Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

explorer.exe trojan


  • This topic is locked This topic is locked
56 replies to this topic

#1 unocentavo

unocentavo

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 20 March 2011 - 01:59 PM

I read several posts on this explorer.exe trojan. I seemed to have gotten it this morning. Cpu working fine, then all of a sudden it shuts down. When I restart it only brings up the generic dell background, no taskbar, no desktop. Everything can be started in the desktop by using task manager, all programs except Explorer that is. Explorer.exe doesn't show in the processes anymore and can't even be started from the internet explorer program file anymore. I went ahead and installed the AVG removal tool, ran an uninstall, installed combofix, restarted, but still the same thing...no desktop, no taskbar. Below is the combofix file. Is there anything left that can be fixed without reinstalling windows? Thanks.


ComboFix 11-03-19.04 - Admin 03/20/2011 13:29:25.1.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1648 [GMT -5:00]
Running from: c:\documents and settings\Admin\Desktop\ComboFix.exe
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Admin\Application Data\WhiteSmoke
c:\documents and settings\Admin\Application Data\WhiteSmoke\stat.log
c:\program files\Setup.exe
.
.
((((((((((((((((((((((((( Files Created from 2011-02-20 to 2011-03-20 )))))))))))))))))))))))))))))))
.
.
2011-03-20 18:17 . 2011-03-20 18:17 1090912 ----a-w- c:\program files\avg_remover_stf_x86_2011_1184.exe
2011-03-15 12:48 . 2011-03-16 00:27 737280 ----a-w- c:\windows\iun6002.exe
2011-03-08 22:34 . 2011-03-09 14:55 -------- d-----w- c:\documents and settings\Admin\Application Data\Nitro PDF
2011-03-08 22:33 . 2011-01-14 19:35 17712 ----a-w- c:\windows\system32\nitrolocalui.dll
2011-03-08 22:33 . 2011-01-14 19:35 26416 ----a-w- c:\windows\system32\nitrolocalmon.dll
2011-03-08 22:33 . 2011-03-08 22:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Nitro PDF
2011-03-08 22:33 . 2011-03-08 22:33 -------- d-----w- c:\program files\Common Files\Nitro PDF
2011-03-08 22:30 . 2011-03-09 16:17 -------- d-----w- c:\documents and settings\Admin\Application Data\PrimoPDF
2011-03-08 22:29 . 2009-12-21 01:42 176235 ----a-w- c:\windows\system32\Primomonnt.dll
2011-03-08 22:29 . 2011-03-10 19:18 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\OpenCandy
2011-03-08 22:28 . 2011-03-08 22:28 -------- d-----w- c:\documents and settings\Admin\Application Data\OpenCandy
2011-03-08 22:28 . 2011-03-08 22:33 -------- d-----w- c:\program files\Nitro PDF
2011-03-08 22:27 . 2011-03-08 22:28 7458096 ----a-w- c:\program files\InternationalPrimoPDF.exe
2011-03-08 20:59 . 2011-03-08 20:59 -------- d-----w- c:\program files\Microsoft ActiveSync
2011-03-08 20:58 . 2011-03-14 12:00 -------- d-----w- c:\windows\ShellNew
2011-03-05 18:10 . 2011-03-05 18:25 -------- d-----w- c:\documents and settings\Admin\Application Data\vlc
2011-03-05 18:07 . 2011-03-05 18:07 813378 ----a-w- c:\program files\VLC_Setup.exe
2011-03-05 14:59 . 2011-03-05 14:59 -------- d-----w- c:\windows\Sun
2011-03-05 14:22 . 2011-03-05 15:12 -------- d-----w- c:\documents and settings\Admin\Application Data\FileZilla
2011-03-02 12:16 . 2011-03-02 12:16 -------- d-----w- c:\windows\system32\XPSViewer
2011-03-02 12:16 . 2011-03-02 12:16 -------- d-----w- c:\program files\MSBuild
2011-03-02 12:16 . 2011-03-02 12:16 -------- d-----w- c:\program files\Reference Assemblies
2011-03-02 12:15 . 2011-03-02 12:15 -------- d-----w- c:\documents and settings\Admin\Application Data\AdobeUM
