Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Help

Started by Chandra Love , Jun 09 2011 10:07 PM

Please log in to reply

#1
Chandra Love

Posted 09 June 2011 - 10:07 PM

Member

Member
19 posts

I get a variety of failure and failed to problems. I've quit using Foxfire as it crashes every time another window opens.
I'm trying to burn disks and downloaded a burner online - it installed and I was able to use it once but now I get a msg The dynamic link library gdiplus.dll could not be found in the specified path C:\ProgramFiles\AviDvdBurner;.;C:\WINNT\system32;C.....Wbem

I'm also getting Failed to get proc address for SetDllDirectory W (Kernel 32)

and SetDllDirectory coild not be located in dynamic link library kernel 32.dll

I'm just having trouble

I did the OTL

OTL logfile created on: 6/7/2011 6:26:30 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 276.92 Mb Available Physical Memory | 54.14% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.99 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 36.90 Gb Free Space | 19.43% Space Free | Partition Type: NTFS

Computer Name: BLACKBEAUTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/07 18:25:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2011/05/19 21:41:09 | 000,941,936 | ---- | M] (Opera Software) -- C:\Program Files\Opera\opera.exe
PRC - [2011/04/12 12:16:08 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- C:\Program Files\uTorrent\uTorrent.exe
PRC - [2009/11/07 20:56:16 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/10/17 23:39:42 | 000,210,544 | ---- | M] () -- C:\Program Files\Gamevance\gamevance32.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/05/12 13:38:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2003/06/19 13:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 13:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/06/19 12:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe
PRC - [2003/06/10 23:19:46 | 000,466,944 | ---- | M] () -- C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe

========== Modules (SafeList) ==========

MOD - [2011/06/07 18:25:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2003/06/19 13:05:04 | 000,367,104 | ---- | M] () -- C:\WINNT\izirecew.dll
MOD - [2003/06/19 13:05:04 | 000,021,776 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wsock32.dll
MOD - [2003/06/19 13:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll
MOD - [2002/07/24 05:00:00 | 000,011,536 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\netrap.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/05/12 13:38:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 13:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 13:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 13:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 13:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 12:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)

========== Driver Services (SafeList) ==========

DRV - [2007/09/13 15:25:35 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/10/19 20:39:56 | 000,073,856 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/19 13:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 13:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 13:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 13:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/19 13:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 13:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 13:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/06/18 17:48:00 | 000,009,038 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\viausb.sys -- (viafilter)
DRV - [2002/09/23 23:35:44 | 000,014,208 | R--- | M] (Linksys) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USB200M.sys -- (USB20L)
DRV - [2002/07/24 05:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2002/07/24 05:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2001/12/17 01:13:58 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\VSP.sys -- (Vsp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.4
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 15:20:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/06 15:20:24 | 000,000,000 | ---D | M]

[2008/12/09 01:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/05/14 13:15:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions
[2011/05/14 12:46:41 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/04/12 12:15:36 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/05/14 13:15:27 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/04/12 12:15:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]
[2011/05/14 12:46:41 | 000,000,000 | ---D | M] (Maximum AdBlock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]
[2011/05/31 14:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/31 14:49:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2009/11/28 21:08:19 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOVE NETWORKS
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{F7447131-65B5-40DF-82ED-F83325664259}
[2009/11/07 20:56:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/06 15:19:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2011/05/06 15:20:07 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/07 11:00:42 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Gamevance) - {0ED403E8-470A-4a8a-85A4-D7688CFE39A3} - C:\Program Files\Gamevance\gamevancelib32.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Gamevance Text) - {BEAC7DC8-E106-4C6A-931E-5A42E7362883} - C:\Program Files\Gamevance\gvtl.dll ()
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [Gamevance] C:\Program Files\Gamevance\gamevance32.exe ()
O4 - HKLM..\Run: [Jhuwon] C:\WINNT\izirecew.dll ()
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKCU..\Run: [Pzexanugazixocig] C:\WINNT\msguer.dll (Acronis)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\GameRanger.lnk = C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1212784721109 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINNT\system32\msdxm.ocx ()
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/04 00:15:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/10/15 19:07:15 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/07 18:25:47 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/07 18:21:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\GooredFix Backups
[2011/06/07 18:20:12 | 000,071,398 | ---- | C] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/07 11:00:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/07 10:59:22 | 000,522,752 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/07 10:58:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\6-7-2011
[2011/06/06 13:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVI DVD Burner
[2011/06/06 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/06/06 13:46:23 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINNT\System32\ac3acm.acm
[2011/06/06 13:46:22 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINNT\System32\yv12vfw.dll
[2011/06/06 13:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/06/06 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\AviDvdBurner
[2011/06/06 13:43:27 | 029,880,014 | ---- | C] (AviDvdBurner.com Inc. ) -- C:\Documents and Settings\Administrator\Desktop\AviDvdBurner_inst.exe
[2011/06/06 13:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PowerMp3WmaConverter
[2011/06/06 13:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Power MP3 WMA Converter
[2011/06/06 13:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Power MP3 WMA Converter
[2011/06/06 09:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\NeroVision
[2011/06/06 09:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\My Pictures
[2011/06/06 09:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2011/06/06 09:40:22 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINNT\System32\NeroCheck.exe
[2011/06/06 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/06/06 09:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/06/06 09:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011/06/06 09:38:46 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagX7.dll
[2011/06/06 09:38:46 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagXpr7.dll
[2011/06/06 09:38:46 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagXRA7.dll
[2011/06/06 09:38:46 | 000,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\TwnLib4.dll
[2011/06/06 09:38:46 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagXR7.dll
[2011/06/06 09:38:46 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINNT\System32\TwnLib20.dll
[2011/06/06 09:38:46 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\picn20.dll
[2011/06/06 09:20:22 | 000,000,000 | ---D | C] -- C:\Temp
[2011/06/06 09:18:05 | 002,078,952 | ---- | C] (Rocket Division Software) -- C:\WINNT\System32\starburnx.dll
[2011/06/06 09:18:05 | 000,335,872 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINNT\System32\dvdauthor.ocx
[2011/06/06 09:18:05 | 000,233,472 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINNT\System32\viscomdvdimg.dll
[2011/06/06 09:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheetah Burner
[2011/06/06 09:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner
[2011/06/06 06:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Super DVD Creator
[2011/06/06 06:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Super_DVD_Creator_9.8
[2011/06/06 06:58:44 | 000,856,064 | ---- | C] (Essien Research & Development) -- C:\WINNT\System32\mpgfiltr.ax
[2011/06/06 06:58:44 | 000,266,240 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINNT\System32\VideoEdit.ocx
[2011/06/06 06:58:44 | 000,081,920 | ---- | C] (Viscom Software) -- C:\WINNT\System32\viscomwave.dll
[2011/06/06 06:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy AVI VCD DVD MPEG Converter
[2011/06/06 06:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Easy AVI VCD DVD MPEG Converter
[2011/06/03 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2011/06/03 20:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/05/31 14:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/31 14:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/31 14:49:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/05/31 14:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/05/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Accelerated_Learning_By_Colin_Rose_(text-pic-html)
[2011/05/23 12:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Skillbrains
[2011/05/23 12:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\nplightshot
[2011/05/20 22:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Weight By Date Pro 3
[2011/05/20 22:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Weight By Date Pro Trial
[2011/05/20 22:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Weight By Date Pro 3
[2011/05/19 22:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/05/19 21:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MP3 WAV WMA Converter
[2011/05/19 21:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 WAV WMA Converter
[2011/05/16 14:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/05/16 14:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/05/16 14:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Opera
[2011/05/14 12:46:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SecurityHeroes

