BleepingComputer.com: Files that can not be deleted

Jump to content

Forum Guidelines

Posted Image Read the following topic before creating a new topic in this forum. It contains instructions on the what we would like you to post, which will enable us to help you more quickly.

Preparation Guide For Use Before Using Malware Removal Tools and Requesting Help


Posted Image Unfortunately, with the amount of logs we receive per day, the average response time is 5 days. I want to assure you, though, that your topic will be looked at and responded to. So please be patient.


Posted Image DO NOT RUN ComboFix unless requested to.


Posted Image Only members of the Malware Response Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log.


Posted Image When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc.


Posted Image Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

Files that can not be deleted Broni sent me over here

#31 User is offline   ThePreacher_sr 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 09-August 10

Posted 04 November 2011 - 12:19 PM

Ok, here is the Extra's report and the OTL is below the line of ******** astericks.

OTL Extras logfile created on: 11/4/2011 12:59:52 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Stan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 57.80% Memory free
3.45 Gb Paging File | 2.86 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 2206 2206 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 64.90 Gb Free Space | 50.71% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 1
"FIREWALLDISABLENOTIFY" = 1
"UPDATESDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AA1207-D8C6-45DC-A96D-48358EBE09F3}" = PSShortcuts
"{0C8F5A16-1A6D-405B-A31E-C79B2C7CDA26}" = Screencaster Plug-in for FF
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4FD27B25-4128-4CDA-A322-F1C8F0D8FEC9}" = e-Sword
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BDAEFB5-1FF6-45DA-AD07-910CD7F4B5EF}" = Microsoft DirectX SDK (April 2007)
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{613EA65C-E570-4BE0-B26F-1EDF2536B3EA}" = VideoCharge
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6D8D64BE-F500-55B6-705D-DFD08AFE0624}" = Acrobat.com
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{789289CA-F73A-4A16-A331-54D498CE069F}" = Ventrilo Client
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111551630}" = Hidden Expedition Titanic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931099E3-8F73-4028-A780-02C738176152}" = VideoCharge Studio
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.6
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D7DF9A90-2550-42E5-8DF6-F6754278F654}" = Nile
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FDB3B167-F4FA-461D-976F-286304A57B2A}" = Adobe AIR
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"3554AA4B-9B0B-451a-A269-2B5F53982209_is1" = ThreatFire
"7-Zip" = 7-Zip 9.20
"8461-7759-5462-8226" = Vuze
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"Browser Defender_is1" = Browser Defender 4.0
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"Delta Force 2" = Delta Force 2
"dffav31" = DF Favorites 3.1.6
"EndItAll_is1" = EndItAll 2.0
"HijackThis" = HijackThis 1.99.1
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"iLivid" = iLivid
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"InterActual Player" = InterActual Player
"Learn To Speak Spanish 8.0" = Learn To Speak Spanish 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NMPUninstallKey" = Nero Media Player
"NVEContent!UninstallKey" = NeroVision Express Content
"NVIDIA Drivers" = NVIDIA Drivers
"PC Tools Firewall Plus" = PC Tools Firewall Plus 7.0
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Q903235" = Internet Explorer Q903235
"RealPlayer 12.0" = RealPlayer
"Remove on Reboot Shell Extension_is1" = Remove on Reboot Shell Extension
"RemoveIT Pro v4 - SE" = RemoveIT Pro v4 - SE
"Roger Wilco" = Roger Wilco
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"SpywareBlaster_is1" = SpywareBlaster 4.4
"SystemRequirementsLab" = System Requirements Lab
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 11/3/2011 08:37:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 11/3/2011 08:37:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 11/3/2011 08:49:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7011
Description = Timeout (30000 milliseconds) waiting for a transaction response from
the ThreatFire service.

Error - 11/3/2011 09:18:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 11/3/2011 09:18:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the PC Tools Security Service
service to connect.

Error - 11/3/2011 09:18:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The PC Tools Security Service service failed to start due to the following
error: %%1053

Error - 11/3/2011 09:18:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 11/3/2011 09:19:59 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/3/2011 09:19:59 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio Beep Lbd

Error - 11/3/2011 09:21:38 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7034
Description = The Browser Defender Update Service service terminated unexpectedly.
It has done this 1 time(s).


< End of report >

******************************************************************************************************

OTL logfile created on: 11/4/2011 12:59:51 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Stan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.83 Gb Available Physical Memory | 57.80% Memory free
3.45 Gb Paging File | 2.86 Gb Available in Paging File | 83.03% Paging File free
Paging file location(s): C:\pagefile.sys 2206 2206 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 64.90 Gb Free Space | 50.71% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/04 12:58:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stan\Desktop\OTL.exe
PRC - [2011/10/28 11:02:02 | 002,658,744 | ---- | M] (PC Tools) -- C:\Program Files\Spyware Doctor\pctsGui.exe
PRC - [2011/10/17 13:18:23 | 004,615,552 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/10/10 12:30:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCore.exe
PRC - [2010/12/31 10:29:44 | 000,378,128 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFTray.exe
PRC - [2010/12/31 10:29:40 | 000,070,928 | ---- | M] (PC Tools) -- C:\Program Files\ThreatFire\TFService.exe
PRC - [2010/11/29 12:55:44 | 002,676,696 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe
PRC - [2010/11/17 11:29:38 | 000,287,024 | ---- | M] (PC Tools) -- C:\Program Files\PC Tools Firewall Plus\FWService.exe
PRC - [2009/07/19 23:55:50 | 004,446,752 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/23 19:06:38 | 000,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe
PRC - [2003/03/31 08:00:00 | 000,119,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\winmine.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/03 21:22:10 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/11/03 21:22:10 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll
MOD - [2011/10/20 19:39:51 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/10/20 19:39:51 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2011/10/10 12:30:27 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2009/07/19 23:55:50 | 004,446,752 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WLSetupSvc)
SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (GoToAssist)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/10/28 11:02:02 | 001,117,624 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2011/10/27 21:49:32 | 000,402,336 | ---- | M] (PC Tools) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2011/10/25 13:38:10 | 000,542,672 | ---- | M] (Threat Expert Ltd.) [Auto | Stopped] -- C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe -- (Browser Defender Update Service)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2010/12/31 10:29:40 | 000,070,928 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\ThreatFire\TFService.exe -- (ThreatFire)
SRV - [2010/11/17 11:29:38 | 000,287,024 | ---- | M] (PC Tools) [Auto | Running] -- C:\Program Files\PC Tools Firewall Plus\FWService.exe -- (PCToolsFirewallPlus)
SRV - [2009/07/19 23:55:50 | 004,446,752 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/04/13 20:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 20:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2006/10/05 16:22:36 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/03/23 19:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2006/03/23 19:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/11/02 18:54:38 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/10/28 11:03:18 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/10/28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/10/28 10:40:58 | 000,252,840 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/10/22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/22 15:11:08 | 000,162,584 | ---- | M] (PC Tools) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PCTAppEvent.sys -- (PCTAppEvent)
DRV - [2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2011/09/28 13:14:02 | 000,056,840 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PCTBD.sys -- (PCTBD)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/12/31 10:29:58 | 000,069,392 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfSysMon.sys -- (TfSysMon)
DRV - [2010/12/31 10:29:58 | 000,033,552 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\TfNetMon.sys -- (TfNetMon)
DRV - [2010/12/31 10:29:56 | 000,051,984 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\TfFsMon.sys -- (TfFsMon)
DRV - [2010/11/25 11:42:10 | 000,124,992 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctplfw.sys -- (pctplfw)
DRV - [2010/11/24 10:18:16 | 000,089,192 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis-PacketFilter.sys -- (PCTFW-PacketFilter)
DRV - [2010/07/08 10:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdisMP)
DRV - [2010/07/08 10:49:10 | 000,057,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctNdis.sys -- (pctNdis)
DRV - [2010/03/01 10:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 14:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/11 08:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/11 10:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/28 19:08:26 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008/04/13 14:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 14:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/12/14 04:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/03/23 19:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2006/03/23 19:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/03/23 19:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004/05/25 15:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/03/23 11:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/23 11:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/01/13 12:36:00 | 000,063,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2003/11/14 18:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/14 18:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/14 18:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/15 19:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/31 08:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 08:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/03/19 15:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 15:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2001/08/17 09:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..\URLSearchHook: {472734EA-242A-422b-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
IE - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@bitmanagement.com/BS Contact: File not found
FF - HKLM\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60310.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.633: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.633: C:\Program Files\Real\RealPlayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BS Contact: File not found
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: File not found

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2011/09/11 20:03:36 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{cb84136f-9c44-433a-9048-c5cd9df1dc16}: C:\Program Files\Spyware Doctor\BDT\Firefox\ [2011/11/02 18:14:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/10/10 12:30:29 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/11 20:46:16 | 000,000,000 | ---D | M]