2011-03-01 12:31 . 2011-03-01 12:31 -------- d-----w- C:\85fe39ed39530e76191b3815b3ac
2011-03-01 12:31 . 2011-03-01 12:31 -------- d-----w- C:\416c1e3bd820937b82ba
2011-02-28 23:03 . 2011-02-28 23:03 -------- d-----w- c:\documents and settings\Admin\Bluetooth Software
2011-02-28 23:03 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\hidserv.dll
2011-02-28 23:03 . 2008-04-14 00:11 21504 ----a-w- c:\windows\system32\dllcache\hidserv.dll
2011-02-28 23:02 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\drivers\mouhid.sys
2011-02-28 23:02 . 2001-08-17 19:48 12160 ----a-w- c:\windows\system32\dllcache\mouhid.sys
2011-02-28 23:01 . 2007-06-29 04:38 156392 ----a-w- c:\windows\system32\drivers\btwdndis.sys
2011-02-28 23:01 . 2007-03-31 05:02 55352 ----a-w- c:\windows\system32\drivers\btwhid.sys
2011-02-28 23:01 . 2007-09-12 04:01 879496 ----a-w- c:\windows\system32\drivers\btkrnl.sys
2011-02-28 23:01 . 2007-03-23 02:50 37424 ----a-w- c:\windows\system32\drivers\btport.sys
2011-02-28 23:00 . 2007-08-30 06:02 539432 ----a-w- c:\windows\system32\drivers\btaudio.sys
2011-02-28 23:00 . 2011-02-28 23:00 -------- d-----w- c:\program files\WIDCOMM
2011-02-28 22:58 . 2007-08-27 05:58 74656 ----a-w- c:\windows\system32\drivers\btwusb.sys
2011-02-28 22:58 . 2007-03-23 02:50 106557 ----a-r- c:\windows\system32\btw_ci.dll
2011-02-28 12:33 . 2011-02-28 12:33 -------- d-----w- c:\documents and settings\Admin\Local Settings\Application Data\PCHealth
2011-02-28 02:30 . 2011-02-28 02:30 -------- d-----w- c:\documents and settings\Admin\outlook express contact
2011-02-27 15:16 . 1999-01-26 16:24 41472 ----a-w- c:\windows\aaps.exe
2011-02-27 15:16 . 1998-10-07 16:20 175616 ----a-w- c:\windows\aacalc.exe
2011-02-27 15:16 . 1997-06-23 19:19 100784 ----a-w- c:\windows\wavtoasf.exe
2011-02-27 15:14 . 2000-06-20 18:25 353 ----a-w- c:\program files\layout.bin
2011-02-27 15:14 . 1997-12-18 00:30 8192 ------w- c:\program files\_ISDEL.EXE
2011-02-27 15:14 . 1997-12-18 00:29 11264 ------w- c:\program files\_SETUP.DLL
2011-02-27 15:14 . 2011-02-27 15:14 -------- d-----w- c:\documents and settings\Admin\WINDOWS
2011-02-27 15:13 . 2011-02-27 15:13 2175750 ----a-w- c:\program files\aaps154e.exe
2011-02-27 14:03 . 2008-07-06 12:06 89088 ----a-w- c:\windows\system32\Spool\prtprocs\w32x86\filterpipelineprintproc.dll
2011-02-27 14:03 . 2008-07-06 12:06 89088 ------w- c:\windows\system32\dllcache\filterpipelineprintproc.dll
2011-02-27 14:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\xpsshhdr.dll
2011-02-27 14:03 . 2008-07-06 12:06 575488 ------w- c:\windows\system32\dllcache\xpsshhdr.dll
2011-02-27 14:03 . 2008-07-06 12:06 117760 ------w- c:\windows\system32\prntvpt.dll
2011-02-27 14:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\Spool\prtprocs\w32x86\printfilterpipelinesvc.exe
2011-02-27 14:03 . 2008-07-06 10:50 597504 ------w- c:\windows\system32\dllcache\printfilterpipelinesvc.exe
2011-02-27 14:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\xpssvcs.dll
2011-02-27 14:03 . 2008-07-06 12:06 1676288 ------w- c:\windows\system32\dllcache\xpssvcs.dll
2011-02-27 13:59 . 2011-02-27 13:59 -------- d-----w- C:\902a39d6e955e2c343
2011-02-27 13:59 . 2011-02-28 05:59 -------- d-----w- C:\dbc0e677f0d5f9f8a9390bae
2011-02-26 14:36 . 2011-02-26 14:36 -------- d-----w- c:\documents and settings\Admin\Application Data\CyberLink
2011-02-26 13:36 . 2004-10-22 08:17 69715 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\ctor.dll