========== Files - Modified Within 30 Days ==========

[2011/06/07 18:25:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/06/07 18:22:51 | 000,000,120 | ---- | M] () -- C:\WINNT\Ubudefogut.dat
[2011/06/07 18:20:33 | 001,305,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/06/07 18:20:12 | 000,071,398 | ---- | M] (jpshortstuff) -- C:\Documents and Settings\Administrator\Desktop\GooredFix.exe
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\Desktop\TDSSKiller.exe
[2011/06/07 11:02:35 | 000,000,000 | ---- | M] () -- C:\WINNT\Ptatejimij.bin
[2011/06/07 11:02:15 | 000,087,990 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2011/06/07 11:01:57 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_204.dat
[2011/06/07 10:59:22 | 000,522,752 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTM.exe
[2011/06/06 13:49:54 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVI DVD Burner.lnk
[2011/06/06 13:49:54 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVI DVD Burner.lnk
[2011/06/06 13:45:23 | 029,880,014 | ---- | M] (AviDvdBurner.com Inc. ) -- C:\Documents and Settings\Administrator\Desktop\AviDvdBurner_inst.exe
[2011/06/06 13:42:03 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Power MP3 WMA Converter.lnk
[2011/06/06 13:42:02 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Power MP3 WMA Converter.lnk
[2011/06/06 09:50:23 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2011/06/06 09:41:29 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/06 09:41:29 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/06/06 09:20:18 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2011/06/06 07:09:53 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 06:59:55 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Super DVD Creator.lnk
[2011/06/06 06:59:55 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2011/06/06 06:58:44 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Easy AVI VCD DVD MPEG Converter.lnk
[2011/06/03 20:27:26 | 000,000,557 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DVD Shrink 3.2.lnk
[2011/05/31 14:54:57 | 000,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/30 14:45:00 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/05/30 14:43:33 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_200.dat
[2011/05/30 01:24:21 | 001,286,046 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/05/29 13:30:51 | 000,002,370 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/05/27 05:35:27 | 000,284,848 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Capitalism without a Heart, without a Conscience_ Obama Blind to the Needs of the American People.mht
[2011/05/27 05:24:16 | 000,420,029 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\insidejob_screenplay.pdf
[2011/05/24 20:03:40 | 000,054,708 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\54876587.png
[2011/05/24 19:42:04 | 000,001,191 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\www-topachievement-com.pdf
[2011/05/24 19:40:07 | 000,028,868 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Personal-Development-Plan-Template.zip
[2011/05/24 19:39:40 | 000,011,920 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Weekly-Planner-Template.zip
[2011/05/24 19:39:21 | 000,009,258 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Goal-Setting-Worksheet.zip
[2011/05/24 19:19:41 | 000,117,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GoalSettingForm
[2011/05/24 16:14:28 | 000,051,699 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Third-Eye - Activation & Basic Usage.html
[2011/05/23 15:49:23 | 000,177,067 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\16685466-Mastering-the-Art-of-Persuasion-and-Seduction.pdf
[2011/05/23 12:31:10 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_214.dat
[2011/05/21 15:22:33 | 000,007,333 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Diet Sites.ods
[2011/05/21 15:22:07 | 000,009,659 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Seductress plan.ods
[2011/05/21 15:21:50 | 000,008,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My course notes.odt
[2011/05/21 15:21:28 | 000,016,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My course.odt
[2011/05/20 22:58:13 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Weight By Date Pro Trial.lnk
[2011/05/20 07:45:04 | 000,011,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Why Men Find Nice Butts So Sexy.pdf
[2011/05/20 01:22:02 | 000,001,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/20 01:19:31 | 000,021,763 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\laying down.jpg
[2011/05/20 00:57:37 | 000,001,381 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/05/19 21:54:58 | 000,000,023 | ---- | M] () -- C:\WINNT\System32\sysmwwod.dll
[2011/05/19 21:45:25 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MP3 WAV WMA Converter.lnk
[2011/05/17 00:48:17 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/05/16 00:58:49 | 005,038,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WISDOM_studenthandbook_online.pdf
[2011/05/16 00:12:35 | 000,243,884 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How soaring inequality contributed to the crash.pdf
[2011/05/15 22:04:37 | 005,731,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\101%20PortfolioPreview4thEd.pdf
[2011/05/15 16:54:01 | 000,021,904 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\chan.rtf
[2011/05/13 23:26:30 | 000,001,499 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/06/07 18:20:29 | 001,305,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.zip
[2011/06/07 11:01:57 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_204.dat
[2011/06/06 13:47:11 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVI DVD Burner.lnk
[2011/06/06 13:47:11 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVI DVD Burner.lnk
[2011/06/06 13:46:25 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2011/06/06 13:46:25 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini
[2011/06/06 13:46:22 | 000,631,808 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2011/06/06 13:46:22 | 000,243,200 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2011/06/06 13:46:20 | 000,080,896 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011/06/06 13:42:03 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Power MP3 WMA Converter.lnk
[2011/06/06 13:42:02 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Power MP3 WMA Converter.lnk
[2011/06/06 09:42:08 | 000,067,990 | ---- | C] () -- C:\WINNT\UNNVEContent.cfg
[2011/06/06 09:41:29 | 000,001,106 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/06 09:41:29 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/06/06 09:39:28 | 000,119,326 | ---- | C] () -- C:\WINNT\UNNeroVision.cfg
[2011/06/06 09:18:05 | 000,019,456 | ---- | C] () -- C:\WINNT\System32\videocore.dll
[2011/06/06 09:18:02 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2011/06/06 07:07:04 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 06:59:55 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Super DVD Creator.lnk
[2011/06/06 06:59:55 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2011/06/06 06:58:44 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Easy AVI VCD DVD MPEG Converter.lnk
[2011/06/06 06:58:44 | 000,000,431 | ---- | C] () -- C:\WINNT\System32\VideoEdit.lic
[2011/06/03 20:27:26 | 000,000,557 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DVD Shrink 3.2.lnk
[2011/05/31 14:49:27 | 000,002,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/30 14:43:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_200.dat
[2011/05/27 05:35:27 | 000,284,848 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Capitalism without a Heart, without a Conscience_ Obama Blind to the Needs of the American People.mht
[2011/05/27 05:24:16 | 000,420,029 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\insidejob_screenplay.pdf
[2011/05/24 20:03:39 | 000,054,708 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\54876587.png
[2011/05/24 19:42:04 | 000,001,191 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\www-topachievement-com.pdf
[2011/05/24 19:40:06 | 000,028,868 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Personal-Development-Plan-Template.zip
[2011/05/24 19:39:39 | 000,011,920 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Weekly-Planner-Template.zip
[2011/05/24 19:39:20 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Goal-Setting-Worksheet.zip
[2011/05/24 19:19:41 | 000,117,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GoalSettingForm
[2011/05/24 16:14:28 | 000,051,699 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Third-Eye - Activation & Basic Usage.html
[2011/05/23 15:49:23 | 000,177,067 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\16685466-Mastering-the-Art-of-Persuasion-and-Seduction.pdf
[2011/05/23 12:31:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_214.dat
[2011/05/21 15:22:32 | 000,007,333 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Diet Sites.ods
[2011/05/21 15:22:07 | 000,009,659 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Seductress plan.ods
[2011/05/21 15:21:49 | 000,008,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My course notes.odt
[2011/05/21 15:21:28 | 000,016,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My course.odt
[2011/05/20 22:58:13 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Weight By Date Pro Trial.lnk
[2011/05/20 07:45:04 | 000,011,497 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Why Men Find Nice Butts So Sexy.pdf
[2011/05/20 01:19:31 | 000,021,763 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\laying down.jpg
[2011/05/19 21:49:02 | 000,000,023 | ---- | C] () -- C:\WINNT\System32\sysmwwod.dll
[2011/05/19 21:45:25 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MP3 WAV WMA Converter.lnk
[2011/05/18 23:13:14 | 000,000,120 | ---- | C] () -- C:\WINNT\Ubudefogut.dat
[2011/05/18 23:13:14 | 000,000,000 | ---- | C] () -- C:\WINNT\Ptatejimij.bin
[2011/05/16 14:18:42 | 000,001,399 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/16 14:18:42 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/05/16 14:18:41 | 000,001,381 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/05/16 00:58:49 | 005,038,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WISDOM_studenthandbook_online.pdf
[2011/05/16 00:12:35 | 000,243,884 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How soaring inequality contributed to the crash.pdf
[2011/05/15 22:04:36 | 005,731,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\101%20PortfolioPreview4thEd.pdf
[2011/05/15 16:54:01 | 000,021,904 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\chan.rtf
[2009/11/16 17:33:00 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1f8.dat
[2009/11/08 02:02:28 | 000,077,388 | ---- | C] () -- C:\WINNT\War3Unin.dat
[2009/10/20 01:19:55 | 000,000,419 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2009/10/20 01:19:55 | 000,000,027 | ---- | C] () -- C:\WINNT\BRPP2KA.INI
[2009/10/06 01:28:13 | 000,000,000 | ---- | C] () -- C:\WINNT\popcreg.dat
[2009/10/06 00:27:48 | 000,000,039 | ---- | C] () -- C:\WINNT\popcinfot.dat
[2009/10/06 00:26:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[2009/09/22 11:50:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1f0.dat
[2008/12/30 17:59:54 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\vuins32.dll
[2008/05/16 12:58:04 | 000,012,632 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe
[2008/04/28 12:00:35 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_834.dat
[2008/04/28 12:00:35 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_758.dat
[2008/04/28 12:00:35 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_614.dat
[2008/04/28 12:00:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5a0.dat
[2008/04/28 12:00:26 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_7b4.dat
[2008/04/28 12:00:24 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_908.dat
[2008/04/28 12:00:23 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_870.dat
[2008/04/28 12:00:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_8b8.dat
[2008/04/28 12:00:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_7dc.dat
[2008/04/28 12:00:21 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_8dc.dat
[2008/04/28 12:00:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_648.dat
[2008/04/28 12:00:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_630.dat
[2008/04/28 12:00:18 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_650.dat
[2008/04/28 12:00:15 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_90c.dat
[2008/04/28 12:00:08 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_904.dat
[2008/01/11 01:29:39 | 000,000,000 | ---- | C] () -- C:\WINNT\PowerReg.dat
[2007/09/16 12:35:48 | 000,021,840 | ---- | C] () -- C:\WINNT\System32\SIntfNT.dll
[2007/09/16 12:35:48 | 000,017,212 | ---- | C] () -- C:\WINNT\System32\SIntf32.dll
[2007/09/16 12:35:48 | 000,012,067 | ---- | C] () -- C:\WINNT\System32\SIntf16.dll
[2007/09/13 15:25:35 | 000,120,320 | ---- | C] () -- C:\WINNT\System32\drivers\SSHDRV65.sys
[2007/01/27 21:12:44 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2007/01/27 21:12:39 | 000,107,132 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2007/01/27 21:10:55 | 000,003,195 | ---- | C] () -- C:\WINNT\mozver.dat
[2006/12/21 17:35:59 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2006/12/04 01:32:38 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2006/12/04 01:26:48 | 000,367,104 | ---- | C] () -- C:\WINNT\izirecew.dll
[2006/12/04 00:45:20 | 000,003,351 | ---- | C] () -- C:\WINNT\System32\drivers\VSP.sys
[2006/12/04 00:41:31 | 000,032,768 | ---- | C] () -- C:\WINNT\System32\UnAudioNT.dll
[2006/12/04 00:37:37 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\vusetup.dll
[2006/12/04 00:15:18 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2006/12/04 00:14:35 | 000,015,012 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2006/12/03 16:09:00 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2006/12/03 16:08:16 | 000,108,600 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,622,016 | ---- | C] () -- C:\WINNT\System32\nwiz.exe
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINNT\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,442,368 | ---- | C] () -- C:\WINNT\System32\nvappbar.exe
[2006/10/22 13:22:00 | 000,425,984 | ---- | C] () -- C:\WINNT\System32\keystone.exe
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2002/07/24 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2002/07/24 05:00:00 | 000,300,378 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2002/07/24 05:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2002/07/24 05:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2002/07/24 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2002/07/24 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2002/07/24 05:00:00 | 000,038,036 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2002/07/24 05:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2002/07/24 05:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2002/07/24 05:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2002/07/24 05:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2002/07/24 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2002/07/24 05:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[1999/09/25 03:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\iyvu9_32.dll