[2011/09/11 20:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Extensions
[2011/10/09 10:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\extensions
[2011/09/11 20:09:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/11 20:09:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/16 01:45:49 | 000,002,410 | ---- | M] () -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\searchplugins\s-amazon.xml
[2011/10/09 12:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/11 20:46:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/11 20:46:06 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com
[2011/10/09 12:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/09 12:11:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/11 20:43:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/11/02 18:14:24 | 000,000,000 | ---D | M] (Browser Defender Toolbar) -- C:\PROGRAM FILES\SPYWARE DOCTOR\BDT\FIREFOX
[2011/10/10 12:30:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/10 20:28:43 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol308.dll
[2010/07/25 15:25:34 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/22 14:14:24 | 000,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDimdimControl.dll
[2007/07/18 12:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2010/09/13 05:37:24 | 000,112,024 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2011/10/10 12:30:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/10/08 20:26:29 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/10/08 20:26:29 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/10/27 21:59:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (PC Tools Browser Defender BHO) - {2A0F3D1B-0909-4FF4-B272-609CCE6054E7} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O3 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..\Toolbar\WebBrowser: (PC Tools Browser Defender) - {472734EA-242A-422B-ADF8-83D1E48CC825} - C:\Program Files\Spyware Doctor\BDT\PCTBrowserDefender.dll (Threat Expert Ltd.)
O4 - HKLM..\Run: [ISTray] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006..\Run: [File Description] C:\Program Files\ThreatFire\TFGui.exe (PC Tools)
O4 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006..\Run: [PC Tools Firewall GUI] C:\Program Files\PC Tools Firewall Plus\FirewallGUI.exe (PC Tools)
O4 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006..\Run: [PC Tools GUI Application] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools)
O4 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O8 - Extra context menu item: &Download All using 4shared Desktop - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..Trusted Domains: thefifthimperium.com ([baencd] https in Trusted sites)
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188095237237 (WUWebControl Class)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188095224862 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} http://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab (Sandlot Loader Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5518D22D-8562-4599-AF15-7C4779F936C2}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Value error. File not found
O18 - Protocol\Handler\df2 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df23chat {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df3 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df4 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df5 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df5demo {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\ofpjoin {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Stan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 13:54:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/04 12:58:25 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stan\Desktop\OTL.exe
[2011/11/03 21:13:42 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stan\Recent
[2011/11/02 18:14:21 | 000,056,840 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTBD.sys
[2011/11/02 18:14:20 | 000,149,456 | ---- | C] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/11/02 18:14:19 | 002,291,664 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/11/02 18:14:19 | 001,681,360 | ---- | C] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/11/02 18:13:27 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/11/02 18:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/11/02 18:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Application Data\TestApp
[2011/11/02 18:09:25 | 003,835,352 | ---- | C] (PC Tools) -- C:\Documents and Settings\Stan\Desktop\sdsetup.exe
[2011/11/01 15:45:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/01 15:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/01 15:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/27 21:18:46 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/10/25 19:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Desktop\PD5981H
[2011/10/22 23:04:20 | 004,274,254 | R--- | C] (Swearware) -- C:\Documents and Settings\Stan\Desktop\ComboFix.exe
[2011/10/21 21:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2011/10/20 19:38:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Application Data\SUPERAntiSpyware.com
[2011/10/20 19:38:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/10/20 19:37:04 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/10/15 19:32:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/15 19:03:14 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/10/15 18:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Application Data\uTorrent
[2011/10/14 11:01:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/10/14 11:01:58 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2009/10/06 19:40:52 | 020,332,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Ofexhelp.exe
[2007/10/22 04:31:06 | 001,673,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2007/10/22 04:31:06 | 000,502,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2007/10/22 04:31:06 | 000,076,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2007/07/02 23:28:25 | 000,287,592 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/04 13:06:01 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{79FC69AE-DB79-4CB2-BF77-BB3D2762D275}.job
[2011/11/04 13:05:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{914BF42F-502C-4974-A020-03A43610C424}.job
[2011/11/04 12:58:21 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stan\Desktop\OTL.exe
[2011/11/04 12:57:23 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2011/11/03 21:50:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-625079839-1194595414-1954097754-1009.job
[2011/11/03 21:21:17 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-625079839-1194595414-1954097754-1006.job
[2011/11/03 21:20:53 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-625079839-1194595414-1954097754-1006.job
[2011/11/03 21:17:01 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-625079839-1194595414-1954097754-1009.job
[2011/11/03 21:17:00 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-625079839-1194595414-1954097754-1011.job
[2011/11/03 21:16:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/03 21:15:43 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/03 21:13:25 | 000,000,331 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\EraserD.ini
[2011/11/03 18:18:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-625079839-1194595414-1954097754-1011.job
[2011/11/02 18:54:38 | 000,341,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/11/02 18:13:27 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/02 18:12:19 | 000,001,537 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Minesweeper.lnk
[2011/11/02 18:09:31 | 003,835,352 | ---- | M] (PC Tools) -- C:\Documents and Settings\Stan\Desktop\sdsetup.exe
[2011/11/02 16:31:19 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/01 15:45:36 | 000,001,513 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Solitaire.lnk
[2011/11/01 15:44:42 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/01 15:43:23 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Hearts.lnk
[2011/11/01 14:40:47 | 000,025,018 | ---- | M] () -- C:\scheduler.hist
[2011/10/28 21:52:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/10/28 11:03:18 | 000,070,536 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/10/28 11:02:54 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/10/28 11:01:36 | 000,017,848 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/10/28 10:40:58 | 000,252,840 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/10/27 21:59:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/27 20:08:20 | 004,274,254 | R--- | M] (Swearware) -- C:\Documents and Settings\Stan\Desktop\ComboFix.exe
[2011/10/27 18:27:40 | 000,601,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/10/27 18:27:40 | 000,130,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/10/25 19:47:17 | 003,529,379 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\PD5981H.zip
[2011/10/25 13:38:20 | 000,149,456 | ---- | M] (PC Tools) -- C:\WINDOWS\SGDetectionTool.dll
[2011/10/25 13:38:18 | 002,291,664 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDCore.dll
[2011/10/25 13:38:18 | 001,681,360 | ---- | M] (Threat Expert Ltd.) -- C:\WINDOWS\PCTBDRes.dll
[2011/10/25 13:38:08 | 000,767,952 | ---- | M] () -- C:\WINDOWS\BDTSupport.dll
[2011/10/23 02:38:30 | 000,248,320 | ---- | M] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 15:11:14 | 000,331,880 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/10/22 15:11:08 | 000,162,584 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/10/21 11:12:12 | 000,000,364 | -HS- | M] () -- C:\boot.ini
[2011/10/20 19:38:08 | 000,001,710 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/19 21:06:04 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\e-Sword.lnk
[2011/10/17 09:12:22 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Microsoft Office Word 2003.lnk
[2011/10/14 15:54:29 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/10/14 11:08:36 | 000,637,703 | ---- | M] () -- C:\RkU3.8.388.590.7z
[2011/10/10 20:42:11 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Stan\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/10/10 20:40:14 | 000,001,612 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Defraggler.lnk
[2011/10/09 12:11:12 | 000,000,774 | ---- | M] () -- C:\Documents and Settings\Stan\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/10/09 12:11:12 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/10/07 17:52:12 | 000,660,992 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctEFA.sys
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/03 21:13:25 | 000,000,331 | ---- | C] () -- C:\Documents and Settings\Stan\Desktop\EraserD.ini
[2011/11/02 18:14:20 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll
[2011/11/02 18:14:20 | 000,003,488 | ---- | C] () -- C:\WINDOWS\UDB.zip
[2011/11/02 18:14:20 | 000,000,882 | ---- | C] () -- C:\WINDOWS\RegSDImport.xml
[2011/11/02 18:14:20 | 000,000,879 | ---- | C] () -- C:\WINDOWS\RegISSImport.xml
[2011/11/02 18:14:20 | 000,000,131 | ---- | C] () -- C:\WINDOWS\IDB.zip
[2011/11/02 18:13:27 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/02 16:31:19 | 000,251,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/01 15:44:42 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/25 19:47:05 | 003,529,379 | ---- | C] () -- C:\Documents and Settings\Stan\Desktop\PD5981H.zip
[2011/10/20 19:38:08 | 000,001,710 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/10/15 19:33:17 | 000,000,324 | ---- | C] () -- C:\Boot.bak
[2011/10/15 19:07:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/10/15 19:07:00 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/10/14 11:08:36 | 000,637,703 | ---- | C] () -- C:\RkU3.8.388.590.7z
[2011/09/01 15:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/09/01 14:39:46 | 000,179,526 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
[2011/09/01 14:39:46 | 000,001,108 | R--- | C] () -- C:\WINDOWS\hpwmdl14.dat
[2011/09/01 12:37:02 | 000,150,192 | ---- | C] () -- C:\Program Files\TweakUiPowertoySetup.exe
[2011/08/15 00:45:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0839.old
[2011/08/15 00:45:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0809.old
[2011/03/17 14:12:59 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/17 14:12:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/30 18:51:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0105.old
[2011/01/26 23:55:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/10 20:33:13 | 000,000,068 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/06/26 19:35:46 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/26 19:35:44 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/26 19:35:44 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/04/13 09:11:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/09/27 16:12:22 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/03 00:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/03 00:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/07/10 00:27:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/07/10 00:27:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/07/10 00:27:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/01/02 01:31:02 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2009/01/02 01:31:02 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2009/01/02 01:31:02 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2009/01/02 01:31:02 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2009/01/02 01:31:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/12/09 19:16:20 | 000,012,717 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
[2008/11/16 15:27:02 | 000,004,966 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tgioyvlx.pxu
[2008/10/26 20:13:43 | 000,000,016 | ---- | C] () -- C:\WINDOWS\RSBDBACKUP.DLL
[2008/10/19 11:07:13 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Rfw.ini
[2008/10/19 03:02:54 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/18 12:31:12 | 000,019,553 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ixivahanu.ban
[2008/10/18 12:31:12 | 000,019,202 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\zigavu.reg
[2008/10/18 12:31:12 | 000,018,749 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\xozurif.inf
[2008/10/18 12:31:12 | 000,017,065 | ---- | C] () -- C:\Program Files\Common Files\ilejure.inf
[2008/10/18 12:31:12 | 000,016,606 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dyciged.pif
[2008/10/18 12:31:12 | 000,014,924 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\xage.sys
[2008/10/18 12:31:12 | 000,012,706 | ---- | C] () -- C:\Documents and Settings\Stan\Application Data\horogoji.ban
[2008/10/18 12:31:12 | 000,012,078 | ---- | C] () -- C:\Documents and Settings\Stan\Application Data\kyluxukyd.db
[2008/10/18 12:31:12 | 000,011,841 | ---- | C] () -- C:\WINDOWS\utudeza.sys
[2008/10/18 12:31:12 | 000,010,737 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\dahezem.com
[2008/10/06 09:10:30 | 000,019,375 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2008/10/06 09:10:30 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2008/08/14 02:08:05 | 000,000,361 | ---- | C] () -- C:\WINDOWS\ereg077.dat
[2008/08/14 02:07:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008/08/14 02:06:48 | 000,096,256 | ---- | C] () -- C:\WINDOWS\System32\SMACKW32.DLL
[2008/04/23 20:45:09 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/12/22 14:35:43 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/12/12 04:34:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/10/07 20:01:47 | 000,000,088 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/10/06 16:19:02 | 000,000,585 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/04/18 15:12:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/17 20:59:35 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/03/17 20:59:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/03/17 20:57:20 | 000,000,367 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/03/17 20:57:20 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/03/17 20:57:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/03/08 15:05:24 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2007/03/08 15:05:24 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2007/02/25 23:33:30 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/02/25 23:33:30 | 000,029,115 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/02/24 22:06:32 | 000,126,500 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2007/02/24 22:06:32 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/12/25 15:23:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/26 01:15:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/09/12 20:58:07 | 000,248,320 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/31 22:24:52 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\fusioncache.dat
[2006/08/25 19:58:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/22 21:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/22 16:11:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/22 15:32:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/22 15:32:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/22 15:32:14 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/22 15:32:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/22 15:32:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/08/22 15:31:35 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/22 15:31:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/22 15:30:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/22 15:29:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/22 15:08:29 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/22 14:13:37 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2006/08/22 14:12:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/11 21:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 21:43:10 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/08/11 21:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2005/08/30 09:14:00 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/05/06 09:23:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/05/05 20:41:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/05/05 20:30:26 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/05/04 06:13:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/02 10:40:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/02 10:40:08 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/02 10:39:38 | 000,601,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/02 10:39:38 | 000,130,658 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/01 20:57:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/01 14:50:46 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/01 14:50:09 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/05/01 14:50:05 | 000,010,047 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/05/01 14:45:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/05/01 14:09:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/01 13:51:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/01 06:46:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/16 05:57:36 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/06 14:05:02 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/02/26 14:30:30 | 000,708,628 | R--- | C] () -- C:\Program Files\FPMAIN10.CHM
[2001/02/26 14:29:54 | 002,959,837 | R--- | C] () -- C:\Program Files\ACMAIN10.CHM
[2001/02/26 13:48:40 | 000,076,544 | R--- | C] () -- C:\Program Files\SBCMHELP.chm
[2001/02/26 13:40:12 | 001,094,051 | ---- | C] () -- C:\Program Files\WDMAIN10.CHM
[2001/02/26 13:38:58 | 002,153,642 | ---- | C] () -- C:\Program Files\VBAWD10.CHM
[2001/02/26 13:36:30 | 000,650,856 | ---- | C] () -- C:\Program Files\VBAPB10.CHM
[2001/02/26 13:35:52 | 000,373,528 | ---- | C] () -- C:\Program Files\PBMAIN10.CHM
[2001/02/26 13:35:28 | 000,847,950 | ---- | C] () -- C:\Program Files\VBAPP10.CHM
[2001/02/26 13:34:36 | 000,556,901 | ---- | C] () -- C:\Program Files\PPMAIN10.CHM
[2001/02/26 13:34:08 | 000,047,454 | ---- | C] () -- C:\Program Files\MSTORE10.CHM
[2001/02/26 13:34:04 | 000,560,713 | ---- | C] () -- C:\Program Files\VBAOL10.CHM
[2001/02/26 13:33:20 | 000,541,480 | ---- | C] () -- C:\Program Files\OLMAIN10.CHM
[2001/02/26 13:32:42 | 000,198,784 | ---- | C] () -- C:\Program Files\olfm10.chm
[2001/02/26 13:32:22 | 000,043,618 | R--- | C] () -- C:\Program Files\VBAOWS10.CHM
[2001/02/26 13:32:18 | 000,364,022 | R--- | C] () -- C:\Program Files\VBAOF10.CHM
[2001/02/26 13:31:58 | 000,823,295 | R--- | C] () -- C:\Program Files\OWCVBA10.CHM
[2001/02/26 13:30:56 | 000,484,365 | R--- | C] () -- C:\Program Files\OFMAIN10.CHM
[2001/02/26 13:30:26 | 000,024,210 | R--- | C] () -- C:\Program Files\NMWHITEB.CHM
[2001/02/26 13:30:22 | 000,020,457 | R--- | C] () -- C:\Program Files\NMCHAT.CHM
[2001/02/26 13:30:20 | 000,158,905 | R--- | C] () -- C:\Program Files\MSOHLP10.CHM
[2001/02/26 13:30:16 | 000,057,056 | R--- | C] () -- C:\Program Files\mse10.chm
[2001/02/26 13:30:14 | 000,016,480 | R--- | C] () -- C:\Program Files\EULA10T.CHM
[2001/02/26 13:30:12 | 000,039,312 | R--- | C] () -- C:\Program Files\eula10r.chm
[2001/02/26 13:30:10 | 000,023,902 | R--- | C] () -- C:\Program Files\eula10o.chm
[2001/02/26 13:30:06 | 000,432,042 | R--- | C] () -- C:\Program Files\VBAFPW10.CHM
[2001/02/26 13:29:44 | 000,073,788 | R--- | C] () -- C:\Program Files\VBAFPD10.CHM
[2001/02/26 13:29:06 | 001,606,566 | ---- | C] () -- C:\Program Files\XLMAIN10.CHM
[2001/02/26 13:27:38 | 000,020,286 | ---- | C] () -- C:\Program Files\XLMACRO.CHM
[2001/02/26 13:27:36 | 000,045,916 | ---- | C] () -- C:\Program Files\XLADDIN.CHM
[2001/02/26 13:27:32 | 001,618,455 | ---- | C] () -- C:\Program Files\VBAXL10.CHM
[2001/02/26 13:25:46 | 000,261,633 | ---- | C] () -- C:\Program Files\VBAGR10.CHM
[2001/02/26 13:25:26 | 000,136,825 | ---- | C] () -- C:\Program Files\OWCRSS10.CHM
[2001/02/26 13:25:20 | 000,214,011 | ---- | C] () -- C:\Program Files\OWCRPL10.CHM
[2001/02/26 13:25:14 | 000,142,594 | ---- | C] () -- C:\Program Files\owcrch10.chm
[2001/02/26 13:25:08 | 000,335,366 | ---- | C] () -- C:\Program Files\OWCFUN10.CHM
[2001/02/26 13:24:50 | 000,160,400 | ---- | C] () -- C:\Program Files\OWCDSS10.CHM
[2001/02/26 13:24:44 | 000,251,479 | ---- | C] () -- C:\Program Files\OWCDPL10.CHM
[2001/02/26 13:24:36 | 000,292,162 | ---- | C] () -- C:\Program Files\OWCDCH10.CHM
[2001/02/26 13:24:28 | 000,212,213 | ---- | C] () -- C:\Program Files\MSQRY32.CHM
[2001/02/26 13:24:16 | 000,028,361 | ---- | C] () -- C:\Program Files\MCE.CHM
[2001/02/26 13:24:14 | 000,222,226 | ---- | C] () -- C:\Program Files\GRAPH10.CHM
[2001/02/26 13:24:02 | 000,076,175 | R--- | C] () -- C:\Program Files\msphelp.chm
[2001/02/26 13:23:56 | 001,449,514 | R--- | C] () -- C:\Program Files\VBAAC10.CHM
[2001/02/26 13:22:50 | 000,083,947 | R--- | C] () -- C:\Program Files\OWCRDP10.CHM
[2001/02/26 13:22:44 | 000,180,838 | R--- | C] () -- C:\Program Files\OWSHLP10.CHM
[2001/01/26 10:28:56 | 000,139,375 | ---- | C] () -- C:\Program Files\xlTOC10.CHM
[2001/01/25 20:10:40 | 000,136,540 | ---- | C] () -- C:\Program Files\wdTOC10.CHM
[2001/01/25 20:10:16 | 000,103,086 | ---- | C] () -- C:\Program Files\ppTOC10.CHM
[2001/01/25 20:05:48 | 000,070,367 | ---- | C] () -- C:\Program Files\pbTOC10.CHM
[2001/01/25 20:05:28 | 000,104,417 | ---- | C] () -- C:\Program Files\olTOC10.CHM
[2001/01/25 20:00:46 | 000,083,309 | R--- | C] () -- C:\Program Files\fpTOC10.CHM
[2001/01/25 20:00:20 | 000,188,640 | R--- | C] () -- C:\Program Files\ACTOC10.CHM