2011-02-26 13:36 . 2004-10-22 08:17 274432 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iscript.dll
2011-02-26 13:36 . 2004-10-22 08:16 180224 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iuser.dll
2011-02-26 13:36 . 2011-02-26 13:36 323716 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\setup.dll
2011-02-26 13:36 . 2011-02-26 13:36 192644 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iGdi.dll
2011-02-26 13:36 . 2004-10-22 08:18 749568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\iKernel.dll
2011-02-26 13:36 . 2004-10-22 08:16 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\10\50\Intel32\DotNetInstaller.exe
2011-02-26 13:33 . 2002-12-05 20:10 155648 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iuser.dll
2011-02-26 13:33 . 2002-12-02 21:22 5632 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\DotNetInstaller.exe
2011-02-26 13:33 . 2002-12-02 19:33 57344 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\ctor.dll
2011-02-26 13:33 . 2002-12-02 19:33 237568 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iscript.dll
2011-02-26 13:33 . 2011-02-26 13:33 282756 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\setup.dll
2011-02-26 13:33 . 2011-02-26 13:33 163972 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iGdi.dll
2011-02-26 13:33 . 2003-02-27 22:12 696320 ----a-w- c:\program files\Common Files\InstallShield\Professional\RunTime\0701\Intel32\iKernel.dll
2011-02-26 13:15 . 2011-02-26 13:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Adobe Systems
2011-02-26 13:14 . 2011-02-26 13:14 -------- d-----w- c:\program files\Common Files\Adobe Systems Shared
2011-02-26 12:54 . 2011-02-26 13:27 -------- d-----w- c:\program files\Adobe Photoshop CS2 With KeyGen
2011-02-24 22:31 . 2011-02-24 23:18 -------- d-----w- C:\Downloads
2011-02-24 22:31 . 2011-02-26 12:58 -------- d-----w- c:\documents and settings\Admin\Application Data\BitComet
2011-02-24 22:31 . 2011-02-24 22:31 -------- d-----w- c:\program files\BitComet
2011-02-24 21:16 . 2011-02-24 21:16 -------- d-----w- c:\documents and settings\Admin\Application Data\Zeon
2011-02-24 21:04 . 2011-02-24 21:04 -------- d-sh--w- c:\documents and settings\Admin\IECompatCache
2011-02-24 20:48 . 2011-02-24 20:48 -------- d-----w- C:\$AVG
2011-02-24 19:53 . 2011-02-24 19:53 -------- d-----w- c:\documents and settings\Admin\Application Data\ElevatedDiagnostics
2011-02-24 19:50 . 2011-02-24 19:50 772376 ----a-w- c:\program files\Internet Explorer\Mats_Run.IEAddon.exe
2011-02-24 17:30 . 2011-02-24 17:30 23510720 ----a-w- c:\program files\Internet Explorer\dotnetfx.exe
2011-02-24 17:29 . 2011-02-24 17:29 -------- d-sh--w- c:\documents and settings\Admin\PrivacIE
2011-02-24 16:50 . 2011-02-24 21:35 168 --sh--r- c:\windows\system32\8945331E8B.sys
2011-02-24 16:50 . 2011-03-14 13:32 5642 --sha-w- c:\windows\system32\KGyGaAvL.sys
2011-02-24 16:49 . 2011-03-14 14:47 -------- d-----w- c:\documents and settings\Admin\Application Data\Corel
2011-02-19 14:10 . 2010-09-18 06:53 974848 ------w- c:\windows\system32\dllcache\mfc42.dll
2011-02-19 14:10 . 2010-09-18 06:53 954368 ------w- c:\windows\system32\dllcache\mfc40.dll
2011-02-19 14:10 . 2010-09-18 06:53 953856 ------w- c:\windows\system32\dllcache\mfc40u.dll
2011-02-19 14:10 . 2010-08-23 16:12 617472 ------w- c:\windows\system32\dllcache\comctl32.dll
2011-02-19 14:07 . 2010-11-02 15:17 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys
2011-02-19 13:54 . 2010-10-11 14:59 45568 ------w- c:\windows\system32\dllcache\wab.exe