========== LOP Check ==========

[2009/12/20 00:50:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GameRanger
[2011/05/19 22:08:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2006/12/21 19:03:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2009/11/07 20:58:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org
[2011/05/16 14:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/06/06 13:57:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\PowerMp3WmaConverter
[2011/05/14 12:46:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SecurityHeroes
[2011/06/07 18:27:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\uTorrent
[2009/10/06 00:27:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap Games
[2011/06/07 10:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2009/09/12 15:01:11 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\剄
[2009/09/12 15:01:11 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\剄

========== Alternate Data Streams ==========

@Alternate Data Stream - 7772 bytes -> C:\Documents and Settings\Administrator\Desktop\Ashleys eyes.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4120 bytes -> C:\Documents and Settings\Administrator\Desktop\me.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A

< End of report >

THE EXTRAS REPORT

OTL Extras logfile created on: 6/7/2011 6:26:30 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 276.92 Mb Available Physical Memory | 54.14% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.77% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.99 Gb Free Space | 16.02% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 36.90 Gb Free Space | 19.43% Space Free | Partition Type: NTFS

Computer Name: BLACKBEAUTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{059733CA-3CCC-4884-8761-D9964990CD11}" = Weight-By-Date
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80464ABC-A520-453F-A383-6E7B92E0C3B3}" = Armies of Exigo
"{80B5B3C9-4084-2063-B32A-678A98DE512B}_is1" = nplightshot-1.5.0.10
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.4
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"AVI DVD Burner_is1" = AVI DVD Burner v5.7.0.194
"BFGC" = Big Fish Games Client
"Burn My Files_is1" = Burn My Files
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy AVI/VCD/DVD/MPEG Converter_is1" = Easy AVI/VCD/DVD/MPEG Converter
"GameSpy Arcade" = GameSpy Arcade
"Gamevance" = Gamevance
"HOTLLAMA Media Player" = HOTLLAMA Media Player
"HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update
"IE40" = Microsoft Internet Explorer 6 SP1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP3 WAV WMA Converter" = MP3 WAV WMA Converter
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.11.2109" = Opera 11.11
"Power MP3 WMA Converter(Freeware version)_is1" = Power MP3 WMA Converter 2011, (ver 6.1)
"Super DVD Creator_is1" = Super DVD Creator 9.8 Trial Version
"uTorrent" = µTorrent
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VSP_UNINST" = VIA Sound Player
"WinZip" = WinZip
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/1/2011 8:48:47 AM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/7/2011 2:02:07 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

[ System Events ]
Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 1/18/2009 10:02:04 PM | Computer Name = BLACKBEAUTY | Source = Cdrom | ID = 262151
Description = The device, \Device\CdRom0, has a bad block.

Error - 1/18/2009 11:13:05 PM | Computer Name = BLACKBEAUTY | Source = Server | ID = 2505
Description = The server could not bind to the transport \Device\NetbiosSmb because
another computer on the network has the same name. The server could not start.

< End of report >

#2
RKinner

Posted 13 June 2011 - 05:18 PM

Malware Expert

Expert
24,625 posts

Copy the text in the code box by highlighting and Ctrl + c



:OTL
MOD - [2003/06/19 13:05:04 | 000,367,104 | ---- | M] () -- C:\WINNT\izirecew.dll
FF - prefs.js..extensions.enabledItems: [email protected]:3.3.3.2
O4 - HKLM..\Run: [Jhuwon] C:\WINNT\izirecew.dll ()
O4 - HKCU..\Run: [Pzexanugazixocig] C:\WINNT\msguer.dll (Acronis)
O4 - HKCU..\Run: [uTorrent] C:\Program Files\uTorrent\uTorrent.exe (BitTorrent, Inc.)
[2011/04/12 12:15:36 | 000,000,000 | ---D | M] (uTorrentBar Community Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}
[2011/04/12 12:15:36 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: DirectAnimation Java Classes file://C:\WINNT\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Filter\Class Install Handler - No CLSID value found
O18 - Protocol\Filter\deflate - No CLSID value found
O18 - Protocol\Filter\gzip - No CLSID value found
O18 - Protocol\Filter\lzdhtml - No CLSID value found
O18 - Protocol\Filter\text/webviewhtml - No CLSID value found
[2011/06/07 18:22:51 | 000,000,120 | ---- | M] () -- C:\WINNT\Ubudefogut.dat
[2011/06/07 11:02:35 | 000,000,000 | ---- | M] () -- C:\WINNT\Ptatejimij.bin
[2011/06/07 11:02:15 | 000,087,990 | ---- | M] () -- C:\WINNT\System32\nvapps.xml
[2009/09/12 15:01:11 | 000,000,000 | ---- | M] ()(C:\WINNT\?) -- C:\WINNT\剄
[2009/09/12 15:01:11 | 000,000,000 | ---- | C] ()(C:\WINNT\?) -- C:\WINNT\剄
@Alternate Data Stream - 7772 bytes -> C:\Documents and Settings\Administrator\Desktop\Ashleys eyes.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 4120 bytes -> C:\Documents and Settings\Administrator\Desktop\me.jpg:Q30lsldxJoudresxAaaqpcawXc
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A

:files
C:\WINNT\izirecew.dll
C:\WINNT\msguer.dll
     
:Commands
[RESETHOSTS]
[purity]
[Reboot]

then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Open OTL again and select either the Use SafeList or All option in the Extra Registry group then the Run Scan button. Post the two logs it produces in your next reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.

ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

:!: Disable your Antivirus software when downloading or running Combofix. If it has Script Blocking features, please disable these as well. See: http://www.bleepingc...opic114351.html

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.

* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.

* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.

A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Re-activate your anti-virus at this time :!:

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with (Copy and Paste the text from the logs- Do not Attach):

OTL Log
MBAM log
Combofix log

Ron

#3
Chandra Love

Posted 14 June 2011 - 05:33 PM

Member

Topic Starter
Member
19 posts

I've done the scans:

OTL logfile created on: 6/14/2011 12:20:26 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\My Documents\Computer cleaner
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 372.78 Mb Available Physical Memory | 72.88% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.10 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 36.90 Gb Free Space | 19.43% Space Free | Partition Type: NTFS
Drive G: | 590.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BLACKBEAUTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/10 09:26:00 | 002,424,192 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/06/07 18:25:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Computer cleaner\OTL.exe
PRC - [2009/11/07 20:56:16 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/08/19 11:23:24 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2009/08/19 11:23:22 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/05/12 13:38:28 | 000,611,664 | ---- | M] (Lavasoft) -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
PRC - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe
PRC - [2003/06/19 13:05:04 | 000,243,472 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
PRC - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\wbem\WinMgmt.exe
PRC - [2003/06/19 13:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\mstask.exe
PRC - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\regsvc.exe
PRC - [2003/06/19 12:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\hidserv.exe
PRC - [2003/06/10 23:19:46 | 000,466,944 | ---- | M] () -- C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe
PRC - [2002/07/24 05:00:00 | 000,185,104 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows NT\Accessories\wordpad.exe

========== Modules (SafeList) ==========

MOD - [2011/06/07 18:25:47 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Computer cleaner\OTL.exe
MOD - [2003/06/19 13:05:04 | 000,010,000 | ---- | M] (Microsoft Corporation) -- C:\WINNT\system32\lz32.dll

========== Win32 Services (SafeList) ==========

SRV - [2008/05/12 13:38:28 | 000,611,664 | ---- | M] (Lavasoft) [Auto | Running] -- C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe -- (aawservice)
SRV - [2008/05/03 12:31:46 | 000,071,096 | ---- | M] () [Auto | Running] -- C:\Program Files\Super_DVD_Creator_9.8\NMSAccessU.exe -- (NMSAccessU)
SRV - [2003/06/19 13:05:04 | 000,196,706 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\wbem\WinMgmt.exe -- (WinMgmt)
SRV - [2003/06/19 13:05:04 | 000,147,728 | ---- | M] (VERITAS Software Corp.) [On_Demand | Stopped] -- C:\WINNT\System32\dmadmin.exe -- (dmadmin)
SRV - [2003/06/19 13:05:04 | 000,119,568 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\mstask.exe -- (Schedule)
SRV - [2003/06/19 13:05:04 | 000,094,992 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\FAXSVC.EXE -- (Fax)
SRV - [2003/06/19 13:05:04 | 000,068,368 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\regsvc.exe -- (RemoteRegistry)
SRV - [2003/06/19 13:05:04 | 000,022,800 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINNT\system32\utilman.exe -- (UtilMan)
SRV - [2003/06/19 12:05:04 | 000,019,728 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINNT\system32\hidserv.exe -- (HidServ)

========== Driver Services (SafeList) ==========

DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/09/13 15:25:35 | 000,120,320 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\SSHDRV65.sys -- (SSHDRV65)
DRV - [2004/07/09 03:58:10 | 000,015,104 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\mpe.sys -- (MPE)
DRV - [2003/10/19 20:39:56 | 000,073,856 | R--- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\viaudio.sys -- (VIAudio) VIA AC'97 Audio Controller (WDM)
DRV - [2003/07/02 05:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINNT\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/19 13:05:04 | 000,369,104 | ---- | M] (VERITAS Software Corp.) [Kernel | Disabled | Stopped] -- C:\WINNT\system32\drivers\dmboot.sys -- (dmboot)
DRV - [2003/06/19 13:05:04 | 000,137,936 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmio.sys -- (dmio)
DRV - [2003/06/19 13:05:04 | 000,060,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\parallel.sys -- (Parallel)
DRV - [2003/06/19 13:05:04 | 000,032,848 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\uhcd.sys -- (uhcd)
DRV - [2003/06/19 13:05:04 | 000,027,440 | ---- | M] (Microsoft Corporation) [File_System | Disabled | Running] -- C:\WINNT\System32\drivers\efs.sys -- (EFS)
DRV - [2003/06/19 13:05:04 | 000,007,728 | ---- | M] (Microsoft Corporation) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\diskperf.sys -- (Diskperf)
DRV - [2003/06/19 13:05:04 | 000,007,312 | ---- | M] (VERITAS Software Corp.) [Kernel | Boot | Running] -- C:\WINNT\System32\drivers\dmload.sys -- (dmload)
DRV - [2003/06/18 17:48:00 | 000,009,038 | ---- | M] (VIA Technologies, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINNT\System32\Drivers\viausb.sys -- (viafilter)
DRV - [2002/09/23 23:35:44 | 000,014,208 | R--- | M] (Linksys) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\USB200M.sys -- (USB20L)
DRV - [2002/07/24 05:00:00 | 000,021,712 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\rca.sys -- (RCA)
DRV - [2002/07/24 05:00:00 | 000,009,680 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\netdtect.sys -- (NetDetect)
DRV - [2001/12/17 01:13:58 | 000,003,351 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\VSP.sys -- (Vsp)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.facebook....www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: [email protected]:1.4.4
FF - prefs.js..extensions.enabledItems: {bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}:3.3.3.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"