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stan\Desktop\atf-cleaner.exe:SummaryInformation
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BC95BE9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46543872
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6A1EE83

< End of report >

#32 User is offline   oneof4 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,466
  • Joined: 25-December 08
  • Gender:Male
  • Location:The Collective

Posted 07 November 2011 - 08:09 AM

Hello :)

We need to run an OTL Fix
  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.

    :OTL
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: File not found
FF - HKLM\Software\MozillaPlugins\@bitmanagement.com/BS Contact: File not found
FF - HKLM\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BS Contact: File not found
FF - HKCU\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006: File not found
O3 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O8 - Extra context menu item: &Download All using 4shared Desktop - Reg Error: Value error. File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - Reg Error: Value error. File not found
O16 - DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} http://a1540.g.akamai.net/7/1540/52/20061205/qtinstall.info.apple.com/qtactivex/qtplugin.cab (Reg Error: Key error.)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmart.com/WalmartActivia.cab (Reg Error: Key error.)
O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab (Reg Error: Key error.)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/products/plugin/autodl/jinstall-142-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: Web-Based Email Tools http://email.secureserver.net/Download.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Value error. File not found
O20 - Winlogon\Notify\sclgntfy: DllName - (sclgntfy.dll) - File not found
O20 - Winlogon\Notify\WgaLogon: DllName - (Reg Error: Value error.) - Reg Error: Value error. File not found
[2008/10/18 12:31:12 | 000,019,553 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ixivahanu.ban
[2008/10/18 12:31:12 | 000,019,202 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\zigavu.reg
[2008/10/18 12:31:12 | 000,018,749 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\xozurif.inf
[2008/10/18 12:31:12 | 000,017,065 | ---- | C] () -- C:\Program Files\Common Files\ilejure.inf
[2008/10/18 12:31:12 | 000,016,606 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\dyciged.pif
[2008/10/18 12:31:12 | 000,014,924 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\xage.sys
[2008/10/18 12:31:12 | 000,012,706 | ---- | C] () -- C:\Documents and Settings\Stan\Application Data\horogoji.ban
[2008/10/18 12:31:12 | 000,012,078 | ---- | C] () -- C:\Documents and Settings\Stan\Application Data\kyluxukyd.db
[2008/10/18 12:31:12 | 000,011,841 | ---- | C] () -- C:\WINDOWS\utudeza.sys
[2008/10/18 12:31:12 | 000,010,737 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\dahezem.com
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2
@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Stan\Desktop\atf-cleaner.exe:SummaryInformation
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9BC95BE9
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:46543872
@Alternate Data Stream - 118 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 108 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D6A1EE83

:commands
[CREATERESTOREPOINT]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply, along with a description of how things are now running.

Best Regards,
oneof4.

#33 User is offline   ThePreacher_sr 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 09-August 10

Posted 07 November 2011 - 11:59 PM

the first time i ran this it came up with an error window. i took a screen sot of it an attached it to this reply.

The 2nd time i ran it, no error window appeared. Here is the log it generated.

I haven't tried anything other than do this otl. i will now and repost the results

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@adobe.com/ShockwavePlayer\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bitmanagement.com/BS Contact\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/npracplug;version=1.0.0.0\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@bitmanagement.com/BS Contact\ not found.
Registry key HKEY_CURRENT_USER\Software\MozillaPlugins\@bitmanagement.com/BSVersion,version=1.006\ not found.
Registry value HKEY_USERS\S-1-5-21-625079839-1194595414-1954097754-1006\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\MenuExt\&Download All using 4shared Desktop\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{FB5F1910-F110-11d2-BB9E-00C04F795683}\ not found.
Starting removal of ActiveX control {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02BF25D5-8C17-4B23-BC80-D3488ABDDC6B}\ not found.
Starting removal of ActiveX control {406B5949-7190-4245-91A9-30A17DE16AD0}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{406B5949-7190-4245-91A9-30A17DE16AD0}\ not found.
Starting removal of ActiveX control {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{67A5F8DC-1A4B-4D66-9F24-A704AD929EEE}\ not found.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Starting removal of ActiveX control Web-Based Email Tools
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Web-Based Email Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Web-Based Email Tools\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cetihpz\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF184AD3-CDCB-4168-A3F7-8E447D129300}\ not found.
File {CF184AD3-CDCB-4168-A3F7-8E447D129300} - Reg Error: Value error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\sclgntfy\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\WgaLogon\ not found.
File C:\Documents and Settings\All Users\Application Data\ixivahanu.ban not found.
File C:\Documents and Settings\Stan\Local Settings\Application Data\zigavu.reg not found.
File C:\Documents and Settings\Stan\Local Settings\Application Data\xozurif.inf not found.
File C:\Program Files\Common Files\ilejure.inf not found.
File C:\Documents and Settings\All Users\Application Data\dyciged.pif not found.
File C:\Documents and Settings\Stan\Local Settings\Application Data\xage.sys not found.
File C:\Documents and Settings\Stan\Application Data\horogoji.ban not found.
File C:\Documents and Settings\Stan\Application Data\kyluxukyd.db not found.
File C:\WINDOWS\utudeza.sys not found.
File C:\Documents and Settings\Stan\Local Settings\Application Data\dahezem.com not found.
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:81405BF2 .
Unable to delete ADS C:\Documents and Settings\Stan\Desktop\atf-cleaner.exe:SummaryInformation .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:2ABEB9EB .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:9BC95BE9 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:1CA73D29 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:7E95B6FD .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:46543872 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:44DAF2F1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8 .
Unable to delete ADS C:\Documents and Settings\All Users\Application Data\TEMP:D6A1EE83 .
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.31.0 log created on 11072011_235207

Attached File(s)


#34 User is offline   ThePreacher_sr 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 09-August 10

Posted 08 November 2011 - 12:01 AM

oh by the way, it did not ask me to reboot

#35 User is offline   oneof4 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,466
  • Joined: 25-December 08
  • Gender:Male
  • Location:The Collective

Posted 08 November 2011 - 08:51 AM

Hey :)

Let's confirm that OTL did what we asked it to do...

Please look in the following location for a log file of the OTL run:

C:\_OTL\MovedFiles

Open the file, then Copy and paste it into your next reply, along with how your computer is now running.
Best Regards,
oneof4.

#36 User is offline   ThePreacher_sr 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 09-August 10

Posted 08 November 2011 - 10:06 PM

Quote

Let's confirm that OTL did what we asked it to do...

Please look in the following location for a log file of the OTL run:

C:\_OTL\MovedFiles


I looked in my C: directory for the _OTL file and couldn't find it anywhere in C then I looked in C:Program files, not there either. So, I did a search of C: and typed in _OTL, after 15 minutes of searching it still hadn't found anything. So, I stopped the search.

What I did exactly is to click on my COMPUTER icon on my desktop. Then I clicked on the C drive and looked in there. Nothing. Then I clicked on the PROGRAM folder, nothing there either. I have also noticed that the OTL icon is no longer on my desktop. I have no idea where it went to.

As far as how my computer is now doing, just typing this response to you, I have to wait several seconds after each 4 words I type for it to catch up to me. I can usually type 40 words a minute, but with this "bleeping computer" I'm at like 20 words a minute.

My tabs on Mozilla take even longer to respond if I try to use more than 2 tabs at one time. Opening up another window makes it even slower. It takes about 9.5 minutes to show my desktop after I reboot... Although that is generally enough time for me to walk upstairs and get a drink and make a sandwich :)

Before this mess happened, the computer never went to that screen where it gives me 3 options "Microsoft Windows Recovery; do not select this (debugger enabled); and Windows XP Professional. When I would start up back then, it would just go to the big letter E for emachines then Windows XP and then onto my desktop... 30 seconds tops and I'd be working.

So, anyhow let me know where else to look or what to do next.

Thanks for all your help and time spent on this.

Stan

This post has been edited by ThePreacher_sr: 08 November 2011 - 10:59 PM

#37 User is offline   oneof4 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,466
  • Joined: 25-December 08
  • Gender:Male
  • Location:The Collective

Posted 09 November 2011 - 12:56 PM

Hey :)

Quote

Then I clicked on the C drive and looked in there. Nothing. Then I clicked on the PROGRAM folder, nothing there either. I have also noticed that the OTL icon is no longer on my desktop. I have no idea where it went to.

Wow! You have some very strange things going on in this PC. :blink:

Okay, let's take a step back and re-try the following:

We need to create a New FULL OTL Report

  • Please download OTL from here:

  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Change the "Extra Registry" option to "SafeList"
  • Push the Posted Image button.
  • Two reports will open, copy and paste them in a reply here:
    • OTL.txt <-- Will be opened
    • Extra.txt <-- Will be minimized

After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE
Best Regards,
oneof4.