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-15 00:56 . 2011-02-15 00:17 2832544 ----a-w- c:\program files\install_flash_player.exe
2011-02-09 13:53 . 2004-08-10 17:51 270848 ----a-w- c:\windows\system32\sbe.dll
2011-02-09 13:53 . 2004-08-10 17:51 186880 ----a-w- c:\windows\system32\encdec.dll
2011-02-03 03:40 . 2011-02-14 23:57 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-02-03 01:19 . 2011-02-14 23:57 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-02-02 07:58 . 2004-08-10 18:01 2067456 ----a-w- c:\windows\system32\mstscax.dll
2011-01-27 11:57 . 2004-08-10 18:01 677888 ----a-w- c:\windows\system32\mstsc.exe
2011-01-21 14:44 . 2004-08-10 17:51 439296 ----a-w- c:\windows\system32\shimgvw.dll
2011-01-07 14:09 . 2004-08-10 17:50 290048 ----a-w- c:\windows\system32\atmfd.dll
2010-12-31 13:10 . 2004-08-10 17:51 1854976 ----a-w- c:\windows\system32\win32k.sys
2010-12-22 12:34 . 2004-08-10 17:51 301568 ----a-w- c:\windows\system32\kerberos.dll
2010-12-20 23:59 . 2004-08-10 17:51 916480 ----a-w- c:\windows\system32\wininet.dll
2010-12-20 23:59 . 2004-08-10 17:51 43520 ----a-w- c:\windows\system32\licmgr10.dll
2010-12-20 23:59 . 2004-08-10 17:51 1469440 ------w- c:\windows\system32\inetcpl.cpl
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ModemOnHold"="c:\program files\NetWaiting\netWaiting.exe" [2003-09-10 20480]
"DellSupport"="c:\program files\Dell Support\DSAgnt.exe" [2006-08-29 395776]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-03-21 7557120]
"nwiz"="nwiz.exe" [2006-03-21 1519616]
"NVHotkey"="nvHotkey.dll" [2006-03-21 73728]
"Broadcom Wireless Manager UI"="c:\windows\system32\WLTRAY.exe" [2006-11-22 1392640]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 282624]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2006-03-08 761947]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-12-06 127035]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 221184]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 81920]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2007-05-04 169984]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2006-08-22 184320]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
.
c:\documents and settings\Admin\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-3-16 113664]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-9-11 576104]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-5-4 24576]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office10\OSA.EXE [2011-2-14 83360]
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell\\MediaDirect\\PCMService.exe"=
"c:\\Program Files\\Opera\\opera.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\BitComet\\BitComet.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"18971:TCP"= 18971:TCP:BitComet 18971 TCP
"18971:UDP"= 18971:UDP:BitComet 18971 UDP
.
R2 NitroReaderDriverReadSpool;NitroPDFReaderDriverCreatorReadSpool;c:\program files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe [1/14/2011 2:35 PM 196912]
S2 0031711297724767mcinstcleanup;McAfee Application Installer Cleanup (0031711297724767);c:\windows\TEMP\003171~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\windows\TEMP\003171~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-03-20 13:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10m_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2011-03-20 13:32:50
ComboFix-quarantined-files.txt 2011-03-20 18:32
.
Pre-Run: 56,747,446,272 bytes free
Post-Run: 56,719,335,424 bytes free
.
WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
.
- - End Of File - - DAC271A45CE39F02F0853F8CE4192637