FF - HKLM\software\mozilla\Firefox\extensions\\{5AE40F44-FCFF-4AD1-8564-B2C830755918}: C:\Documents and Settings\Administrator\Local Settings\Application Data\{5AE40F44-FCFF-4AD1-8564-B2C830755918} [2011/06/07 18:37:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/06 15:20:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/06/08 02:27:06 | 000,000,000 | ---D | M]

[2008/12/09 01:10:21 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/06/14 11:22:32 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions
[2011/05/14 12:46:41 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2011/05/14 13:15:27 | 000,000,000 | ---D | M] (Evernote Web Clipper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}
[2011/05/14 12:46:41 | 000,000,000 | ---D | M] (Maximum AdBlock) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]
[2011/05/31 14:49:42 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/31 14:49:42 | 000,000,000 | ---D | M] (Skype extension) -- C:\Program Files\Mozilla Firefox\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}
File not found (No name found) --
[2009/11/28 21:08:19 | 000,000,000 | ---D | M] (Move Media Player) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOVE NETWORKS
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\{BF7380FA-E3B4-4DB2-AF3E-9D8783A45BFC}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\[email protected]
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\MU9HIMHI.DEFAULT\EXTENSIONS\[email protected]
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\LOCAL SETTINGS\APPLICATION DATA\{F7447131-65B5-40DF-82ED-F83325664259}
[2009/11/07 20:56:16 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/06 15:19:59 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2011/03/21 08:22:04 | 001,680,272 | ---- | M] (Caminova, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll
[2011/05/06 15:20:07 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/06/14 11:22:41 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O3 - HKLM\..\Toolbar: (@msdxmLC.dll,-1@1033,&Radio) - {8E718888-423F-11D2-876E-00A0C9082467} - C:\WINNT\system32\msdxm.ocx ()
O4 - HKLM..\Run: [Jhuwon] File not found
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINNT\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINNT\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINNT\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINNT\System32\nwiz.exe ()
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\GameRanger.lnk = C:\Documents and Settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe (GameRanger Technologies)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AudioDeck.lnk = C:\Program Files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: @shdoclc.dll,-866 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O9 - Extra 'Tools' menuitem : @shdoclc.dll,-864 - {c95fe080-8f5d-11d2-a20b-00aa003c157a} - C:\WINNT\Web\RELATED.HTM ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINNT\system32\RNR20.DLL (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINNT\system32\msafd.dll (Microsoft Corporation)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.mi...b?1212784721109 (WUWebControl Class)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\wzcnotif: DllName - wzcdlg.dll - C:\WINNT\System32\wzcdlg.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/12/04 00:15:56 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/10/15 19:07:15 | 000,000,000 | -H-- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 11:22:30 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/14 11:21:31 | 004,122,140 | ---- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/06/12 15:20:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/06/12 15:20:37 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamswissarmy.sys
[2011/06/12 15:20:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/12 15:20:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/12 15:20:26 | 000,019,288 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbam.sys
[2011/06/12 15:20:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/06/12 15:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/06/12 15:14:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/06/12 15:13:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/06/12 15:13:55 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/06/12 15:13:19 | 007,734,216 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2011/06/12 15:13:01 | 011,405,848 | ---- | C] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/06/10 14:02:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\unzipped
[2011/06/10 14:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Without Embarrassment
[2011/06/09 21:30:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Computer cleaner
[2011/06/09 21:23:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Media Player Classic
[2011/06/08 02:26:46 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2011/06/08 02:26:27 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[2011/06/07 18:37:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\{5AE40F44-FCFF-4AD1-8564-B2C830755918}
[2011/06/07 17:32:48 | 001,437,488 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\My Documents\TDSSKiller.exe
[2011/06/07 11:00:38 | 000,000,000 | ---D | C] -- C:\_OTM
[2011/06/06 13:47:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVI DVD Burner
[2011/06/06 13:46:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\K-Lite Codec Pack
[2011/06/06 13:46:23 | 000,232,448 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINNT\System32\mp3fhg.acm
[2011/06/06 13:46:23 | 000,151,552 | ---- | C] (fccHandler) -- C:\WINNT\System32\ac3acm.acm
[2011/06/06 13:46:22 | 000,237,568 | ---- | C] (www.helixcommunity.org) -- C:\WINNT\System32\yv12vfw.dll
[2011/06/06 13:46:14 | 000,000,000 | ---D | C] -- C:\Program Files\K-Lite Codec Pack
[2011/06/06 13:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\AviDvdBurner
[2011/06/06 13:43:27 | 029,880,014 | ---- | C] (AviDvdBurner.com Inc. ) -- C:\Documents and Settings\Administrator\Desktop\AviDvdBurner_inst.exe
[2011/06/06 13:42:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\PowerMp3WmaConverter
[2011/06/06 13:41:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Power MP3 WMA Converter
[2011/06/06 13:41:52 | 000,000,000 | ---D | C] -- C:\Program Files\Power MP3 WMA Converter
[2011/06/06 09:44:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\NeroVision
[2011/06/06 09:44:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Ahead
[2011/06/06 09:42:08 | 001,916,928 | ---- | C] (Ahead Software AG) -- C:\WINNT\UNNVEContent.exe
[2011/06/06 09:40:22 | 000,155,648 | ---- | C] (Ahead Software Gmbh) -- C:\WINNT\System32\NeroCheck.exe
[2011/06/06 09:40:14 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nero
[2011/06/06 09:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Nero
[2011/06/06 09:39:27 | 003,006,464 | ---- | C] (Nero AG) -- C:\WINNT\UNNeroVision.exe
[2011/06/06 09:38:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Ahead
[2011/06/06 09:38:46 | 001,568,768 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagX7.dll
[2011/06/06 09:38:46 | 000,476,320 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagXpr7.dll
[2011/06/06 09:38:46 | 000,471,040 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagXRA7.dll
[2011/06/06 09:38:46 | 000,364,544 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\TwnLib4.dll
[2011/06/06 09:38:46 | 000,262,144 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\ImagXR7.dll
[2011/06/06 09:38:46 | 000,106,496 | ---- | C] (Pegasus Software) -- C:\WINNT\System32\TwnLib20.dll
[2011/06/06 09:38:46 | 000,038,912 | ---- | C] (Pegasus Imaging Corp.) -- C:\WINNT\System32\picn20.dll
[2011/06/06 09:20:22 | 000,000,000 | ---D | C] -- C:\Temp
[2011/06/06 09:18:05 | 002,078,952 | ---- | C] (Rocket Division Software) -- C:\WINNT\System32\starburnx.dll
[2011/06/06 09:18:05 | 000,335,872 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINNT\System32\dvdauthor.ocx
[2011/06/06 09:18:05 | 000,233,472 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINNT\System32\viscomdvdimg.dll
[2011/06/06 09:18:04 | 001,060,864 | R--- | C] (Microsoft Corporation) -- C:\WINNT\System32\mfc71.dll
[2011/06/06 09:18:04 | 000,344,064 | ---- | C] (Microsoft Corporation) -- C:\WINNT\System32\msvcr70.dll
[2011/06/06 09:18:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cheetah Burner
[2011/06/06 09:18:01 | 000,000,000 | ---D | C] -- C:\Program Files\Cheetah Burner
[2011/06/06 06:59:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Super DVD Creator
[2011/06/06 06:59:46 | 000,000,000 | ---D | C] -- C:\Program Files\Super_DVD_Creator_9.8
[2011/06/06 06:58:44 | 000,856,064 | ---- | C] (Essien Research & Development) -- C:\WINNT\System32\mpgfiltr.ax
[2011/06/06 06:58:44 | 000,266,240 | ---- | C] (Viscom Software www.viscomsoft.com) -- C:\WINNT\System32\VideoEdit.ocx
[2011/06/06 06:58:44 | 000,081,920 | ---- | C] (Viscom Software) -- C:\WINNT\System32\viscomwave.dll
[2011/06/06 06:58:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Easy AVI VCD DVD MPEG Converter
[2011/06/06 06:58:43 | 000,000,000 | ---D | C] -- C:\Program Files\Easy AVI VCD DVD MPEG Converter
[2011/06/03 20:27:26 | 000,000,000 | ---D | C] -- C:\Program Files\DVD Shrink
[2011/06/03 20:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DVD Shrink
[2011/05/31 14:49:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/05/31 14:49:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Skype
[2011/05/31 14:49:20 | 000,000,000 | R--D | C] -- C:\Program Files\Skype
[2011/05/31 14:49:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/05/24 17:34:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Accelerated_Learning_By_Colin_Rose_(text-pic-html)
[2011/05/23 12:54:11 | 000,000,000 | ---D | C] -- C:\Program Files\Skillbrains
[2011/05/23 12:54:09 | 000,000,000 | ---D | C] -- C:\Program Files\nplightshot
[2011/05/20 22:58:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Weight By Date Pro 3
[2011/05/20 22:57:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Weight By Date Pro Trial
[2011/05/20 22:57:57 | 000,000,000 | ---D | C] -- C:\Program Files\Weight By Date Pro 3
[2011/05/19 22:02:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\GetRightToGo
[2011/05/19 21:45:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\MP3 WAV WMA Converter
[2011/05/19 21:45:24 | 000,000,000 | ---D | C] -- C:\Program Files\MP3 WAV WMA Converter
[2011/05/16 14:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Opera
[2011/05/16 14:19:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2011/05/16 14:18:09 | 000,000,000 | ---D | C] -- C:\Program Files\Opera