#38 User is offline   ThePreacher_sr 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 09-August 10

Posted 11 November 2011 - 08:12 PM

Ok, here they are:

OTL Extras logfile created on: 11/10/2011 02:32:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Stan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 60.19% Memory free
3.45 Gb Paging File | 3.11 Gb Available in Paging File | 90.35% Paging File free
Paging file location(s): C:\pagefile.sys 2206 2206 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 82.88 Gb Free Space | 64.76% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"ANTIVIRUSDISABLENOTIFY" = 1
"FIREWALLDISABLENOTIFY" = 1
"UPDATESDISABLENOTIFY" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"3587:TCP" = 3587:TCP:*:Enabled:Windows Peer-to-Peer Grouping
"3540:UDP" = 3540:UDP:*:Enabled:Peer Name Resolution Protocol (PNRP)

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\Vuze\Azureus.exe" = C:\Program Files\Vuze\Azureus.exe:*:Enabled:Azureus / Vuze -- (Vuze Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{04AA1207-D8C6-45DC-A96D-48358EBE09F3}" = PSShortcuts
"{0C8F5A16-1A6D-405B-A31E-C79B2C7CDA26}" = Screencaster Plug-in for FF
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{121634B0-2F4B-11D3-ADA3-00C04F52DD52}" = Windows Installer Clean Up
"{15262012-213A-4f65-9019-C8A409EC0156}" = HP Officejet J6400 Series
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{188C0E25-3D65-4DAC-9C00-7483FBA4C7EB}" = Status
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{279D3818-7287-4ab4-A927-542EBEA9E365}" = ProductContext
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{380CC749-8C28-4C74-BE01-45921D062302}" = BPDSoftware_Ini
"{41853D20-40CC-4266-978D-F128BB97CA96}" = 6400_Help
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{474F25F5-BDC9-40E5-B1B6-F6BF23FC106F}" = Windows Live Essentials
"{49FC50FC-F965-40D9-89B4-CBFF80941033}" = Windows Movie Maker 2.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4C0A8D65-4286-4B58-87FE-18AD24289285}" = NVIDIA Performance Drivers
"{4FD27B25-4128-4CDA-A322-F1C8F0D8FEC9}" = e-Sword
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5BB4D7C1-52F2-4BFD-9E40-0D419E2E3021}" = bpd_scan
"{5BDAEFB5-1FF6-45DA-AD07-910CD7F4B5EF}" = Microsoft DirectX SDK (April 2007)
"{5D934326-165A-413b-B056-26BE1EC082AF}" = J6400
"{613EA65C-E570-4BE0-B26F-1EDF2536B3EA}" = VideoCharge
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{676981B7-A2D9-49D0-9F4C-03018F131DA9}" = DocProc
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6F5E2F4A-377D-4700-B0E3-8F7F7507EA15}" = CustomerResearchQFolder
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-111551630}" = Hidden Expedition Titanic
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{85C8D391-0EAE-4492-8A0A-2EE8B0B6DA03}" = BPDSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{8A5F34E2-37CF-4AD4-808C-2D413786E31A}" = Microsoft Visual C Runtime
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8D15E1B2-D2B7-4A17-B44B-D2DDE5981406}" = iLivid
"{8E5233E1-7495-44FB-8DEB-4BE906D59619}" = Junk Mail filter update
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{931099E3-8F73-4028-A780-02C738176152}" = VideoCharge Studio
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9CF4A37B-A8C4-44D7-8C53-13B9D9594BB2}" = Paint.NET v3.5.8
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{ABA00898-9467-4689-9F40-DE7F58C8429C}" = Fax
"{B2FE1952-0186-46c3-BAEC-A80AA35AC5B8}_Display.ControlPanel" = NVIDIA Control Panel 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver" = NVIDIA Graphics Driver 260.99
"{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_installer" = NVIDIA Install Application
"{B57EAFF2-D6EE-4C6C-9175-ED9F17BFC1BC}" = Windows Live Messenger
"{B8DBED1E-8BC3-4d08-B94A-F9D7D88E9BBF}" = HPSSupply
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BDCF27CA-BFC4-4F49-8D24-A925C9505AB8}" = Windows Rights Management Client with Service Pack 2
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D142FE39-3386-4d82-9AD3-36D4A92AC3C2}" = DocMgr
"{D2E0F0CC-6BE0-490b-B08B-9267083E34C9}" = MarketResearch
"{D7A6C517-11F2-419F-B5BB-27772B939698}" = NvMixer
"{D7DF9A90-2550-42E5-8DF6-F6754278F654}" = Nile
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DBA8B9E1-C6FF-4624-9598-73D3B41A0903}" = Microsoft Picture It! Photo Premium 9
"{DDA2B32F-EB16-4C96-A130-4E4A4C1E6B12}" = HP Software Update
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{E6158D07-2637-4ECF-B576-37C489669174}" = Windows Live Call
"{EC905264-BCFE-423B-9C42-C3A106266790}" = Windows Rights Management Client Backwards Compatibility SP2
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EFE26D3B-2789-4068-A5BB-77E389FAEB98}" = PSUsage
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FF262740-C85A-11D5-BBEC-00D0B740900A}" = Multimedia Keyboard Driver
"8461-7759-5462-8226" = Vuze
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"CCleaner" = CCleaner
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"conduitEngine" = Conduit Engine
"Defraggler" = Defraggler
"Delta Force 2" = Delta Force 2
"dffav31" = DF Favorites 3.1.6
"EndItAll_is1" = EndItAll 2.0
"HijackThis" = HijackThis 1.99.1
"HP Document Manager" = HP Document Manager 1.0
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPExtendedCapabilities" = HP Customer Participation Program 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"iLivid" = iLivid
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = eMachines Bay Reader
"InterActual Player" = InterActual Player
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 7.0.1 (x86 en-US)" = Mozilla Firefox 7.0.1 (x86 en-US)
"Nero - Burning Rom!UninstallKey" = Nero OEM
"Nero BurnRights!UninstallKey" = Nero BurnRights
"NeroVision!UninstallKey" = Nero Digital
"NMPUninstallKey" = Nero Media Player
"NVEContent!UninstallKey" = NeroVision Express Content
"NVIDIA Drivers" = NVIDIA Drivers
"PictureIt_v9" = Microsoft Picture It! Photo Premium 9
"Shop for HP Supplies" = Shop for HP Supplies
"Spyware Doctor" = PC Tools Spyware Doctor 9.0
"SystemRequirementsLab" = System Requirements Lab
"VLC media player" = VLC media player 1.1.11
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WinLiveSuite_Wave3" = Windows Live Essentials
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/5/2011 06:51:20 AM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11704
Description = Product: Paint.NET v3.5.10 -- Error 1704. An installation for Paint.NET
v3.5.8 is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

Error - 11/9/2011 02:24:27 AM | Computer Name = OFFICE | Source = MsiInstaller | ID = 11704
Description = Product: Acrobat.com -- Error 1704. An installation for Paint.NET
v3.5.10 is currently suspended. You must undo the changes made by that installation
to continue. Do you want to undo those changes?

[ System Events ]
Error - 11/9/2011 08:33:43 AM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 11/9/2011 09:25:11 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 11/9/2011 09:31:49 PM | Computer Name = OFFICE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 11/9/2011 09:46:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7000
Description = The ASCTRM service failed to start due to the following error: %%2

Error - 11/9/2011 09:46:34 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058

Error - 11/9/2011 09:47:47 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The IPv6 Helper Service service hung on starting.

Error - 11/9/2011 09:47:47 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7022
Description = The HP CUE DeviceDiscovery Service service hung on starting.

Error - 11/9/2011 09:47:47 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio Beep Lbd

Error - 11/9/2011 09:48:26 PM | Computer Name = OFFICE | Source = DCOM | ID = 10010
Description = The server {BA126ADB-2166-11D1-B1D0-00805FC1270E} did not register
with DCOM within the required timeout.

Error - 11/9/2011 10:35:56 PM | Computer Name = OFFICE | Source = Service Control Manager | ID = 7001
Description = The Windows Media Player Network Sharing Service service depends on
the Universal Plug and Play Device Host service which failed to start because of
the following error: %%1058


< End of report >

OTL logfile created on: 11/10/2011 02:32:41 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Stan\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.44 Gb Total Physical Memory | 0.86 Gb Available Physical Memory | 60.19% Memory free
3.45 Gb Paging File | 3.11 Gb Available in Paging File | 90.35% Paging File free
Paging file location(s): C:\pagefile.sys 2206 2206 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 127.99 Gb Total Space | 82.88 Gb Free Space | 64.76% Space Free | Partition Type: NTFS

Computer Name: OFFICE | User Name: Stan | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/10 02:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stan\Desktop\OTL.exe
PRC - [2011/10/10 11:30:28 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/19 22:55:50 | 004,446,752 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/03/23 18:06:38 | 000,880,128 | ---- | M] (Nero AG) -- C:\Program Files\Ahead\InCD\InCDsrv.exe


========== Modules (No Company Name) ==========

MOD - [2011/11/09 03:46:38 | 008,522,400 | ---- | M] () -- C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll
MOD - [2011/10/10 11:30:27 | 001,833,944 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2010/02/05 13:27:45 | 001,291,776 | ---- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2009/07/19 22:55:50 | 004,446,752 | ---- | M] () -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (WLSetupSvc)
SRV - File not found [On_Demand | Stopped] -- -- (ose)
SRV - File not found [On_Demand | Stopped] -- -- (McComponentHostService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (GoToAssist)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirService)
SRV - File not found [Disabled | Stopped] -- -- (AntiVirSchedulerService)
SRV - [2011/10/28 10:02:02 | 001,117,624 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsSvc.exe -- (sdCoreService)
SRV - [2011/10/27 20:49:32 | 000,402,336 | ---- | M] (PC Tools) [On_Demand | Stopped] -- C:\Program Files\Spyware Doctor\pctsAuxs.exe -- (sdAuxService)
SRV - [2009/07/19 22:55:50 | 004,446,752 | ---- | M] () [Auto | Running] -- C:\Program Files\NVIDIA Corporation\Performance Drivers\nvPDsvc.exe -- (NVIDIA Performance Driver Service)
SRV - [2008/04/13 19:12:02 | 000,105,472 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2008/04/13 19:11:55 | 000,035,328 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\system32\iprip.dll -- (Iprip)
SRV - [2006/10/05 15:22:36 | 000,024,072 | ---- | M] (TuneUp Software GmbH) [Auto | Running] -- C:\WINDOWS\system32\uxtuneup.dll -- (UxTuneUp)
SRV - [2006/03/23 18:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Stopped] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrvR) InCD Helper (read only)
SRV - [2006/03/23 18:06:38 | 000,880,128 | ---- | M] (Nero AG) [Auto | Running] -- C:\Program Files\Ahead\InCD\InCDsrv.exe -- (InCDsrv)


