00,169,472 | -HS- | M] () -- C:\WINDOWS\System32\sateveme.dll
[2009/10/01 08:10:10 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\petolahu.dll
[2009/10/01 01:34:23 | 00,000,661 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus.lnk
[2009/10/01 00:53:58 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/30 21:25:04 | 00,003,584 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 21:09:21 | 00,148,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k0
[2009/09/30 21:09:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k7
[2009/09/30 21:09:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k6
[2009/09/30 21:09:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k5
[2009/09/30 21:09:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k4
[2009/09/30 21:09:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k3
[2009/09/30 21:09:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k2
[2009/09/30 21:09:21 | 00,000,064 | ---- | M] () -- C:\WINDOWS\System32\drivers\kmxcfg.u2k1
[2009/09/30 20:08:15 | 01,047,588 | -HS- | M] () -- C:\WINDOWS\System32\buwapite.exe
[2009/09/30 20:08:04 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\hagijifa.exe
[2009/09/30 20:08:04 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\vuzofafu.dll
[2009/09/30 20:01:56 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\qapzyh3p.dll
[2009/09/30 20:01:53 | 00,025,600 | ---- | M] () -- C:\WINDOWS\System32\tftp.nfo
[2009/09/27 04:15:00 | 00,000,370 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job

========== Files - No Company Name ==========
[2009/10/08 17:44:25 | 00,000,767 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/10/08 02:16:29 | 00,008,551 | ---- | C] () -- C:\WINDOWS\System32\wispex.html
[2009/10/08 02:16:24 | 00,131,731 | ---- | C] () -- C:\WINDOWS\System32\dbsinit.exe
[2009/10/08 02:12:24 | 00,000,058 | ---- | C] () -- C:\WINDOWS\wf4.dat
[2009/10/08 02:12:24 | 00,000,003 | ---- | C] () -- C:\WINDOWS\wf3.dat
[2009/10/08 02:12:23 | 00,000,009 | ---- | C] () -- C:\WINDOWS\System32\nuar.old
[2009/10/08 02:12:22 | 00,550,400 | ---- | C] () -- C:\WINDOWS\System32\pump.exe
[2009/10/08 02:12:22 | 00,000,030 | ---- | C] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/08 01:56:51 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\t1p0_392358343424.b1k
[2009/10/08 00:58:23 | 00,169,984 | ---- | C] () -- C:\WINDOWS\mse.exe
[2009/10/07 08:27:15 | 00,022,167 | -HS- | C] () -- C:\WINDOWS\System32\fulorepi.dll
[2009/10/06 21:57:23 | 00,158,208 | ---- | C] () -- C:\WINDOWS\msd.exe
[2009/10/06 06:30:05 | 00,002,701 | -HS- | C] () -- C:\WINDOWS\System32\fezijepa.dll
[2009/10/05 15:21:55 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\josudita.exe
[2009/10/04 21:23:29 | 00,166,400 | ---- | C] () -- C:\WINDOWS\msc.exe
[2009/10/03 15:26:32 | 00,635,858 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\Cat.DB
[2009/10/03 12:13:28 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\vejorafa.exe
[2009/10/03 04:47:41 | 00,001,987 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Age Of Oracles-Tara's Journey.lnk
[2009/10/03 03:51:44 | 00,000,766 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\CleanMyPC - Registry Cleaner.lnk
[2009/10/03 03:45:55 | 00,001,176 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\vso_ts_preview.xml
[2009/10/03 03:45:24 | 00,000,031 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.log
[2009/10/03 03:44:54 | 00,087,608 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\inst.exe
[2009/10/03 03:44:54 | 00,007,887 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.cat
[2009/10/03 03:44:53 | 00,001,144 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\pcouffin.inf
[2009/10/03 03:44:42 | 00,000,827 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ConvertXtoDvd 3.lnk
[2009/10/03 00:14:37 | 00,007,386 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.CAT
[2009/10/03 00:14:37 | 00,000,805 | ---- | C] () -- C:\WINDOWS\System32\drivers\SYMEVENT.INF
[2009/10/03 00:14:12 | 00,001,896 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Norton AntiVirus.lnk
[2009/10/03 00:13:59 | 00,000,172 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\isolate.ini
[2009/10/03 00:13:58 | 00,003,373 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.inf
[2009/10/03 00:13:58 | 00,001,753 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.inf
[2009/10/03 00:13:58 | 00,001,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.inf
[2009/10/03 00:13:58 | 00,001,389 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.inf
[2009/10/03 00:13:58 | 00,001,383 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.inf
[2009/10/03 00:13:58 | 00,000,640 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.inf
[2009/10/03 00:13:46 | 00,009,423 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymNet.cat
[2009/10/03 00:13:46 | 00,007,410 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\SymEFA.cat
[2009/10/03 00:13:46 | 00,007,372 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtspx.cat
[2009/10/03 00:13:46 | 00,007,364 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\BHDrvx86.CAT
[2009/10/03 00:13:46 | 00,007,355 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\srtsp.cat
[2009/10/03 00:13:46 | 00,007,347 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAV\1005000.086\ccHPx86.cat
[2009/10/02 21:11:57 | 00,080,048 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/10/02 18:22:31 | 00,000,300 | -H-- | C] () -- C:\WINDOWS\tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job
[2009/10/01 23:11:30 | 00,158,208 | ---- | C] () -- C:\WINDOWS\msb.exe
[2009/10/01 11:10:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/10/01 10:10:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/10/01 09:10:55 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/10/01 08:10:54 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/10/01 08:10:21 | 00,026,624 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/01 01:34:41 | 00,007,396 | ---- | C] () -- C:\WINDOWS\System32\drivers\pctcore.cat
[2009/10/01 01:34:23 | 00,000,661 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools AntiVirus.lnk
[2009/10/01 00:53:58 | 00,019,160 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/10/01 00:53:58 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/10/01 00:53:53 | 00,038,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/30 21:47:40 | 03,184,656 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2009/09/30 21:25:04 | 00,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/09/30 21:14:11 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\Administrator\Application Data\desktop.ini
[2009/09/30 20:03:42 | 00,025,600 | ---- | C] () -- C:\WINDOWS\System32\tftp.nfo
[2009/09/30 20:01:56 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\qapzyh3p.dll
[2009/09/30 20:01:56 | 00,000,000 | ---- | C] () -- C:\WINDOWS\win32k.sys
[2009/01/28 13:23:34 | 00,005,184 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\N360BUOptions.ini
[2008/12/15 21:01:05 | 00,000,665 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2008/12/14 12:06:26 | 00,000,062 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== LOP Check ==========