========== Files - Modified Within 30 Days ==========

[2011/06/14 11:22:09 | 000,003,642 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\geeks to go help.rtf
[2011/06/14 11:21:33 | 004,122,140 | ---- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/06/13 11:51:17 | 000,758,873 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\why powerful men cheat.pdf
[2011/06/12 16:37:18 | 000,009,414 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\essay 4.odt
[2011/06/12 15:20:38 | 000,000,657 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 15:13:59 | 000,001,557 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/12 15:13:41 | 007,734,216 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup.exe
[2011/06/12 15:13:36 | 011,405,848 | ---- | M] (SUPERAntiSpyware.com) -- C:\Documents and Settings\Administrator\Desktop\SUPERAntiSpyware.exe
[2011/06/11 18:41:14 | 050,667,430 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\buss side.rtf
[2011/06/11 17:34:07 | 048,398,971 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\book.rtf
[2011/06/09 21:29:14 | 001,778,691 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\gburner29.exe
[2011/06/09 21:28:07 | 001,352,435 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\setup_magicdisc.exe
[2011/06/09 21:23:23 | 000,000,069 | ---- | M] () -- C:\WINNT\NeroDigital.ini
[2011/06/09 20:58:19 | 000,205,471 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\default
[2011/06/09 20:41:53 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_210.dat
[2011/06/08 02:27:06 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/08 02:24:27 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_218.dat
[2011/06/07 17:32:48 | 001,437,488 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Administrator\My Documents\TDSSKiller.exe
[2011/06/06 13:49:54 | 000,000,635 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVI DVD Burner.lnk
[2011/06/06 13:49:54 | 000,000,617 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\AVI DVD Burner.lnk
[2011/06/06 13:45:23 | 029,880,014 | ---- | M] (AviDvdBurner.com Inc. ) -- C:\Documents and Settings\Administrator\Desktop\AviDvdBurner_inst.exe
[2011/06/06 13:42:03 | 000,000,709 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Power MP3 WMA Converter.lnk
[2011/06/06 13:42:02 | 000,000,691 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Power MP3 WMA Converter.lnk
[2011/06/06 09:41:29 | 000,001,106 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/06 09:41:29 | 000,001,088 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/06/06 09:20:18 | 000,001,576 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2011/06/06 07:09:53 | 000,005,120 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 06:59:55 | 000,000,687 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Super DVD Creator.lnk
[2011/06/06 06:59:55 | 000,000,669 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2011/06/06 06:58:44 | 000,000,601 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Easy AVI VCD DVD MPEG Converter.lnk
[2011/06/03 20:27:26 | 000,000,557 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\DVD Shrink 3.2.lnk
[2011/05/31 14:54:57 | 000,002,194 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/30 14:43:33 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_200.dat
[2011/05/30 01:24:21 | 001,286,046 | -H-- | M] () -- C:\WINNT\ShellIconCache
[2011/05/29 13:30:51 | 000,002,370 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol
[2011/05/27 05:35:27 | 000,284,848 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Capitalism without a Heart, without a Conscience_ Obama Blind to the Needs of the American People.mht
[2011/05/27 05:24:16 | 000,420,029 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\insidejob_screenplay.pdf
[2011/05/24 20:03:40 | 000,054,708 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\54876587.png
[2011/05/24 19:42:04 | 000,001,191 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\www-topachievement-com.pdf
[2011/05/24 19:40:07 | 000,028,868 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Personal-Development-Plan-Template.zip
[2011/05/24 19:39:40 | 000,011,920 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Weekly-Planner-Template.zip
[2011/05/24 19:39:21 | 000,009,258 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Goal-Setting-Worksheet.zip
[2011/05/24 19:19:41 | 000,117,876 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\GoalSettingForm
[2011/05/24 16:14:28 | 000,051,699 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Third-Eye - Activation & Basic Usage.html
[2011/05/23 15:49:23 | 000,177,067 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\16685466-Mastering-the-Art-of-Persuasion-and-Seduction.pdf
[2011/05/23 12:31:10 | 000,016,384 | ---- | M] () -- C:\WINNT\System32\Perflib_Perfdata_214.dat
[2011/05/21 15:22:33 | 000,007,333 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Diet Sites.ods
[2011/05/21 15:22:07 | 000,009,659 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Seductress plan.ods
[2011/05/21 15:21:50 | 000,008,232 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My course notes.odt
[2011/05/21 15:21:28 | 000,016,552 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My course.odt
[2011/05/20 22:58:13 | 000,000,816 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Weight By Date Pro Trial.lnk
[2011/05/20 07:45:04 | 000,011,497 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Why Men Find Nice Butts So Sexy.pdf
[2011/05/20 01:22:02 | 000,001,399 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/20 01:19:31 | 000,021,763 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\laying down.jpg
[2011/05/20 00:57:37 | 000,001,381 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/05/19 21:54:58 | 000,000,023 | ---- | M] () -- C:\WINNT\System32\sysmwwod.dll
[2011/05/19 21:45:25 | 000,000,581 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MP3 WAV WMA Converter.lnk
[2011/05/17 00:48:17 | 000,000,523 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\µTorrent.lnk
[2011/05/16 00:58:49 | 005,038,208 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\WISDOM_studenthandbook_online.pdf
[2011/05/16 00:12:35 | 000,243,884 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\How soaring inequality contributed to the crash.pdf
[2011/05/15 22:04:37 | 005,731,719 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\101%20PortfolioPreview4thEd.pdf
[2011/05/15 16:54:01 | 000,021,904 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\chan.rtf