========== Driver Services (SafeList) ==========

DRV - [2011/11/02 17:54:38 | 000,341,656 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\pctDS.sys -- (pctDS)
DRV - [2011/10/28 10:03:18 | 000,070,536 | ---- | M] (PC Tools) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pctplsg.sys -- (pctplsg)
DRV - [2011/10/28 10:02:54 | 000,185,560 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PCTSD.sys -- (PCTSD)
DRV - [2011/10/28 09:40:58 | 000,252,840 | ---- | M] (PC Tools) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pctgntdi.sys -- (pctgntdi)
DRV - [2011/10/22 14:11:14 | 000,331,880 | ---- | M] (PC Tools) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\PCTCore.sys -- (PCTCore)
DRV - [2011/10/07 16:52:12 | 000,660,992 | ---- | M] (PC Tools) [File_System | Boot | Running] -- C:\WINDOWS\system32\drivers\pctEFA.sys -- (pctEFA)
DRV - [2010/03/01 09:05:24 | 000,124,784 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avipbb.sys -- (avipbb)
DRV - [2010/02/16 13:24:01 | 000,060,936 | ---- | M] (Avira GmbH) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\avgntflt.sys -- (avgntflt)
DRV - [2010/02/11 07:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2009/05/11 09:12:49 | 000,028,520 | ---- | M] (Avira GmbH) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ssmdrv.sys -- (ssmdrv)
DRV - [2009/03/28 18:08:26 | 000,031,896 | ---- | M] (DemoForge, LLC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\dfmirage.sys -- (dfmirage)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2008/04/13 13:53:09 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)
DRV - [2006/12/14 03:44:06 | 000,085,120 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Rtnicxp.sys -- (RTL8023xp)
DRV - [2006/03/23 18:15:58 | 000,102,016 | ---- | M] (Nero AG) [File_System | Disabled | Running] -- C:\WINDOWS\System32\drivers\incdfs.sys -- (InCDfs)
DRV - [2006/03/23 18:15:56 | 000,033,536 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\InCDrm.sys -- (incdrm)
DRV - [2006/03/23 18:15:56 | 000,029,440 | ---- | M] (Nero AG) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\incdpass.sys -- (InCDPass)
DRV - [2004/05/25 14:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA® nForce™
DRV - [2004/05/25 14:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA® nForce™
DRV - [2004/03/23 10:27:20 | 000,042,936 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/03/23 10:01:38 | 000,040,564 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/01/13 11:36:00 | 000,063,744 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nvatabus.sys -- (nvatabus)
DRV - [2003/11/14 17:19:48 | 000,210,304 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/14 17:18:36 | 000,679,808 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/14 17:17:00 | 001,042,816 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/08/15 18:22:16 | 000,072,771 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2003/03/31 07:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2003/03/31 07:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/03/19 14:51:00 | 000,018,688 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2001/08/17 14:12:32 | 000,016,074 | ---- | M] (NETGEAR Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\FA312nd5.sys -- (FA312)
DRV - [2001/08/17 08:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com
IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.facebook.com/
IE - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.facebook.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {7b13ec3e-999a-4b70-b9cb-2617b8323822}:3.3.3.2
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:14.0.2
FF - prefs.js..keyword.URL: "chrome://browser-region/locale/region.properties"


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Oracle)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/OfficeLive,version=1.3: C:\Program Files\Microsoft\Office Live\npOLW.dll (Microsoft Corp.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: C:\Program Files\Google\Update\1.2.183.39\npGoogleOneClick8.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.10: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)
FF - HKLM\Software\MozillaPlugins\@videolan.org/vlc,version=1.1.11: C:\Program Files\VideoLAN\VLC\npvlc.dll (the VideoLAN Team)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/09 01:43:03 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 7.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/11/09 01:43:24 | 000,000,000 | ---D | M]

[2011/09/11 19:09:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Extensions
[2011/10/09 09:36:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\extensions
[2011/09/11 19:09:32 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/11 19:09:33 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/10/16 00:45:49 | 000,002,410 | ---- | M] () -- C:\Documents and Settings\Stan\Application Data\Mozilla\Firefox\Profiles\au5fwyp4.default\searchplugins\s-amazon.xml
[2011/10/09 11:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/09/11 19:46:07 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/09/11 19:46:06 | 000,000,000 | ---D | M] ("Babylon Spelling and Proofreading") -- C:\Program Files\Mozilla Firefox\extensions\adapter@babylontc.com
[2011/10/09 11:11:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\distribution\extensions
[2011/10/09 11:11:10 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\distribution\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/09/11 19:43:19 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/10/10 11:30:29 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2009/10/10 19:28:43 | 000,442,368 | ---- | M] (Invenda Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol308.dll
[2010/07/25 14:25:34 | 000,423,656 | ---- | M] (Oracle) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2009/09/22 13:14:24 | 000,176,128 | ---- | M] (Dimdim, Inc.) -- C:\Program Files\mozilla firefox\plugins\npDimdimControl.dll
[2007/07/18 11:19:40 | 002,998,784 | ---- | M] (Tamarack Software, Inc.) -- C:\Program Files\mozilla firefox\plugins\nptgeqplugin.dll
[2010/09/13 04:37:24 | 000,112,024 | ---- | M] ( ) -- C:\Program Files\mozilla firefox\plugins\npww.dll
[2011/10/10 11:30:25 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/10/08 19:26:29 | 000,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/10/08 19:26:29 | 000,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml

O1 HOSTS File: ([2011/10/27 20:59:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKLM\..\Toolbar: (Conduit Engine) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O3 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..\Toolbar\WebBrowser: (no name) - {472734EA-242A-422B-ADF8-83D1E48CC825} - No CLSID value found.
O3 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006..\Run: [PC Tools GUI Application] C:\Program Files\Spyware Doctor\pctsGui.exe (PC Tools)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = [binary data]
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\Program Files\Common Files\PC Tools\Lsp\PCTLsp.dll (PC Tools Research Pty Ltd.)
O15 - HKU\S-1-5-21-625079839-1194595414-1954097754-1006\..Trusted Domains: thefifthimperium.com ([baencd] https in Trusted sites)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://fpdownload.macromedia.com/get/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/5/b/0/5b0d4654-aa20-495c-b89f-c1c34c691085/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1754A1BA-A1DF-4F10-B199-AA55AA1A120F} https://signup.msn.com/pages/MsnInstC.cab (InstallerBehaviorFactory Class)
O16 - DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} http://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab (System Requirements Lab Class)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.microsoft.com/officeupdate/content/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1188095237237 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1188095224862 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {7D731A83-6C80-4EA4-9646-5E06A0513274} http://www.shockwave.com/content/ballistik/sis/slgwebinstall.cab (Sandlot Loader Control)
O16 - DPF: {814EA0DA-E0D9-4AA4-833C-A1A6D38E79E9} http://das.microsoft.com/activate/cab/x86/i486/NTANSI/retail/DASAct.cab (DASWebDownload Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {B1E2B96C-12FE-45E2-BEF1-44A219113CDD} http://www.superadblocker.com/activex/sabspx.cab (SABScanProcesses Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_21-windows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} http://plugin.driveragent.com/files/driveragent.cab (Driver Agent ActiveX Control)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.76.76 75.75.75.75
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{5518D22D-8562-4599-AF15-7C4779F936C2}: DhcpNameServer = 75.75.76.76 75.75.75.75
O18 - Protocol\Handler\df2 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df23chat {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df3 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df4 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df5 {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\df5demo {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O18 - Protocol\Handler\ofpjoin {219A97F3-D661-4766-B658-646A771AE49E} - C:\Program Files\Run-Time\dffav\df2proto.dll (DeadBolt)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Stan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Stan\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/05/01 12:54:27 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/11/10 02:28:36 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Stan\Desktop\OTL.exe
[2011/11/09 20:41:45 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Stan\Recent
[2011/11/09 06:53:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Desktop\York Fair
[2011/11/09 03:46:38 | 000,414,368 | ---- | C] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/09 00:08:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Stan\Desktop\Cache
[2011/11/02 17:13:27 | 000,017,848 | ---- | C] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/11/02 17:13:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Tools Security
[2011/11/02 17:09:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Application Data\TestApp
[2011/11/01 14:45:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/01 14:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/11/01 14:44:40 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/10/25 18:48:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Desktop\PD5981H
[2011/10/21 20:52:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Apple
[2011/10/15 18:32:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/10/15 17:40:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Stan\Application Data\uTorrent
[2009/10/06 18:40:52 | 020,332,256 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Ofexhelp.exe
[2007/10/22 03:31:06 | 001,673,224 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dsetup32.dll
[2007/10/22 03:31:06 | 000,502,792 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DXSETUP.exe
[2007/10/22 03:31:06 | 000,076,808 | ---- | C] (Microsoft Corporation) -- C:\Program Files\DSETUP.dll
[2007/07/02 22:28:25 | 000,287,592 | ---- | C] (Microsoft Corporation) -- C:\Program Files\dxwebsetup.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/10 02:28:33 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Stan\Desktop\OTL.exe
[2011/11/09 22:14:42 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Microsoft Office Word 2003.lnk
[2011/11/09 20:46:10 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{79FC69AE-DB79-4CB2-BF77-BB3D2762D275}.job
[2011/11/09 20:46:08 | 000,000,306 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-625079839-1194595414-1954097754-1009.job
[2011/11/09 20:46:08 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-625079839-1194595414-1954097754-1011.job
[2011/11/09 20:46:08 | 000,000,276 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-625079839-1194595414-1954097754-1006.job
[2011/11/09 20:44:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/09 20:43:19 | 000,251,880 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/09 20:33:30 | 000,000,535 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\EraserD.ini
[2011/11/09 07:16:14 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/11/09 03:46:39 | 000,414,368 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/11/09 02:08:50 | 000,001,503 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Minesweeper.lnk
[2011/11/09 01:35:00 | 000,000,450 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{914BF42F-502C-4974-A020-03A43610C424}.job
[2011/11/09 01:29:09 | 000,000,070 | ---- | M] () -- C:\WINDOWS\HGSpeech.ini
[2011/11/08 05:54:16 | 000,001,479 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Solitaire.lnk
[2011/11/08 05:42:27 | 000,001,508 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Hearts.lnk
[2011/11/08 05:34:20 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\Defraggler Volume C Task.job
[2011/11/08 00:42:42 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-625079839-1194595414-1954097754-1006.job
[2011/11/08 00:27:40 | 000,601,478 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/08 00:27:37 | 000,130,658 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/07 18:16:37 | 000,025,466 | ---- | M] () -- C:\scheduler.hist
[2011/11/05 04:27:39 | 000,001,588 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\Disk Defragmenter.lnk
[2011/11/04 20:52:41 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/03 20:50:00 | 000,000,314 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-625079839-1194595414-1954097754-1009.job
[2011/11/03 20:16:05 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/03 17:18:02 | 000,000,294 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-625079839-1194595414-1954097754-1011.job
[2011/11/02 17:54:38 | 000,341,656 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctDS.sys
[2011/11/02 17:13:27 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/01 14:44:42 | 000,000,716 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/28 10:03:18 | 000,070,536 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctplsg.sys
[2011/10/28 10:02:54 | 000,185,560 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTSD.sys
[2011/10/28 10:01:36 | 000,017,848 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctBTFix.sys
[2011/10/28 09:40:58 | 000,252,840 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\pctgntdi.sys
[2011/10/27 20:59:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/10/23 01:38:30 | 000,248,320 | ---- | M] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/10/22 14:11:14 | 000,331,880 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTCore.sys
[2011/10/22 14:11:08 | 000,162,584 | ---- | M] (PC Tools) -- C:\WINDOWS\System32\drivers\PCTAppEvent.sys
[2011/10/21 10:12:12 | 000,000,364 | -HS- | M] () -- C:\boot.ini
[2011/10/19 20:06:04 | 000,002,297 | ---- | M] () -- C:\Documents and Settings\Stan\Desktop\e-Sword.lnk
[2011/10/14 10:08:36 | 000,637,703 | ---- | M] () -- C:\RkU3.8.388.590.7z
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/09 20:43:19 | 000,251,880 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/11/09 01:57:07 | 000,000,535 | ---- | C] () -- C:\Documents and Settings\Stan\Desktop\EraserD.ini
[2011/11/02 17:13:27 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PC Tools Spyware Doctor.lnk
[2011/11/01 14:44:42 | 000,000,716 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/10/15 18:33:17 | 000,000,324 | ---- | C] () -- C:\Boot.bak
[2011/10/14 10:08:36 | 000,637,703 | ---- | C] () -- C:\RkU3.8.388.590.7z
[2011/09/01 14:08:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2011/09/01 13:39:46 | 000,179,526 | ---- | C] () -- C:\WINDOWS\hpwins14.dat
[2011/09/01 13:39:46 | 000,001,108 | R--- | C] () -- C:\WINDOWS\hpwmdl14.dat
[2011/09/01 11:37:02 | 000,150,192 | ---- | C] () -- C:\Program Files\TweakUiPowertoySetup.exe
[2011/08/14 23:45:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0839.old
[2011/08/14 23:45:32 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0809.old
[2011/03/17 13:12:59 | 000,815,104 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/03/17 13:12:59 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/01/30 17:51:15 | 000,767,952 | ---- | C] () -- C:\WINDOWS\BDTSupport.dll0105.old
[2011/01/26 22:55:23 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/10/10 19:33:13 | 000,000,068 | -H-- | C] () -- C:\WINDOWS\popcreg.dat