Since the combo fix, I've ran Super anti spyware several times and it says "no infections found". However I still cannot open explorer, desktop icons and taskbar still missing. I can sign on internet using task manager/desktop/opera. I've loaded the cd and tried the XP repair 3 times, but something is keeping it from fully finishing, it just freezes up at the end and I have to actually unplug the laptop and restart. I've researched every explorer.exe fix I could find on google and even tried to install explorer 8 from a different cpu via usb card, to no avail of course. Has anyone else had this problem? I've just reformatted my hard drive about a month ago, reloaded all my apps and folders, so I certainly dont want to have to reformat again. Help please. Thanks in advance.

EDIT: Posts merged ~BP

Edited by Budapest, 22 March 2011 - 04:16 PM.


BC AdBot (Login to Remove)

 


#2 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 25 March 2011 - 05:40 PM

Hello and welcome to Bleeping Computer

My name is etavares and I will be working with you to fix your computer.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • Once we start working together, please reply back within 3 days or this thread may be closed so we can help others who are waiting. If you will be unable to respond (e.g. vacation, travel, etc.), please let me know ahead of time.
  • Please refrain from running tools or applying updates other than those we suggest while we are cleaning up your computer. The reason for this is so we know what is going on with the machine at any time. Some programs can interfere with others and hamper the recovery process. Please also continue to work with me until I give you the all clear. Even if your computer appears to act better, you may still be infected.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • If you have already posted a log, please do so again as instructed below, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan:

We need to create an OTL report,
  • Please download OTL from this link.
  • Save it to your desktop.
  • Double click on the Posted Image icon on your desktop.
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste this in:

    netsvcs
    msconfig
    drivers32 /all
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\system32\*.sys /90
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %SYSTEMDRIVE%\*.*
    %systemroot%\system32\Spool\prtprocs\w32x86\*.dll
    %systemroot%\*. /mp /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    CREATERESTOREPOINT

  • Click the Quick Scan button.
  • The scan should take a few minutes.
  • Please copy and paste both logs in your reply.


Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


In your reply, please post both OTL logs and the GMER log. Thanks and again sorry for the delay.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#3 unocentavo

unocentavo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 26 March 2011 - 03:46 PM

Thanks for your reply. I'm extremely thankful.

My cpu is still doing the same thing...no desktop, no taskbar, no explorer and some program files won't load correctly. I'm working on the gmer scan now.

Here is the OTL scan log:

OTL logfile created on: 3/26/2011 3:36:06 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Admin\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 77.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): c:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.47 Gb Total Space | 54.40 Gb Free Space | 78.30% Space Free | Partition Type: NTFS

Computer Name: ENFORCE | User Name: Admin | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/03/26 15:35:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
PRC - [2011/03/18 12:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/03/16 17:24:21 | 002,423,752 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2011/01/14 14:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe


========== Modules (SafeList) ==========

MOD - [2011/03/26 15:35:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - File not found [Auto | Stopped] -- -- (0031711297724767mcinstcleanup) McAfee Application Installer Cleanup (0031711297724767)
SRV - [2011/01/14 14:35:56 | 000,196,912 | ---- | M] (Nitro PDF Software) [Auto | Running] -- C:\Program Files\Nitro PDF\Reader\NitroPDFReaderDriverService.exe -- (NitroReaderDriverReadSpool)


========== Driver Services (SafeList) ==========

DRV - [2010/05/10 13:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 13:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2007/09/11 23:01:44 | 000,879,496 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2007/08/30 01:02:20 | 000,539,432 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btaudio.sys -- (btaudio)
DRV - [2007/08/27 00:58:18 | 000,074,656 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2007/06/28 23:38:30 | 000,156,392 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwdndis.sys -- (BTWDNDIS)
DRV - [2007/03/31 00:02:40 | 000,055,352 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwhid.sys -- (btwhid)
DRV - [2007/03/22 21:50:08 | 000,037,424 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btport.sys -- (BTDriver)
DRV - [2006/11/22 17:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 00:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 16:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 11:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/10/14 08:40:18 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/10/14 08:40:18 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2005/10/14 08:40:18 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/08/12 17:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/21 20:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/21 20:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/21 20:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/02/13 09:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0070504
IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "yahoo.com"

FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/22 14:02:40 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins

[2011/03/22 14:04:25 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Admin\Application Data\Mozilla\Extensions
[2011/03/22 14:02:40 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/02/14 18:57:13 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/05 08:41:11 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION
[2011/03/18 12:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 03:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/03/20 13:31:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar1.dll (Google Inc.)
O3 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006..\Run: [ModemOnHold] C:\Program Files\NetWaiting\netwaiting.exe ()
O4 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] C:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\System32\Macromed\Flash\FlashUtil10n_Plugin.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe (Broadcom Corporation.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktop = 0
O7 - HKU\S-1-5-21-736518824-3330005960-3022345662-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O9 - Extra Button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O9 - Extra 'Tools' menuitem : @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm ()
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 192.168.1.254
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll ()
O20 - HKLM Winlogon: Shell - (explorercopy.exe) - C:\WINDOWS\explorercopy.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 13:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found


Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midi3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: mixer3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msg723 - C:\WINDOWS\System32\msg723.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.I420 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.M261 - C:\WINDOWS\System32\msh261.drv (Microsoft Corporation)
Drivers32: vidc.M263 - C:\WINDOWS\System32\msh263.drv (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave1 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave2 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wave3 - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (54619756233228288)

========== Files/Folders - Created Within 30 Days ==========

[2011/03/26 15:35:00 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/03/26 15:12:41 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Desktop\website CC7
[2011/03/26 15:10:42 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Desktop\website CC6
[2011/03/25 06:39:15 | 000,000,000 | ---D | C] -- C:\Program Files\MSXML 6.0
[2011/03/24 07:37:13 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot_bak
[2011/03/24 07:12:41 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2011/03/23 15:53:58 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Admin\Recent
[2011/03/22 17:16:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Silverlight
[2011/03/22 17:16:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/03/22 17:15:53 | 006,277,496 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Silverlight.exe
[2011/03/22 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\Mozilla
[2011/03/22 14:04:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Mozilla
[2011/03/22 14:02:38 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2011/03/22 14:01:19 | 012,580,112 | ---- | C] (Mozilla) -- C:\Program Files\Firefox Setup 4.0.exe
[2011/03/22 09:37:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie7updates
[2011/03/22 09:34:54 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie7
[2011/03/22 09:34:37 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallIDNMitigationAPIs$
[2011/03/22 09:34:17 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstallNLSDownlevelMapping$
[2011/03/22 09:30:08 | 015,452,536 | ---- | C] (Microsoft Corporation) -- C:\Program Files\IE7-WindowsXP-x86-enu.exe
[2011/03/22 07:32:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/03/21 19:44:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2011/03/21 19:44:18 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2011/03/21 19:44:18 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2011/03/21 19:42:54 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2011/03/21 15:15:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Malwarebytes
[2011/03/21 15:15:10 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/03/21 15:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/03/21 15:15:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/03/21 15:15:06 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/03/21 15:15:06 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/03/20 15:35:42 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/03/20 14:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/03/20 14:07:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\SUPERAntiSpyware.com
[2011/03/20 14:06:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/03/20 14:06:47 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/03/20 14:03:42 | 010,700,680 | ---- | C] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/03/20 13:28:42 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/03/20 13:27:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/03/20 13:27:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/03/20 13:27:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/03/20 13:27:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/03/20 13:27:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/03/20 13:27:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/03/20 13:17:51 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\avg_remover_stf_x86_2011_1184.exe
[2011/03/20 09:55:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\dell
[2011/03/15 07:48:50 | 000,737,280 | ---- | C] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2011/03/14 15:59:25 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\Desktop\website CC
[2011/03/14 14:23:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\AdobeStockPhotos
[2011/03/09 11:26:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Notepad text files
[2011/03/09 11:25:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\MS Doc files
[2011/03/09 11:24:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\converted to PDF files
[2011/03/08 17:36:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Mileage pdf files
[2011/03/08 17:34:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Nitro PDF
[2011/03/08 17:33:57 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
[2011/03/08 17:33:57 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
[2011/03/08 17:33:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/03/08 17:33:45 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Nitro PDF
[2011/03/08 17:30:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\PrimoPDF
[2011/03/08 17:29:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PrimoPDF
[2011/03/08 17:29:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\OpenCandy
[2011/03/08 17:28:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\OpenCandy
[2011/03/08 17:28:57 | 000,000,000 | ---D | C] -- C:\Program Files\Nitro PDF
[2011/03/08 16:00:27 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admin\My Documents\My Webs
[2011/03/08 15:59:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Tools