========== Files Created - No Company Name ==========

[2011/06/14 11:22:09 | 000,003,642 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\geeks to go help.rtf
[2011/06/13 11:51:17 | 000,758,873 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\why powerful men cheat.pdf
[2011/06/12 16:37:17 | 000,009,414 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\essay 4.odt
[2011/06/12 15:20:38 | 000,000,657 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/06/12 15:13:59 | 000,001,557 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/06/11 18:41:03 | 050,667,430 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\buss side.rtf
[2011/06/11 17:33:57 | 048,398,971 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\book.rtf
[2011/06/09 21:29:10 | 001,778,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\gburner29.exe
[2011/06/09 21:28:02 | 001,352,435 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\setup_magicdisc.exe
[2011/06/09 20:58:18 | 000,205,471 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\default
[2011/06/09 20:41:53 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_210.dat
[2011/06/08 02:27:06 | 000,002,258 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 8.lnk
[2011/06/08 02:27:06 | 000,001,537 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 8.lnk
[2011/06/08 02:24:27 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_218.dat
[2011/06/06 13:47:11 | 000,000,635 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\AVI DVD Burner.lnk
[2011/06/06 13:47:11 | 000,000,617 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\AVI DVD Burner.lnk
[2011/06/06 13:46:25 | 000,175,616 | ---- | C] () -- C:\WINNT\System32\unrar.dll
[2011/06/06 13:46:25 | 000,000,038 | ---- | C] () -- C:\WINNT\avisplitter.ini
[2011/06/06 13:46:22 | 000,631,808 | ---- | C] () -- C:\WINNT\System32\xvidcore.dll
[2011/06/06 13:46:22 | 000,243,200 | ---- | C] () -- C:\WINNT\System32\xvidvfw.dll
[2011/06/06 13:46:20 | 000,080,896 | ---- | C] () -- C:\WINNT\System32\ff_vfw.dll
[2011/06/06 13:42:03 | 000,000,709 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Power MP3 WMA Converter.lnk
[2011/06/06 13:42:02 | 000,000,691 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Power MP3 WMA Converter.lnk
[2011/06/06 09:42:08 | 000,067,990 | ---- | C] () -- C:\WINNT\UNNVEContent.cfg
[2011/06/06 09:41:29 | 000,001,106 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Nero StartSmart.lnk
[2011/06/06 09:41:29 | 000,001,088 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nero StartSmart.lnk
[2011/06/06 09:39:28 | 000,119,326 | ---- | C] () -- C:\WINNT\UNNeroVision.cfg
[2011/06/06 09:18:05 | 000,019,456 | ---- | C] () -- C:\WINNT\System32\videocore.dll
[2011/06/06 09:18:02 | 000,001,576 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Cheetah DVD Burner.lnk
[2011/06/06 07:07:04 | 000,005,120 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/06/06 06:59:55 | 000,000,687 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Super DVD Creator.lnk
[2011/06/06 06:59:55 | 000,000,669 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Super DVD Creator.lnk
[2011/06/06 06:58:44 | 000,000,601 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Easy AVI VCD DVD MPEG Converter.lnk
[2011/06/06 06:58:44 | 000,000,431 | ---- | C] () -- C:\WINNT\System32\VideoEdit.lic
[2011/06/03 20:27:26 | 000,000,557 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\DVD Shrink 3.2.lnk
[2011/05/31 14:49:27 | 000,002,194 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Skype.lnk
[2011/05/30 14:43:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_200.dat
[2011/05/27 05:35:27 | 000,284,848 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Capitalism without a Heart, without a Conscience_ Obama Blind to the Needs of the American People.mht
[2011/05/27 05:24:16 | 000,420,029 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\insidejob_screenplay.pdf
[2011/05/24 20:03:39 | 000,054,708 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\54876587.png
[2011/05/24 19:42:04 | 000,001,191 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\www-topachievement-com.pdf
[2011/05/24 19:40:06 | 000,028,868 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Personal-Development-Plan-Template.zip
[2011/05/24 19:39:39 | 000,011,920 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Weekly-Planner-Template.zip
[2011/05/24 19:39:20 | 000,009,258 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Goal-Setting-Worksheet.zip
[2011/05/24 19:19:41 | 000,117,876 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\GoalSettingForm
[2011/05/24 16:14:28 | 000,051,699 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Third-Eye - Activation & Basic Usage.html
[2011/05/23 15:49:23 | 000,177,067 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\16685466-Mastering-the-Art-of-Persuasion-and-Seduction.pdf
[2011/05/23 12:31:10 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_214.dat
[2011/05/21 15:22:32 | 000,007,333 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Diet Sites.ods
[2011/05/21 15:22:07 | 000,009,659 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Seductress plan.ods
[2011/05/21 15:21:49 | 000,008,232 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My course notes.odt
[2011/05/21 15:21:28 | 000,016,552 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\My course.odt
[2011/05/20 22:58:13 | 000,000,816 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Weight By Date Pro Trial.lnk
[2011/05/20 07:45:04 | 000,011,497 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Why Men Find Nice Butts So Sexy.pdf
[2011/05/20 01:19:31 | 000,021,763 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\laying down.jpg
[2011/05/19 21:49:02 | 000,000,023 | ---- | C] () -- C:\WINNT\System32\sysmwwod.dll
[2011/05/19 21:45:25 | 000,000,581 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MP3 WAV WMA Converter.lnk
[2011/05/16 14:18:42 | 000,001,399 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2011/05/16 14:18:42 | 000,001,387 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Opera.lnk
[2011/05/16 14:18:41 | 000,001,381 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2011/05/16 00:58:49 | 005,038,208 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\WISDOM_studenthandbook_online.pdf
[2011/05/16 00:12:35 | 000,243,884 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\How soaring inequality contributed to the crash.pdf
[2011/05/15 22:04:36 | 005,731,719 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\101%20PortfolioPreview4thEd.pdf
[2011/05/15 16:54:01 | 000,021,904 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\chan.rtf
[2009/11/16 17:33:00 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1f8.dat
[2009/11/08 02:02:28 | 000,077,388 | ---- | C] () -- C:\WINNT\War3Unin.dat
[2009/10/20 01:19:55 | 000,000,419 | ---- | C] () -- C:\WINNT\BRWMARK.INI
[2009/10/20 01:19:55 | 000,000,027 | ---- | C] () -- C:\WINNT\BRPP2KA.INI
[2009/10/06 01:28:13 | 000,000,000 | ---- | C] () -- C:\WINNT\popcreg.dat
[2009/10/06 00:27:48 | 000,000,039 | ---- | C] () -- C:\WINNT\popcinfot.dat
[2009/10/06 00:26:59 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_2dc.dat
[2009/09/22 11:50:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_1f0.dat
[2008/12/30 17:59:54 | 000,069,632 | ---- | C] () -- C:\WINNT\System32\vuins32.dll
[2008/05/16 12:58:04 | 000,012,632 | ---- | C] () -- C:\WINNT\System32\lsdelete.exe
[2008/04/28 12:00:35 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_834.dat
[2008/04/28 12:00:35 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_758.dat
[2008/04/28 12:00:35 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_614.dat
[2008/04/28 12:00:33 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_5a0.dat
[2008/04/28 12:00:26 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_7b4.dat
[2008/04/28 12:00:24 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_908.dat
[2008/04/28 12:00:23 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_870.dat
[2008/04/28 12:00:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_8b8.dat
[2008/04/28 12:00:22 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_7dc.dat
[2008/04/28 12:00:21 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_8dc.dat
[2008/04/28 12:00:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_648.dat
[2008/04/28 12:00:19 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_630.dat
[2008/04/28 12:00:18 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_650.dat
[2008/04/28 12:00:15 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_90c.dat
[2008/04/28 12:00:08 | 000,016,384 | ---- | C] () -- C:\WINNT\System32\Perflib_Perfdata_904.dat
[2008/01/11 01:29:39 | 000,000,000 | ---- | C] () -- C:\WINNT\PowerReg.dat
[2007/09/16 12:35:48 | 000,021,840 | ---- | C] () -- C:\WINNT\System32\SIntfNT.dll
[2007/09/16 12:35:48 | 000,017,212 | ---- | C] () -- C:\WINNT\System32\SIntf32.dll
[2007/09/16 12:35:48 | 000,012,067 | ---- | C] () -- C:\WINNT\System32\SIntf16.dll
[2007/09/13 15:25:35 | 000,120,320 | ---- | C] () -- C:\WINNT\System32\drivers\SSHDRV65.sys
[2007/01/27 21:12:44 | 000,000,000 | ---- | C] () -- C:\WINNT\nsreg.dat
[2007/01/27 21:12:39 | 000,107,132 | ---- | C] () -- C:\WINNT\UninstallFirefox.exe
[2007/01/27 21:10:55 | 000,003,195 | ---- | C] () -- C:\WINNT\mozver.dat
[2006/12/21 17:35:59 | 000,354,816 | ---- | C] () -- C:\WINNT\System32\psisdecd.dll
[2006/12/04 01:32:38 | 000,000,069 | ---- | C] () -- C:\WINNT\NeroDigital.ini
[2006/12/04 00:45:20 | 000,003,351 | ---- | C] () -- C:\WINNT\System32\drivers\VSP.sys
[2006/12/04 00:41:31 | 000,032,768 | ---- | C] () -- C:\WINNT\System32\UnAudioNT.dll
[2006/12/04 00:37:37 | 000,045,056 | ---- | C] () -- C:\WINNT\System32\vusetup.dll
[2006/12/04 00:15:18 | 000,021,952 | -H-- | C] () -- C:\Program Files\folder.htt
[2006/12/04 00:14:35 | 000,015,012 | ---- | C] () -- C:\WINNT\System32\emptyregdb.dat
[2006/12/03 16:09:00 | 000,004,073 | ---- | C] () -- C:\WINNT\ODBCINST.INI
[2006/12/03 16:08:16 | 000,108,600 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2006/10/22 13:22:00 | 001,662,976 | ---- | C] () -- C:\WINNT\System32\nvwdmcpl.dll
[2006/10/22 13:22:00 | 001,622,016 | ---- | C] () -- C:\WINNT\System32\nwiz.exe
[2006/10/22 13:22:00 | 001,470,464 | ---- | C] () -- C:\WINNT\System32\nview.dll
[2006/10/22 13:22:00 | 001,339,392 | ---- | C] () -- C:\WINNT\System32\nvdspsch.exe
[2006/10/22 13:22:00 | 001,019,904 | ---- | C] () -- C:\WINNT\System32\nvwimg.dll
[2006/10/22 13:22:00 | 000,581,632 | ---- | C] () -- C:\WINNT\System32\nvhwvid.dll
[2006/10/22 13:22:00 | 000,466,944 | ---- | C] () -- C:\WINNT\System32\nvshell.dll
[2006/10/22 13:22:00 | 000,442,368 | ---- | C] () -- C:\WINNT\System32\nvappbar.exe
[2006/10/22 13:22:00 | 000,425,984 | ---- | C] () -- C:\WINNT\System32\keystone.exe
[2006/10/22 13:22:00 | 000,286,720 | ---- | C] () -- C:\WINNT\System32\nvnt4cpl.dll
[2006/10/22 13:22:00 | 000,212,992 | ---- | C] () -- C:\WINNT\System32\nvapi.dll
[2002/07/24 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINNT\System32\mlang.dat
[2002/07/24 05:00:00 | 000,300,378 | ---- | C] () -- C:\WINNT\System32\perfh009.dat
[2002/07/24 05:00:00 | 000,272,492 | ---- | C] () -- C:\WINNT\System32\perfi009.dat
[2002/07/24 05:00:00 | 000,217,359 | ---- | C] () -- C:\WINNT\System32\dssec.dat
[2002/07/24 05:00:00 | 000,176,400 | ---- | C] () -- C:\WINNT\System32\qcut.dll
[2002/07/24 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINNT\System32\mib.bin
[2002/07/24 05:00:00 | 000,038,036 | ---- | C] () -- C:\WINNT\System32\perfc009.dat
[2002/07/24 05:00:00 | 000,033,552 | ---- | C] () -- C:\WINNT\System32\efsadu.dll
[2002/07/24 05:00:00 | 000,028,270 | ---- | C] () -- C:\WINNT\System32\perfd009.dat
[2002/07/24 05:00:00 | 000,007,265 | ---- | C] () -- C:\WINNT\System32\iasperf.ini
[2002/07/24 05:00:00 | 000,001,505 | ---- | C] () -- C:\WINNT\System32\faxperf.ini
[2002/07/24 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINNT\System32\noise.dat
[2002/07/24 05:00:00 | 000,000,023 | ---- | C] () -- C:\WINNT\welcome.ini
[1999/09/25 03:36:24 | 000,088,816 | ---- | C] () -- C:\WINNT\System32\drivers\lvcam.sys
[1999/09/25 03:36:22 | 000,017,424 | ---- | C] () -- C:\WINNT\System32\drivers\lvsound.sys
[1997/06/13 18:56:08 | 000,056,832 | ---- | C] () -- C:\WINNT\System32\iyvu9_32.dll

< End of report >

EXTRAS

OTL Extras logfile created on: 6/14/2011 12:20:26 PM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Administrator\My Documents\Computer cleaner
Windows 2000 Professional Edition Service Pack 4 (Version = 5.0.2195) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2800.1106)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

511.48 Mb Total Physical Memory | 372.78 Mb Available Physical Memory | 72.88% Memory free
1.22 Gb Paging File | 0.94 Gb Available in Paging File | 76.95% Paging File free
Paging file location(s): C:\pagefile.sys 768 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 18.64 Gb Total Space | 2.10 Gb Free Space | 11.25% Space Free | Partition Type: NTFS
Drive D: | 189.92 Gb Total Space | 36.90 Gb Free Space | 19.43% Space Free | Partition Type: NTFS
Drive G: | 590.51 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: BLACKBEAUTY | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINNT\hh.exe (Microsoft Corporation)
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
.hlp [@ = hlpfile] -- C:\WINNT\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINNT\System32\mshta.exe (Microsoft Corporation)
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)
.inf [@ = inffile] -- C:\WINNT\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINNT\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.reg [@ = regfile] -- C:\WINNT\regedit.exe (Microsoft Corporation)
.txt [@ = txtfile] -- C:\WINNT\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINNT\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- C:\Program Files\Opera\Opera.exe (Opera Software)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "C:\WINNT\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL %1,%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINNT\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- Reg Error: Key error.
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
https [open] -- "C:\Program Files\Opera\Opera.exe" "%1" (Opera Software)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
InternetShortcut [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- %1
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- %SystemRoot%\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- %SystemRoot%\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