[2009/10/04 21:22:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/10/04 21:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\3814661862
[2009/10/08 02:20:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\BitTorrent
[2009/10/07 11:54:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Vso
[2009/09/30 21:58:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2009/10/08 16:07:10 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/04/04 00:01:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2008/12/15 21:37:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2009/10/08 01:13:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\11175784
[2009/07/06 22:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVS4YOU
[2009/06/17 17:21:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/09/29 20:08:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Brainiversity2
[2009/01/28 11:07:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CA
[2009/09/16 21:05:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2009/08/02 22:42:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/01/18 10:53:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2009/09/22 13:17:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HiddenSecretsNightmare
[2009/09/03 01:23:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HideAndSecret3
[2009/10/03 04:48:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2009/01/18 11:06:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2009/09/22 14:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Merscom
[2008/12/14 17:51:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\muvee Technologies
[2009/09/21 18:23:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/09/21 18:16:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2009/07/06 17:35:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2009/01/15 22:52:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2009/08/26 22:03:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Princess Isabella
[2009/08/20 12:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SulusGames
[2009/10/08 16:00:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/26 18:25:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2009/09/15 17:21:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2008/12/14 12:06:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2008/12/14 12:06:26 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data
[2008/12/14 17:27:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/12/14 17:20:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/10/03 15:30:54 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Sheena\Application Data
[2009/10/01 01:37:12 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\User\Application Data
[2009/08/02 22:07:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Aisle 5 Games, Inc
[2009/07/06 22:20:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\AVS4YOU
[2009/06/17 17:32:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Azureus
[2009/09/10 17:49:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Big Fish Games
[2009/10/01 22:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\BitTorrent
[2009/09/16 21:05:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Canneverbe_Limited
[2009/09/17 21:13:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\dvdcss
[2009/09/22 18:01:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\ERS G-Studio
[2009/09/22 18:07:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\funkitron
[2009/08/18 16:59:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\GameInvest
[2009/08/03 20:18:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Games
[2009/08/29 00:46:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\HSA
[2009/05/31 02:07:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\InterVideo
[2009/03/08 23:04:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Leadertech
[2009/09/13 20:32:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\LimeWire
[2009/08/29 22:17:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MA
[2009/09/22 14:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Merscom
[2009/09/21 02:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Move Networks
[2008/12/23 20:32:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\MSNInstaller
[2009/08/18 16:42:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Pogo Games
[2009/08/29 22:20:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\she_is_a_shadow
[2009/09/10 00:50:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SprillRichiEng
[2009/08/20 12:27:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\SulusGames
[2008/12/21 00:55:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\U3
[2009/08/29 22:09:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Ubisoft
[2009/09/29 19:58:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\VampireSaga
[2009/10/01 22:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Vso
[2009/01/16 20:58:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\WeatherBug
[2009/03/02 21:24:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Desktop Search
[2009/03/02 22:44:46 | 00,000,000 | ---D | M] -- C:\Documents and Settings\User\Application Data\Windows Search
[2009/09/23 19:18:09 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 08:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\desktop.ini
[2009/10/03 15:28:27 | 00,000,416 | ---- | M] () -- C:\WINDOWS\Tasks\PCConfidential.job
[2009/09/27 04:15:00 | 00,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2009/10/08 02:37:33 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT
[2009/10/08 02:00:00 | 00,000,300 | -H-- | M] () -- C:\WINDOWS\Tasks\{BB65B0FB-5712-401b-B616-E69AC55E2757}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\system32\eventlog.dll >
[2008/04/13 20:11:53 | 00,061,952 | ---- | M] () -- C:\WINDOWS\system32\eventlog.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2008/04/13 20:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\scecli.dll
[1 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
[2008/04/13 20:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\logevent.dll
[1 C:\WINDOWS\system32\*.tmp files]