[2011/03/08 15:59:00 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft ActiveSync
[2011/03/08 15:58:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Designer
[2011/03/08 15:58:31 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ShellNew
[2011/03/06 08:41:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Castle Confections
[2011/03/05 13:10:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\vlc
[2011/03/05 09:59:21 | 000,000,000 | ---D | C] -- C:\WINDOWS\Sun
[2011/03/05 09:22:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\FileZilla
[2011/03/02 07:16:32 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\XPSViewer
[2011/03/02 07:16:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSBuild
[2011/03/02 07:16:22 | 000,000,000 | ---D | C] -- C:\Program Files\Reference Assemblies
[2011/03/02 07:15:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\AdobeUM
[2011/03/01 07:31:06 | 000,000,000 | ---D | C] -- C:\416c1e3bd820937b82ba
[2011/02/28 18:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Bluetooth Software
[2011/02/28 18:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Bluetooth Exchange Folder
[2011/02/28 18:00:39 | 000,000,000 | ---D | C] -- C:\Program Files\WIDCOMM
[2011/02/28 07:33:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Local Settings\Application Data\PCHealth
[2011/02/27 21:30:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\outlook express contact
[2011/02/27 10:16:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Audioactive
[2011/02/27 10:14:54 | 000,011,264 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_SETUP.DLL
[2011/02/27 10:14:54 | 000,008,192 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\_ISDEL.EXE
[2011/02/27 10:14:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\WINDOWS
[2011/02/27 10:13:47 | 002,175,750 | ---- | C] (InstallShield Software Corporation) -- C:\Program Files\aaps154e.exe
[2011/02/27 08:59:45 | 000,000,000 | ---D | C] -- C:\902a39d6e955e2c343
[2011/02/27 08:59:42 | 000,000,000 | ---D | C] -- C:\dbc0e677f0d5f9f8a9390bae
[2011/02/26 09:47:12 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2011/02/26 09:36:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\CyberLink
[2011/02/26 08:24:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\My Documents\Updater
[2011/02/26 08:18:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2011/02/26 08:15:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe Systems
[2011/02/26 08:14:51 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe Systems Shared
[2011/02/26 07:54:58 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe Photoshop CS2 With KeyGen
[2011/02/24 17:31:57 | 000,000,000 | ---D | C] -- C:\Downloads
[2011/02/24 17:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\BitComet
[2011/02/24 16:16:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\Zeon
[2011/02/24 16:10:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Application Data\WinRAR
[2011/02/24 16:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/02/24 16:10:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admin\Start Menu\Programs\WinRAR
[2011/02/24 16:10:26 | 000,000,000 | ---D | C] -- C:\Program Files\WinRAR
[2011/02/24 16:04:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admin\IECompatCache
[2011/02/24 15:48:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\Adobe PDF
[2011/02/14 19:17:55 | 002,832,544 | ---- | C] (Adobe Systems, Inc.) -- C:\Program Files\install_flash_player.exe
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/03/26 15:35:00 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admin\Desktop\OTL.exe
[2011/03/26 15:31:03 | 000,445,080 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/26 15:31:03 | 000,073,420 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/26 15:26:57 | 000,024,041 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/03/26 15:26:45 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/03/26 15:26:41 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2011/03/26 15:10:21 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/25 06:56:30 | 000,254,272 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/03/22 17:58:53 | 000,002,521 | ---- | M] () -- C:\Documents and Settings\Admin\My Documents\xp_taskbar_desktop_fixall.vbs
[2011/03/22 17:48:00 | 000,001,397 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\control.lnk
[2011/03/22 14:04:06 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2011/03/22 14:02:42 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/22 09:43:17 | 000,000,797 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Launch Internet Explorer Browser.lnk
[2011/03/21 19:47:27 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/21 19:45:51 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2011/03/21 19:41:29 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2011/03/21 19:41:28 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/03/21 19:41:28 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/03/21 19:41:13 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/03/21 19:39:26 | 000,023,412 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2011/03/21 19:38:15 | 000,000,535 | ---- | M] () -- C:\WINDOWS\System32\mapisvc.inf
[2011/03/21 19:37:08 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2011/03/21 17:58:15 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2011/03/21 17:32:26 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/21 17:32:18 | 000,003,325 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2011/03/21 17:27:15 | 000,014,012 | ---- | M] () -- C:\Program Files\IEFix.zip
[2011/03/21 15:15:10 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/21 08:35:52 | 000,002,229 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2011/03/20 14:06:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/20 14:04:39 | 010,700,680 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware.exe