[2010/06/26 18:35:46 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/06/26 18:35:44 | 000,240,592 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/06/26 18:35:44 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/04/13 08:11:21 | 000,000,044 | ---- | C] () -- C:\WINDOWS\popcinfot.dat
[2009/09/27 15:12:22 | 002,293,194 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2009/08/02 23:21:54 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2009/08/02 23:21:52 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2009/01/02 00:31:02 | 000,502,784 | ---- | C] () -- C:\WINDOWS\x2.64.exe
[2009/01/02 00:31:02 | 000,240,128 | ---- | C] () -- C:\WINDOWS\System32\x.264.exe
[2009/01/02 00:31:02 | 000,217,073 | ---- | C] () -- C:\WINDOWS\meta4.exe
[2009/01/02 00:31:02 | 000,066,560 | ---- | C] () -- C:\WINDOWS\MOTA113.exe
[2009/01/02 00:31:02 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2008/12/09 18:16:20 | 000,012,717 | R--- | C] () -- C:\WINDOWS\hpwscr14.dat
[2008/11/16 14:27:02 | 000,004,966 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tgioyvlx.pxu
[2008/10/26 19:13:43 | 000,000,016 | ---- | C] () -- C:\WINDOWS\RSBDBACKUP.DLL
[2008/10/19 10:07:13 | 000,000,163 | ---- | C] () -- C:\WINDOWS\Rfw.ini
[2008/10/19 02:02:54 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/10/06 08:10:30 | 000,019,375 | ---- | C] () -- C:\WINDOWS\HPHins02.dat
[2008/10/06 08:10:30 | 000,004,284 | ---- | C] () -- C:\WINDOWS\hphmdl02.dat
[2008/08/14 01:08:05 | 000,000,361 | ---- | C] () -- C:\WINDOWS\ereg077.dat
[2008/08/14 01:07:09 | 000,000,070 | ---- | C] () -- C:\WINDOWS\HGSpeech.ini
[2008/04/23 19:45:09 | 000,002,560 | ---- | C] () -- C:\WINDOWS\_MSRSTRT.EXE
[2007/12/22 13:35:43 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/12/12 03:34:41 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2007/10/07 19:01:47 | 000,000,088 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/10/06 15:19:02 | 000,000,585 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2007/04/18 14:12:55 | 000,000,025 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/03/17 19:59:35 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2007/03/17 19:59:35 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2007/03/17 19:57:20 | 000,000,367 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini
[2007/03/17 19:57:20 | 000,000,154 | ---- | C] () -- C:\WINDOWS\brpcfx.ini
[2007/03/17 19:57:20 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\bridf06a.dat
[2007/03/08 14:05:24 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2007/03/08 14:05:24 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2007/02/25 22:33:30 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2007/02/25 22:33:30 | 000,029,115 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2007/02/24 21:06:32 | 000,126,500 | ---- | C] () -- C:\WINDOWS\hpoins05.dat
[2007/02/24 21:06:32 | 000,017,505 | ---- | C] () -- C:\WINDOWS\hpomdl07.dat
[2006/12/25 14:23:49 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2006/11/26 00:15:56 | 000,000,014 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/09/12 19:58:07 | 000,248,320 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/31 21:24:52 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Stan\Local Settings\Application Data\fusioncache.dat
[2006/08/25 18:58:52 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2006/08/22 20:17:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/08/22 15:11:01 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/08/22 14:32:19 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/08/22 14:32:19 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/08/22 14:32:14 | 000,004,486 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/08/22 14:32:09 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/08/22 14:32:02 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/08/22 14:31:35 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/08/22 14:31:34 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/08/22 14:30:14 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/08/22 14:29:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/08/22 14:08:29 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/08/22 13:13:37 | 000,000,208 | ---- | C] () -- C:\WINDOWS\HpBestModeUpdatePatchLog.ini
[2006/08/22 13:12:28 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/11 20:45:20 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/08/11 20:43:10 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi(3).dll
[2006/08/11 20:43:10 | 000,196,608 | ---- | C] () -- C:\WINDOWS\System32\nvapi(2).dll
[2005/08/30 08:14:00 | 001,287,168 | ---- | C] () -- C:\WINDOWS\System32\quartz(2).dll
[2004/05/06 08:23:41 | 000,000,060 | ---- | C] () -- C:\WINDOWS\System32\SYSDRV.DAT
[2004/05/05 19:41:30 | 000,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2004/05/05 19:30:26 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2004/05/04 05:13:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/05/02 09:40:08 | 000,001,120 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/05/02 09:40:08 | 000,000,489 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/05/02 09:39:38 | 000,601,478 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/05/02 09:39:38 | 000,130,658 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/05/01 19:57:14 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/05/01 13:50:46 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2004/05/01 13:50:09 | 000,000,310 | ---- | C] () -- C:\WINDOWS\net2fone.ini
[2004/05/01 13:50:05 | 000,010,047 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2004/05/01 13:45:34 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2004/05/01 13:09:46 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/05/01 12:51:51 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/05/01 05:46:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/01/16 04:57:36 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\hphmon05.dat
[2004/01/06 13:05:02 | 000,364,544 | ---- | C] () -- C:\WINDOWS\System32\hphped05.exe
[2003/01/07 14:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/02/26 13:30:30 | 000,708,628 | R--- | C] () -- C:\Program Files\FPMAIN10.CHM
[2001/02/26 13:29:54 | 002,959,837 | R--- | C] () -- C:\Program Files\ACMAIN10.CHM
[2001/02/26 12:48:40 | 000,076,544 | R--- | C] () -- C:\Program Files\SBCMHELP.chm
[2001/02/26 12:40:12 | 001,094,051 | ---- | C] () -- C:\Program Files\WDMAIN10.CHM
[2001/02/26 12:38:58 | 002,153,642 | ---- | C] () -- C:\Program Files\VBAWD10.CHM
[2001/02/26 12:36:30 | 000,650,856 | ---- | C] () -- C:\Program Files\VBAPB10.CHM
[2001/02/26 12:35:52 | 000,373,528 | ---- | C] () -- C:\Program Files\PBMAIN10.CHM
[2001/02/26 12:35:28 | 000,847,950 | ---- | C] () -- C:\Program Files\VBAPP10.CHM
[2001/02/26 12:34:36 | 000,556,901 | ---- | C] () -- C:\Program Files\PPMAIN10.CHM
[2001/02/26 12:34:08 | 000,047,454 | ---- | C] () -- C:\Program Files\MSTORE10.CHM
[2001/02/26 12:34:04 | 000,560,713 | ---- | C] () -- C:\Program Files\VBAOL10.CHM
[2001/02/26 12:33:20 | 000,541,480 | ---- | C] () -- C:\Program Files\OLMAIN10.CHM
[2001/02/26 12:32:42 | 000,198,784 | ---- | C] () -- C:\Program Files\olfm10.chm
[2001/02/26 12:32:22 | 000,043,618 | R--- | C] () -- C:\Program Files\VBAOWS10.CHM
[2001/02/26 12:32:18 | 000,364,022 | R--- | C] () -- C:\Program Files\VBAOF10.CHM
[2001/02/26 12:31:58 | 000,823,295 | R--- | C] () -- C:\Program Files\OWCVBA10.CHM
[2001/02/26 12:30:56 | 000,484,365 | R--- | C] () -- C:\Program Files\OFMAIN10.CHM
[2001/02/26 12:30:26 | 000,024,210 | R--- | C] () -- C:\Program Files\NMWHITEB.CHM
[2001/02/26 12:30:22 | 000,020,457 | R--- | C] () -- C:\Program Files\NMCHAT.CHM
[2001/02/26 12:30:20 | 000,158,905 | R--- | C] () -- C:\Program Files\MSOHLP10.CHM
[2001/02/26 12:30:16 | 000,057,056 | R--- | C] () -- C:\Program Files\mse10.chm
[2001/02/26 12:30:14 | 000,016,480 | R--- | C] () -- C:\Program Files\EULA10T.CHM
[2001/02/26 12:30:12 | 000,039,312 | R--- | C] () -- C:\Program Files\eula10r.chm
[2001/02/26 12:30:10 | 000,023,902 | R--- | C] () -- C:\Program Files\eula10o.chm
[2001/02/26 12:30:06 | 000,432,042 | R--- | C] () -- C:\Program Files\VBAFPW10.CHM
[2001/02/26 12:29:44 | 000,073,788 | R--- | C] () -- C:\Program Files\VBAFPD10.CHM
[2001/02/26 12:29:06 | 001,606,566 | ---- | C] () -- C:\Program Files\XLMAIN10.CHM
[2001/02/26 12:27:38 | 000,020,286 | ---- | C] () -- C:\Program Files\XLMACRO.CHM
[2001/02/26 12:27:36 | 000,045,916 | ---- | C] () -- C:\Program Files\XLADDIN.CHM
[2001/02/26 12:27:32 | 001,618,455 | ---- | C] () -- C:\Program Files\VBAXL10.CHM
[2001/02/26 12:25:46 | 000,261,633 | ---- | C] () -- C:\Program Files\VBAGR10.CHM
[2001/02/26 12:25:26 | 000,136,825 | ---- | C] () -- C:\Program Files\OWCRSS10.CHM
[2001/02/26 12:25:20 | 000,214,011 | ---- | C] () -- C:\Program Files\OWCRPL10.CHM
[2001/02/26 12:25:14 | 000,142,594 | ---- | C] () -- C:\Program Files\owcrch10.chm
[2001/02/26 12:25:08 | 000,335,366 | ---- | C] () -- C:\Program Files\OWCFUN10.CHM
[2001/02/26 12:24:50 | 000,160,400 | ---- | C] () -- C:\Program Files\OWCDSS10.CHM
[2001/02/26 12:24:44 | 000,251,479 | ---- | C] () -- C:\Program Files\OWCDPL10.CHM
[2001/02/26 12:24:36 | 000,292,162 | ---- | C] () -- C:\Program Files\OWCDCH10.CHM
[2001/02/26 12:24:28 | 000,212,213 | ---- | C] () -- C:\Program Files\MSQRY32.CHM
[2001/02/26 12:24:16 | 000,028,361 | ---- | C] () -- C:\Program Files\MCE.CHM
[2001/02/26 12:24:14 | 000,222,226 | ---- | C] () -- C:\Program Files\GRAPH10.CHM
[2001/02/26 12:24:02 | 000,076,175 | R--- | C] () -- C:\Program Files\msphelp.chm
[2001/02/26 12:23:56 | 001,449,514 | R--- | C] () -- C:\Program Files\VBAAC10.CHM
[2001/02/26 12:22:50 | 000,083,947 | R--- | C] () -- C:\Program Files\OWCRDP10.CHM
[2001/02/26 12:22:44 | 000,180,838 | R--- | C] () -- C:\Program Files\OWSHLP10.CHM
[2001/01/26 09:28:56 | 000,139,375 | ---- | C] () -- C:\Program Files\xlTOC10.CHM
[2001/01/25 19:10:40 | 000,136,540 | ---- | C] () -- C:\Program Files\wdTOC10.CHM
[2001/01/25 19:10:16 | 000,103,086 | ---- | C] () -- C:\Program Files\ppTOC10.CHM
[2001/01/25 19:05:48 | 000,070,367 | ---- | C] () -- C:\Program Files\pbTOC10.CHM
[2001/01/25 19:05:28 | 000,104,417 | ---- | C] () -- C:\Program Files\olTOC10.CHM
[2001/01/25 19:00:46 | 000,083,309 | R--- | C] () -- C:\Program Files\fpTOC10.CHM
[2001/01/25 19:00:20 | 000,188,640 | R--- | C] () -- C:\Program Files\ACTOC10.CHM