========== Firewall Settings ==========

========== Authorized Applications List ==========

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01501EBA-EC35-4F9F-8889-3BE346E5DA13}" = MSXML4 Parser
"{059733CA-3CCC-4884-8761-D9964990CD11}" = Weight-By-Date
"{1968465A-D76E-4B88-8401-DAF9E5C82A87}" = Document Express DjVu Plug-in
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 16
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{5335DADB-34BA-4AE8-A519-648D78498846}" = Skype™ 5.3
"{6F716D8C-398F-11D3-85E1-005004838609}" = WebFldrs
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{80464ABC-A520-453F-A383-6E7B92E0C3B3}" = Armies of Exigo
"{80B5B3C9-4084-2063-B32A-678A98DE512B}_is1" = nplightshot-1.5.0.10
"{AC76BA86-7AD7-1033-7B44-A82000000003}" = Adobe Reader 8.2.0
"{B6CF2967-C81E-40C0-9815-C05774FEF120}" = Skype Toolbars
"{BD01E97F-2A6A-495E-BE38-22C7B80F3CD7}" = Cheetah DVD Burner
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DED53B0B-B67C-4244-AE6A-D6FD3C28D1EF}" = Ad-Aware
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Age of Empires 2.0" = Microsoft Age of Empires II
"Age of Empires Gold 1.0" = Microsoft Age of Empires Gold
"Age of Empires II: The Conquerors Expansion 1.0" = Microsoft Age of Empires II: The Conquerors Expansion
"Age of Mythology 1.0" = Age of Mythology
"AVI DVD Burner_is1" = AVI DVD Burner v5.7.0.194
"BFGC" = Big Fish Games Client
"Burn My Files_is1" = Burn My Files
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy AVI/VCD/DVD/MPEG Converter_is1" = Easy AVI/VCD/DVD/MPEG Converter
"GameSpy Arcade" = GameSpy Arcade
"HOTLLAMA Media Player" = HOTLLAMA Media Player
"HOTLLAMA Media Player - Update" = HOTLLAMA Media Player - Update
"IE40" = Microsoft Internet Explorer 6 SP1
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 7.1.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox 4.0.1 (x86 en-US)" = Mozilla Firefox 4.0.1 (x86 en-US)
"MP3 WAV WMA Converter" = MP3 WAV WMA Converter
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIA Drivers" = NVIDIA Drivers
"Opera 11.11.2109" = Opera 11.11
"Power MP3 WMA Converter(Freeware version)_is1" = Power MP3 WMA Converter 2011, (ver 6.1)
"Super DVD Creator_is1" = Super DVD Creator 9.8 Trial Version
"uTorrent" = µTorrent
"VIA Audio Driver Setup Program" = VIA Audio Driver Setup Program
"VN_VUIns_Rhine_VIA" = VIA Rhine-Family Fast-Ethernet Adapter
"VSP_UNINST" = VIA Sound Player
"WinZip" = WinZip
"Xilisoft DVD Creator 6" = Xilisoft DVD Creator 6

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GameRanger" = GameRanger
"Move Media Player" = Move Media Player
"Warcraft III" = Warcraft III: All Products

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/7/2011 2:02:07 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/7/2011 9:37:04 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/9/2011 11:42:03 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/11/2011 4:35:15 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/12/2011 5:16:49 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/12/2011 7:07:47 PM | Computer Name = BLACKBEAUTY | Source = Userenv | ID = 1000
Description = Windows cannot unload your registry file. If you have a roaming profile,
your settings are not replicated. Contact your administrator. DETAIL - Access
is denied. , Build number ((2195)).

Error - 6/12/2011 7:09:03 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/13/2011 2:26:29 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/14/2011 10:20:24 AM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

Error - 6/14/2011 2:24:43 PM | Computer Name = BLACKBEAUTY | Source = Perflib | ID = 2002
Description = The open procedure for service "PerfDisk" in DLL "C:\WINNT\system32\perfdisk.dll"
has taken longer than the established wait time to complete. There may be a problem
with this extensible counter or the service it is collecting data from or the system
may have been very busy when this call was attempted.

[ System Events ]
Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

Error - 12/30/2008 8:20:29 PM | Computer Name = BLACKBEAUTY | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\DR1, has a bad block.

< End of report >

Don't know but this was generated too

========== OTL ==========
Prefs.js: [email protected]:3.3.3.2 removed from extensions.enabledItems
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Jhuwon deleted successfully.
File move failed. C:\WINNT\izirecew.dll scheduled to be moved on reboot.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Pzexanugazixocig deleted successfully.
File C:\WINNT\msguer.dll not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\uTorrent deleted successfully.
C:\Program Files\uTorrent\uTorrent.exe moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\searchplugin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\META-INF folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\lib folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\components folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc}\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\{bf7380fa-e3b4-4db2-af3e-9d8783a45bfc} folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]\searchplugin folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]\META-INF folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]\lib folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]\DualPackage folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]\defaults folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]\components folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected]\chrome folder moved successfully.
C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\extensions\[email protected] folder moved successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
File Animation Java Classes file://C:\WINNT\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINNT\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\ deleted successfully.
File Protocol\Filter\Class Install Handler - No CLSID value found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Filter\ not found.
C:\WINNT\Ubudefogut.dat moved successfully.
C:\WINNT\Ptatejimij.bin moved successfully.
C:\WINNT\system32\nvapps.xml moved successfully.
C:\WINNT\剄 moved successfully.
File C:\WINNT\剄 not found.
ADS C:\Documents and Settings\Administrator\Desktop\Ashleys eyes.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\Administrator\Desktop\me.jpg:Q30lsldxJoudresxAaaqpcawXc deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:AC6124CA deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3E39C6A deleted successfully.
========== FILES ==========
File move failed. C:\WINNT\izirecew.dll scheduled to be moved on reboot.
File\Folder C:\WINNT\msguer.dll not found.
========== COMMANDS ==========
C:\WINNT\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.23.0 log created on 06142011_112230

Files\Folders moved on Reboot...
C:\WINNT\izirecew.dll moved successfully.

Registry entries deleted on Reboot...

MBAM

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6842

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

6/12/2011 5:03:11 PM
mbam-log-2011-06-12 (17-03-11).txt

Scan type: Full scan (C:\|)
Objects scanned: 150168
Time elapsed: 25 minute(s), 34 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{0ED403E8-470A-4A8A-85A4-D7688CFE39A3} (Adware.Gamevance) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6842

Windows 5.0.2195 Service Pack 4
Internet Explorer 6.0.2800.1106

6/14/2011 12:29:38 PM
mbam-log-2011-06-14 (12-29-38).txt

Scan type: Quick scan
Objects scanned: 114542
Time elapsed: 3 minute(s), 12 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