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F1DEA771
@Alternate Data Stream - 96 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3750BE5
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D351BC6
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D31BE97C
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4FE42FFC
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ECF54A0E
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C36B1175
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEB25EAE
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:870649A4
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:25249477
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2381A4
@Alternate Data Stream - 111 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A58B27C9
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52A22573
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1C6CB897
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:12D2EB9C
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4673E9EA
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3D36932D
< End of report >

OTL Extras logfile created on: 10/8/2009 5:47:45 PM - Run 1
OTL by OldTimer - Version 3.0.18.4 Folder = C:\Documents and Settings\Administrator\My Documents
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.12 Gb Total Physical Memory | 0.77 Gb Available Physical Memory | 68.16% Memory free
2.69 Gb Paging File | 2.47 Gb Available in Paging File | 91.72% Paging File free
Paging file location(s): C:\pagefile.sys 1728 3456 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.52 Gb Total Space | 44.15 Gb Free Space | 59.25% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: USER-0C26778AEB
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: SafeMode with Networking
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.exe [@ = exefile] -- C:\WINDOWS\System32\pump.exe ()
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- C:\WINDOWS\system32\pump.exe "%1" %* ()
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"10243:TCP" = 10243:TCP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10280:UDP" = 10280:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10281:UDP" = 10281:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10282:UDP" = 10282:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10283:UDP" = 10283:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"10284:UDP" = 10284:UDP:LocalSubNet:Enabled:Windows Media Player Network Sharing Service
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Messenger\msmsgs.exe" = C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger -- File not found
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\system32\mmc.exe" = C:\WINDOWS\system32\mmc.exe:*:Enabled:Microsoft Management Console -- (Microsoft Corporation)
"C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Tracks Eraser Pro 7.0.1010.exe" = C:\Documents and Settings\User\Local Settings\Temp\IXP000.TMP\Tracks Eraser Pro 7.0.1010.exe:*:Enabled:C:\DOCUME~1\User\LOCALS~1\Temp\IXP000.TMP\Tracks Eraser Pro 7.0.1010.exe -- File not found
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe" = C:\Program Files\Veoh Networks\VeohWebPlayer\veohwebplayer.exe:*:Enabled:Veoh Web Player -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{03B1B42B-F6DE-41d9-8CFF-DC44E895C7A7}" = PhotoGallery
"{0611BD4E-4FE4-4a62-B0C0-18A4CC463428}" = CP_Package_Variety1
"{06ECCCF4-9295-468E-851C-9529A7C181E8}" = HP User Guides 0001
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1C139D7D-9FEA-468d-A9C8-2A6E3BDE564A}" = CP_Package_Variety3
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{21DB3D90-D816-4092-A260-CA3F6B55A6DD}" = Sonic_PrimoSDK
"{23A7B376-BBEC-4e76-BBD7-0F155E70D74B}" = CP_Panorama1Config
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 12
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2CADCEAB-D5DA-44D6-B5FC-7DEE87AB3C0C}" = Unload