========== Alternate Data Streams ==========

@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

< End of report >

#39 User is offline   ThePreacher_sr 

  • Member
  • PipPip
  • Find Topics
  • Group: Members
  • Posts: 35
  • Joined: 09-August 10

Posted 11 November 2011 - 08:19 PM

I don't know if this matters or not, but I've always used filehippo to download free software that I've heard others say helps your computer. So, in the past I've always used CCleaner and Defraggler. Lately (since this problem has gotten worse) the defraggler takes sometimes up to 7 hours to do a quick defrag. It used to get it done in less than 20 minutes. The computer is still slow as molasses on a cold January night. I can't run Excel and Word at the same time because it is just too slow. The same with multiple tabs in Firefox. IE has never worked well for me and my college requires me to use Mozilla to open and run their content.

If you think that this is a lost cause (I know you have other people that have easier problems) and I don't want to waste any of your valuable time; maybe I should just save my daughters pictures to another external hard drive and my college work and just trash the computer... I know right now I'd have no problem tossing it out in the driveway and running over it a few hundred times with my van. If you think it is salvagable then I'll continue to follow your guidelines.

Stan

Sincerely, thank you for all your help to date...

#40 User is offline   oneof4 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,466
  • Joined: 25-December 08
  • Gender:Male
  • Location:The Collective

Posted 13 November 2011 - 08:47 AM

Hello :)

Let's not throw in the towel just yet...

We need to run an OTL Fix

  • Please reopen Posted Image on your desktop.
  • Copy and Paste the following code into the Posted Image textbox.
    :OTL
[2008/11/16 14:27:02 | 000,004,966 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\tgioyvlx.pxu
@Alternate Data Stream - 201 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:430C6D84
@Alternate Data Stream - 106 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C31F31E6

:COMMANDS
[CREATERESTOREPOINT]

  • Push Posted Image
  • OTL may ask to reboot the machine. Please do so if asked.
  • Click Posted Image.
  • A report will open. Copy and Paste that report in your next reply.

Best Regards,
oneof4.

#41 User is offline   oneof4 

  • Forum Addict
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Study Hall Senior
  • Posts: 2,466
  • Joined: 25-December 08
  • Gender:Male
  • Location:The Collective

Posted 16 November 2011 - 11:15 AM

Hey, are you still with us?
Best Regards,
oneof4.

#42 User is offline   Casey_boy 

  • Bleeping physicist
  • PipPipPipPipPipPip
  • Find Topics
  • Group: Malware Response Instructor
  • Posts: 5,217
  • Joined: 02-January 09
  • Gender:Male
  • Location:United Kingdom

Posted 19 November 2011 - 06:36 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
If I have been helping you and I do not reply within 48hours, feel free to send me a PM.

* My Website * Am I Infected? * Malware Removal Help * If you'd like to say thanks *

Share this topic:


  • 3 Pages +
  • 1
  • 2
  • 3
  • You cannot start a new topic
  • This topic is locked

1 User(s) are reading this topic
0 members, 1 guests, 0 anonymous users