COMBOFIX

ComboFix 11-06-14.01 - Administrator 06/14/2011 16:18:32.1.1 - x86
Microsoft Windows 2000 Professional 5.0.2195.4.1252.1.1033.18.511.363 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
.
/wow section - STAGE 10
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
The process cannot access the file because it is being used by another process.
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Local Settings\Application Data\{5AE40F44-FCFF-4AD1-8564-B2C830755918}
c:\documents and settings\Administrator\Local Settings\Application Data\{5AE40F44-FCFF-4AD1-8564-B2C830755918}\chrome.manifest
c:\documents and settings\Administrator\Local Settings\Application Data\{5AE40F44-FCFF-4AD1-8564-B2C830755918}\chrome\content\_cfg.js
c:\documents and settings\Administrator\Local Settings\Application Data\{5AE40F44-FCFF-4AD1-8564-B2C830755918}\chrome\content\overlay.xul
c:\documents and settings\Administrator\Local Settings\Application Data\{5AE40F44-FCFF-4AD1-8564-B2C830755918}\install.rdf
c:\winnt\system32\sysmwwod.dll
c:\winnt\system32\videocore.dll
c:\winnt\Web\default.htt
.
c:\winnt\system32\Drivers\Volsnap.sys . . . is infected!!
.
.
((((((((((((((((((((((((( Files Created from 2011-05-14 to 2011-06-14 )))))))))))))))))))))))))))))))
.
.
2011-06-14 18:22 . 2011-06-14 18:22 -------- d-----w- C:\_OTL
2011-06-12 22:20 . 2011-06-12 22:20 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2011-06-12 22:20 . 2010-12-21 01:09 38224 ----a-w- c:\winnt\system32\drivers\mbamswissarmy.sys
2011-06-12 22:20 . 2011-06-12 22:20 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-12 22:20 . 2010-12-21 01:08 19288 ----a-w- c:\winnt\system32\drivers\mbam.sys
2011-06-12 22:20 . 2011-06-12 22:20 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-12 22:14 . 2011-06-12 22:14 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-06-12 22:14 . 2011-06-12 22:14 -------- d-----w- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2011-06-12 22:13 . 2011-06-12 22:19 -------- d-----w- c:\program files\SUPERAntiSpyware
2011-06-10 04:23 . 2011-06-10 04:23 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2011-06-07 18:00 . 2011-06-07 18:00 -------- d-----w- C:\_OTM
2011-06-06 20:46 . 2011-03-02 10:43 175616 ----a-w- c:\winnt\system32\unrar.dll
2011-06-06 20:46 . 2011-03-19 19:00 151552 ----a-w- c:\winnt\system32\ac3acm.acm
2011-06-06 20:46 . 2006-10-18 18:05 232448 ----a-w- c:\winnt\system32\mp3fhg.acm
2011-06-06 20:46 . 2011-03-24 19:35 243200 ----a-w- c:\winnt\system32\xvidvfw.dll
2011-06-06 20:46 . 2011-03-24 19:28 631808 ----a-w- c:\winnt\system32\xvidcore.dll
2011-06-06 20:46 . 2010-11-03 18:08 237568 ----a-w- c:\winnt\system32\yv12vfw.dll
2011-06-06 20:46 . 2011-03-29 08:00 80896 ----a-w- c:\winnt\system32\ff_vfw.dll
2011-06-06 20:46 . 2011-06-06 20:49 -------- d-----w- c:\program files\K-Lite Codec Pack
2011-06-06 20:43 . 2011-06-06 20:49 -------- d-----w- c:\program files\AviDvdBurner
2011-06-06 20:42 . 2011-06-06 20:57 -------- d-----w- c:\documents and settings\Administrator\Application Data\PowerMp3WmaConverter
2011-06-06 20:41 . 2011-06-06 20:42 -------- d-----w- c:\program files\Power MP3 WMA Converter
2011-06-06 16:44 . 2011-06-06 16:44 -------- d-----w- c:\documents and settings\Administrator\Application Data\Ahead
2011-06-06 16:42 . 2004-05-14 15:12 1916928 ------w- c:\winnt\UNNVEContent.exe
2011-06-06 16:40 . 2001-07-09 18:50 155648 ----a-w- c:\winnt\system32\NeroCheck.exe
2011-06-06 16:40 . 2011-06-06 16:40 -------- d-----w- c:\program files\Common Files\Nero
2011-06-06 16:39 . 2005-08-09 14:34 3006464 ------w- c:\winnt\UNNeroVision.exe
2011-06-06 16:38 . 2011-06-06 16:38 -------- d-----w- c:\documents and settings\All Users\Application Data\Ahead
2011-06-06 16:38 . 2004-07-27 00:16 476320 ------w- c:\winnt\system32\ImagXpr7.dll
2011-06-06 16:38 . 2004-07-27 00:16 471040 ------w- c:\winnt\system32\ImagXRA7.dll
2011-06-06 16:38 . 2004-07-27 00:16 262144 ------w- c:\winnt\system32\ImagXR7.dll
2011-06-06 16:38 . 2004-07-27 00:16 1568768 ------w- c:\winnt\system32\ImagX7.dll
2011-06-06 16:38 . 2004-07-09 16:43 364544 ------w- c:\winnt\system32\TwnLib4.dll
2011-06-06 16:38 . 2001-06-26 15:15 38912 ------w- c:\winnt\system32\picn20.dll
2011-06-06 16:38 . 2000-06-26 18:45 106496 ----a-w- c:\winnt\system32\TwnLib20.dll
2011-06-06 16:20 . 2011-06-06 16:22 -------- d-----w- C:\Temp
2011-06-06 16:18 . 2009-10-09 22:33 335872 ----a-w- c:\winnt\system32\dvdauthor.ocx
2011-06-06 16:18 . 2008-07-30 13:23 2078952 ----a-w- c:\winnt\system32\starburnx.dll
2011-06-06 16:18 . 2008-04-17 17:14 233472 ----a-w- c:\winnt\system32\viscomdvdimg.dll
2011-06-06 16:18 . 2003-03-19 07:20 1060864 ----a-r- c:\winnt\system32\mfc71.dll
2011-06-06 16:18 . 2002-01-05 14:37 344064 ----a-w- c:\winnt\system32\msvcr70.dll
2011-06-06 16:18 . 2011-06-06 16:18 -------- d-----w- c:\program files\Cheetah Burner
2011-06-06 13:59 . 2011-06-06 14:01 -------- d-----w- c:\program files\Super_DVD_Creator_9.8
2011-06-06 13:58 . 2010-03-24 15:53 266240 ----a-w- c:\winnt\system32\VideoEdit.ocx
2011-06-06 13:58 . 2004-02-08 07:53 856064 ----a-w- c:\winnt\system32\mpgfiltr.ax
2011-06-06 13:58 . 2003-08-18 20:31 81920 ----a-w- c:\winnt\system32\viscomwave.dll
2011-06-06 13:58 . 2011-06-06 13:58 -------- d-----w- c:\program files\Easy AVI VCD DVD MPEG Converter
2011-06-04 03:27 . 2011-06-04 03:27 -------- d-----w- c:\program files\DVD Shrink
2011-05-31 21:49 . 2011-05-31 21:49 -------- d-----w- c:\program files\Common Files\Skype
2011-05-31 21:49 . 2011-05-31 21:49 -------- d-----r- c:\program files\Skype
2011-05-31 21:49 . 2011-05-31 21:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Skype
2011-05-23 19:54 . 2011-05-23 19:54 -------- d-----w- c:\program files\Skillbrains
2011-05-23 19:54 . 2011-05-23 19:54 -------- d-----w- c:\program files\nplightshot
2011-05-21 05:57 . 2011-05-21 05:57 -------- d-----w- c:\program files\Weight By Date Pro 3
2011-05-20 05:02 . 2011-05-20 05:08 -------- d-----w- c:\documents and settings\Administrator\Application Data\GetRightToGo
2011-05-20 04:45 . 2011-05-20 04:46 -------- d-----w- c:\program files\MP3 WAV WMA Converter
2011-05-16 21:19 . 2011-05-16 21:19 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Opera
2011-05-16 21:18 . 2011-05-20 04:41 -------- d-----w- c:\program files\Opera
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-06 22:19 . 2011-05-06 22:19 142296 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
.
[-] 2004-07-09 12:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [ERROR: 0x0] . . c:\winnt\system32\d3d9.dll
.
c:\winnt\System32\comres.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Skype"="c:\program files\Skype\Phone\Skype.exe" [2011-05-27 15147400]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-06-10 2424192]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Synchronization Manager"="mobsync.exe" [2003-06-19 111376]
"NvCplDaemon"="c:\winnt\system32\NvCpl.dll" [2006-10-22 7700480]
"nwiz"="nwiz.exe" [2006-10-22 1622016]
"NvMediaCenter"="c:\winnt\system32\NvMcTray.dll" [2006-10-22 86016]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-11-08 149280]
"NeroFilterCheck"="c:\winnt\system32\NeroCheck.exe" [2001-07-09 155648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2009-12-18 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"^SetupICWDesktop"="c:\program files\Internet Explorer\Connection Wizard\icwconn1.exe" [2003-06-19 186640]
.
c:\documents and settings\Administrator\Start Menu\Programs\Startup\
GameRanger.lnk - c:\documents and settings\Administrator\Application Data\GameRanger\GameRanger\GameRanger.exe [2010-1-25 1216176]
OpenOffice.org 3.1.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2009-8-18 384000]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
AudioDeck.lnk - c:\program files\VIA\VIA Sound Player\mixer\AudioDeck_bmp.exe [2006-12-4 466944]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"
.
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R1 SSHDRV65;SSHDRV65;c:\winnt\system32\drivers\SSHDRV65.sys [9/13/2007 3:25 PM 120320]
S3 viafilter;VIA USB Filter;c:\winnt\system32\drivers\viausb.sys [12/4/2006 12:30 AM 9038]
S3 Vsp;Vsp;c:\winnt\system32\drivers\VSP.sys [12/4/2006 12:45 AM 3351]
.
--- Other Services/Drivers In Memory ---
.
*Deregistered* - MBAMSwissArmy
.
.
------- Supplementary Scan -------
.
IE: {{c95fe080-8f5d-11d2-a20b-00aa003c157a} - %SystemRoot%\web\related.htm
LSP: %SystemRoot%\system32\msafd.dll
TCP: DhcpNameServer = 192.168.0.1
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/|http://m.www.yahoo.com/
FF - prefs.js: keyword.URL - chrome://browser-region/locale/region.properties
.
- - - - ORPHANS REMOVED - - - -
.
HKLM-Run-Jhuwon - c:\winnt\izirecew.dll
AddRemove-uTorrent - c:\program files\uTorrent\uTorrent.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-14 16:21
Windows 5.0.2195 Service Pack 4 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\pluginreg.dat.bak 5329 bytes
c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\mu9himhi.default\prefs.js.BAK 27037 bytes
.
scan completed successfully
hidden files: 2
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
@=""
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
@=""
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(184)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\winnt\system32\wzcdlg.dll
c:\winnt\system32\WZCSAPI.DLL
.
Completion time: 2011-06-14 16:23:46
ComboFix-quarantined-files.txt 2011-06-14 23:23
.
Pre-Run: 2,222,612,480 bytes free
Post-Run: 2,191,400,960 bytes free
.
- - End Of File - - 12C51C6303A3E067F97119F82D9259CA

So, I see it has infected files and missing files?? I don't know if this fixed it or just shows where and what??
Thanks for your help!

I posted another thread where it said to post if I'd been waiting more than 3 days. Should I delete that? I know you guys are overworked, I don't want somwone working that request too and wasting their time?

Thanks
Chandra

#4
RKinner

Posted 14 June 2011 - 07:24 PM

Malware Expert

Expert
24,625 posts

We are going to have to find a clean copy of volsnap.sys. If this were XP, Combofix would have found one and fixed the problem but with W2K we have to be more creative. Let's see if there is one anywhere:

Start, Run, cmd, OK to bring up a COmmand Window. Type with an Enter after each line:


cd  \

dir  /a  /s  volsnap.*  >>  \junk.txt

dir  /a  /s  d3d9.*  >>  \junk.txt

dir  /a  /s  comres.*  >>  \junk.txt


notepad  \junk.txt

(I use 2 spaces in the code box so you can see where one space goes. The dir commands will take a few minutes each to complete. Wait for the prompt to return.)

Copy and paste the text from notepad into a reply. Also let's run a disk check: I think it worked the same way on W2K.

1. Double-click My Computer, and then right-click the hard disk that you want to check. C:
2. Click Properties, and then click Tools.
3. Under Error-checking, click Check Now. A dialog box that shows the Check disk options is displayed,
4. Check both boxes and then click Start.
You will receive the following message:
The disk check could not be performed because the disk check utility needs exclusive access to some Windows files on the disk. These files can be accessed by restarting Windows. Do you want to schedule the disk check to occur the next time you restart the computer?
Click Yes to schedule the disk check and then restart.

1. Please download the Event Viewer Tool by Vino Rosso
http://images.malwar...om/vino/VEW.exe
and save it to your Desktop:
2. Double-click VEW.exe
3. Under 'Select log to query', select:

* System
4. Under 'Select type to list', select:
* Error
* Warning

Then use the 'Number of events' as follows:

1. Click the radio button for 'Number of events'
Type 20 in the 1 to 20 box
Then click the Run button.
Notepad will open with the output log.

Please post the Output log in your next reply then repeat but select Application.

Ron