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{32BDCCB8-9DC8-496d-9DB1-F77510775BDB}" = InstantShareDevices
"{33D6CC28-9F75-4d1b-A11D-98895B3A3729}" = HP Photosmart 330,380,420,470,7800,8000,8200 Series
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36E47DA1-10E1-45d9-8B19-14D19607CDCF}" = CP_CalendarTemplates1
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A2
"{534AA552-E1F1-4965-B2AA-FBDEB0730D60}" = muvee autoProducer 4.0 - SE
"{53EE9E42-CECB-4C92-BF76-9CA65DAF8F1C}" = FullDPAppQFolder
"{564A8DD3-70BC-4018-A5C3-7CEB10BBB6E9}" = Image Transfer
"{56EE8B17-8274-418d-89AC-C057C5DB251E}" = RandMap
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{5721A8EA-A30F-4F66-9046-3F40C43AE1DC}" = Driver Detective
"{5A01C58E-B0EC-49b9-AD71-7C0468688087}" = CP_Package_Basic1
"{5C29CB8B-AC1E-4114-8D68-9CD080140D4A}" = Sony USB Driver
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{66BA8C26-AFE4-4408-807B-43E76B57EF53}" = SkinsHP1
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{755EC5E3-FD51-46bd-A57F-7A2D56FBF061}" = PSTAPlugin
"{767CC44C-9BBC-438D-BAD3-FD4595DD148B}" = VC80CRTRedist - 8.0.50727.762
"{769A295C-DCF4-41d6-AFBA-7D9394B23AFE}" = PSPrinters08
"{76C24F39-B161-498F-BD8B-C64789812D13}_is1" = ConvertXtoDVD 3.8.0.193f
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7E265513-8CDA-4631-B696-F40D983F3B07}_is1" = CDBurnerXP
"{7E27304E-BAA2-4d90-A34E-76641FAFABB4}" = CP_AtenaShokunin1Config
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{91810AFC-A4F8-4EBA-A5AA-B198BBC81144}" = InterVideo WinDVD
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3455242-DAE0-4523-8242-FD82706ABF4B}" = CameraDrivers
"{A5BB5365-EFB4-44c3-A7E2-EB59B7EFD23D}" = CueTour
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B4D279F1-4309-49cc-A4B5-3A0D2E59C7B5}" = PanoStandAlone
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B824B5C9-849F-4b9e-9EA7-6FD8CD8116DA}" = CP_Package_Variety2
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{BDBAAB1B-B364-465E-931D-4E2E2F0E609A}" = CA Personal Firewall
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C151CE54-E7EA-4804-854B-F515368B0798}" = Athlon 64 Processor Driver
"{C5F4A58B-0729-4F9C-9AA5-54008EEE8CFB}" = RapidBIT Suite
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB84F0F2-927B-458D-9DC5-87832E3DC653}" = GearDrvs
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.10 B2
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Age Of Oracles-Tara's Journey ." = Age Of Oracles-Tara's Journey .
"CleanMyPC - Registry Cleaner_is1" = CleanMyPC - Registry Cleaner
"CNXT_AUDIO" = Conexant AC-Link Audio
"CNXT_MODEM_PCI_VEN_1002&DEV_4378&SUBSYS_3091103C" = Data Fax SoftModem with SmartCP
"DVDStyler_is1" = DVDStyler v1.6.2
"ERUNT_is1" = ERUNT 1.1j
"eTrust Suite Personal" = CA Internet Security Suite
"HP Imaging Device Functions" = HP Imaging Device Functions 5.3
"HP Photo & Imaging" = HP Image Zone 5.3
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"InstallShield_{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = Texas Instruments PCIxx21/x515 drivers.
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MWASPI" = MicroStaff WINASPI
"NAV" = Norton AntiVirus
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PC Tools AntiVirus_is1" = PC Tools AntiVirus 6.1
"VLC media player" = VLC media player 1.0.1
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR" = WinRAR
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 10/8/2009 4:38:37 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:38:47 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:38:57 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:39:07 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:39:17 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:39:27 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:39:37 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:39:47 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:39:57 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

Error - 10/8/2009 4:40:07 PM | Computer Name = USER-0C26778AEB | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service CaCCProvSP
with arguments "" in order to run the server: {AACF4A1C-BC69-4359-9518-DF3F77E462BF}

< End of report >

#2
Rorschach112

Posted 08 October 2009 - 03:55 PM

Ralphie

Retired Staff
47,710 posts

hi

Please download exeHelper to your desktop.

Double-click on exeHelper.com to run the fix.
A black window should pop up, press any key to close once the fix is completed.
Post the contents of log.txt ( Will be created in the directory where you ran exeHelper.com )

Note : If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together ( they will both be in the one file ).

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
- Tools->Options->Main tab
- Set to "Always ask me where to Save the files".
During the download, rename Combofix to Combo-Fix as follows:
It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

-----------------------------------------------------------
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
  
  -----------------------------------------------------------
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
-----------------------------------------------------------
Double click on combo-Fix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\Combo-Fix.txt" for further review.

**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**

#3
wicked_princess

Posted 08 October 2009 - 04:03 PM

Member

Topic Starter
Member
17 posts

Will not let me run exe helper, both combo fix links pop up as random characters, not all are even of the english language.

#4
Rorschach112

Posted 08 October 2009 - 04:10 PM

Ralphie

Retired Staff
47,710 posts

can you get combofix to run anyway

#5
wicked_princess

Posted 08 October 2009 - 04:16 PM

Member

Topic Starter
Member
17 posts

No those sites don't let me download anything, they just show up as random chaacters with no install or anything.

#6
Rorschach112

Posted 08 October 2009 - 04:21 PM

Ralphie

Retired Staff
47,710 posts

this work for you ?

Download Load-CF to your desktop from one of these links : Mirror1, Mirror2

#7
wicked_princess

Posted 08 October 2009 - 04:29 PM

Member

Topic Starter
Member
17 posts

downloaded but will not run

#8
Rorschach112

Posted 08 October 2009 - 04:43 PM

Ralphie

Retired Staff
47,710 posts

rename it to svchost.com

runs then ?

#9
wicked_princess

Posted 08 October 2009 - 04:47 PM

Member

Topic Starter
Member
17 posts

It's the install file that doesn't run, sorry about that. So I can't do anything to it.

#10
Rorschach112

Posted 08 October 2009 - 04:48 PM

Ralphie

Retired Staff
47,710 posts

yes but can you rename it to svchost.com then run it again, that should get it going

#11
wicked_princess

Posted 08 October 2009 - 04:52 PM

Member

Topic Starter
Member
17 posts

still will not run, just pops up black screen with blue bar at top for a second and then it disappears, that's all it will do

#12
wicked_princess

Posted 08 October 2009 - 04:55 PM

Member

Topic Starter
Member
17 posts

Oh and my system is Windows XP service pack 3, not vista I just haven't gotten around to changing that

#13
Rorschach112

Posted 09 October 2009 - 06:45 AM

Ralphie

Retired Staff
47,710 posts

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - [2008/04/13 20:11:56 | 00,061,440 | ---- | M] () -- C:\WINDOWS\System32\Iasv32.dll -- (Ias [Auto | Stopped])
O2 - BHO: (C:\WINDOWS\system32\qapzyh3p.dll) - {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - C:\WINDOWS\System32\qapzyh3p.dll ()
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - No CLSID value found.
O4 - HKLM..\Run: [wikarazuy] C:\WINDOWS\System32\timarare.DLL ()
O4 - HKU\.DEFAULT..\Run: [Login Software 2009] C:\WINDOWS\TEMP\zqt829a.exe File not found
O4 - HKU\.DEFAULT..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\WINDOWS\TEMP\smss.exe ()
O4 - HKU\S-1-5-18..\Run: [Login Software 2009] C:\WINDOWS\TEMP\zqt829a.exe File not found
O4 - HKU\S-1-5-18..\Run: [Yjafosi8kdf98winmdkmnkmfnwe] C:\WINDOWS\TEMP\smss.exe ()
O20 - AppInit_DLLs: (C:\WINDOWS\TEMP\13046xxx.dll) - C:\WINDOWS\TEMP\13046xxx.dll ()
O20 - AppInit_DLLs: (yanohide.dll) - C:\WINDOWS\System32\yanohide.dll ()
O20 - AppInit_DLLs: (c:\windows\system32\timarare.dll) - C:\WINDOWS\System32\timarare.dll ()
O20 - HKLM Winlogon: Shell - (tftp.nfo) - C:\WINDOWS\System32\tftp.nfo ()
O20 - HKLM Winlogon: Shell - (beforegllav) - File not found
O20 - Winlogon\Notify\PFW: DllName - UmxWnp.Dll - C:\WINDOWS\System32\UmxWnp.Dll (CA)
O21 - SSODL: vitozizis - {c2107387-9579-4579-89b8-f2d469c517bd} - C:\WINDOWS\System32\timarare.dll ()
O22 - SharedTaskScheduler: {A249BC15-23F2-42AD-F4E4-00AAC39C0004} - iukjsf8w3jirojs9f8u3jruhsf78s3jijdif - C:\WINDOWS\System32\qapzyh3p.dll ()
O22 - SharedTaskScheduler: {c2107387-9579-4579-89b8-f2d469c517bd} - gahurihor - C:\WINDOWS\System32\timarare.dll ()
NetSvcs: BtwSrv - C:\WINDOWS\System32\BtwSrv.dll (X-Ways Software Technology)
NetSvcs: Ias - C:\WINDOWS\System32\Iasv32.dll ()
[2009/10/08 01:13:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\11175784
[2009/10/04 21:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\3814661862
[2009/10/08 02:16:29 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\images
[2009/10/08 02:12:23 | 00,664,064 | ---- | C] (ASC - AntiSpyware) -- C:\WINDOWS\System32\plugie.dll
[2009/10/08 17:48:48 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\fitiwemo
[2009/10/08 17:32:32 | 00,000,000 | ---- | M] () -- C:\WINDOWS\win32k.sys
[2009/10/08 17:32:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/10/08 15:39:44 | 01,011,340 | -HS- | M] () -- C:\WINDOWS\System32\zodabuma.exe
[2009/10/08 02:18:54 | 00,550,400 | ---- | M] () -- C:\WINDOWS\System32\pump.exe
[2009/10/08 02:18:52 | 00,000,058 | ---- | M] () -- C:\WINDOWS\wf4.dat
[2009/10/08 02:18:52 | 00,000,003 | ---- | M] () -- C:\WINDOWS\wf3.dat
[2009/10/08 02:16:24 | 00,131,731 | ---- | M] () -- C:\WINDOWS\System32\dbsinit.exe
[2009/10/08 02:12:23 | 00,664,064 | ---- | M] (ASC - AntiSpyware) -- C:\WINDOWS\System32\plugie.dll
[2009/10/08 02:12:23 | 00,000,009 | ---- | M] () -- C:\WINDOWS\System32\nuar.old
[2009/10/08 02:12:22 | 00,000,030 | ---- | M] () -- C:\WINDOWS\System32\wwp.htm
[2009/10/08 01:56:51 | 00,040,960 | ---- | M] () -- C:\WINDOWS\System32\t1p0_392358343424.b1k
[2009/10/08 00:58:02 | 00,169,984 | ---- | M] () -- C:\WINDOWS\mse.exe
[2009/10/07 08:27:15 | 00,022,167 | -HS- | M] () -- C:\WINDOWS\System32\fulorepi.dll
[2009/10/07 08:25:41 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\pozogere.dll
[2009/10/06 21:57:01 | 00,158,208 | ---- | M] () -- C:\WINDOWS\msd.exe
[2009/10/06 20:23:35 | 00,169,472 | -HS- | M] () -- C:\WINDOWS\System32\timarare.dll
[2009/10/06 20:23:34 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\firewege.dll
[2009/10/06 06:30:05 | 00,002,701 | -HS- | M] () -- C:\WINDOWS\System32\fezijepa.dll
[2009/10/06 06:26:44 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\vejasoso.dll
[2009/10/05 15:21:55 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\josudita.exe
[2009/10/04 21:23:08 | 00,166,400 | ---- | M] () -- C:\WINDOWS\msc.exe
[2009/10/04 21:21:55 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\pegoyoja.exe
[2009/10/04 21:21:46 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\kowajovu.dll
[2009/10/04 00:14:26 | 01,048,099 | -HS- | M] () -- C:\WINDOWS\System32\tajojeti.exe
[2009/10/04 00:14:17 | 00,169,472 | -HS- | M] () -- C:\WINDOWS\System32\jonotama.dll
[2009/10/04 00:14:15 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\musotiga.dll
[2009/10/03 12:13:28 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\vejorafa.exe
[2009/10/02 18:11:43 | 00,194,056 | -HS- | M] () -- C:\WINDOWS\System32\lutovute.exe
[2009/10/02 18:11:43 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\vavosiwo.dll
[2009/10/01 23:11:06 | 00,158,208 | ---- | M] () -- C:\WINDOWS\msb.exe
[2009/10/01 23:04:20 | 01,047,588 | -HS- | M] () -- C:\WINDOWS\System32\lapomefe.exe
[2009/10/01 23:04:12 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\domohodu.dll
[2009/10/01 11:10:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/10/01 10:10:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/10/01 09:10:55 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/10/01 08:10:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/10/01 08:10:22 | 00,026,624 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/10/01 08:10:11 | 00,169,472 | -HS- | M] () -- C:\WINDOWS\System32\sateveme.dll
[2009/10/01 08:10:10 | 00,038,400 | -HS- | M] () -- C:\WINDOWS\System32\petolahu.dll
[2009/09/30 20:08:15 | 01,047,588 | -HS- | M] () -- C:\WINDOWS\System32\buwapite.exe
[2009/09/30 20:08:04 | 00,046,592 | -HS- | M] () -- C:\WINDOWS\System32\hagijifa.exe
[2009/09/30 20:08:04 | 00,038,912 | -HS- | M] () -- C:\WINDOWS\System32\vuzofafu.dll
[2009/09/30 20:01:56 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\qapzyh3p.dll
[2009/09/30 20:01:53 | 00,025,600 | ---- | M] () -- C:\WINDOWS\System32\tftp.nfo
[2009/10/04 21:22:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\3814661862
[2009/10/08 01:13:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\11175784



:Services

:Reg

:Files
C:\WINDOWS\System32\BtwSrv.dll
C:\WINDOWS\System32\Iasv32.dll
:Commands
[purity]
[emptytemp]
[resethosts]
[Reboot]