[2011/03/20 13:31:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/03/20 13:26:42 | 004,297,576 | R--- | M] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/03/20 13:17:51 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\avg_remover_stf_x86_2011_1184.exe
[2011/03/19 06:15:59 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/15 20:13:10 | 000,000,048 | ---- | M] () -- C:\WINDOWS\.prj
[2011/03/15 19:27:46 | 000,737,280 | ---- | M] (Indigo Rose Corporation) -- C:\WINDOWS\iun6002.exe
[2011/03/14 08:32:34 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2011/03/14 07:00:35 | 000,000,376 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/03/14 07:00:23 | 000,001,730 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/03/08 17:33:53 | 000,001,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Nitro PDF Reader.lnk
[2011/03/08 17:29:15 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/03/08 17:29:07 | 000,000,314 | ---- | M] () -- C:\WINDOWS\primopdf.ini
[2011/03/08 17:28:19 | 007,458,096 | ---- | M] () -- C:\Program Files\InternationalPrimoPDF.exe
[2011/03/08 16:01:55 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/03/05 10:11:47 | 000,000,600 | ---- | M] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\PUTTY.RND
[2011/02/28 18:00:48 | 000,000,637 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/02/27 17:52:16 | 000,024,041 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/02/26 09:47:07 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/26 09:47:06 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Windows Media Player.lnk
[2011/02/26 08:18:51 | 000,000,988 | ---- | M] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/02/26 08:00:31 | 000,000,630 | ---- | M] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Adobe Photoshop CS2 With KeyGen.lnk
[2011/02/24 17:30:33 | 008,965,856 | ---- | M] () -- C:\Program Files\BitComet_1.26_setup.exe
[2011/02/24 16:35:01 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\System32\8945331E8B.sys
[16 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/03/24 07:11:52 | 000,001,374 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/03/22 17:58:53 | 000,002,521 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\xp_taskbar_desktop_fixall.vbs
[2011/03/22 17:47:29 | 000,001,397 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\control.lnk
[2011/03/22 14:04:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2011/03/22 14:02:42 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/03/22 09:43:17 | 000,000,797 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Launch Internet Explorer Browser.lnk
[2011/03/21 19:44:10 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2011/03/21 19:43:46 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/03/21 19:43:38 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2011/03/21 19:43:37 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2011/03/21 19:43:35 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/03/21 19:43:21 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/03/21 19:43:14 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/03/21 19:43:12 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2011/03/21 19:42:57 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2011/03/21 17:56:28 | 001,042,903 | ---- | C] () -- C:\WINDOWS\System32\dllcache\SP2.CAT
[2011/03/21 17:56:28 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2011/03/21 17:56:28 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2011/03/21 17:56:28 | 000,168,806 | ---- | C] () -- C:\WINDOWS\System32\dllcache\startoc.cat
[2011/03/21 17:56:28 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2011/03/21 17:56:28 | 000,031,281 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2011/03/21 17:56:28 | 000,024,209 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn7.cat
[2011/03/21 17:56:28 | 000,013,753 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2011/03/21 17:56:28 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2011/03/21 17:56:28 | 000,011,651 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msn9.cat
[2011/03/21 17:56:28 | 000,009,581 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2011/03/21 17:56:28 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2011/03/21 17:56:28 | 000,007,710 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2011/03/21 17:56:28 | 000,007,245 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2011/03/21 17:56:27 | 002,012,670 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2011/03/21 17:56:27 | 000,382,952 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2011/03/21 17:27:15 | 000,014,012 | ---- | C] () -- C:\Program Files\IEFix.zip
[2011/03/21 16:52:10 | 2145,845,248 | -HS- | C] () -- C:\hiberfil.sys
[2011/03/21 15:15:10 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/03/21 08:35:52 | 000,002,229 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2011/03/20 15:07:15 | 000,007,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmerrenu.cat
[2011/03/20 15:06:32 | 000,003,325 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2011/03/20 14:06:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/03/20 13:28:47 | 000,000,211 | -HS- | C] () -- C:\Boot.bak
[2011/03/20 13:28:43 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/03/20 13:27:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/03/20 13:27:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/03/20 13:27:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/03/20 13:27:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/03/20 13:27:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/03/20 13:26:25 | 004,297,576 | R--- | C] () -- C:\Documents and Settings\Admin\Desktop\ComboFix.exe
[2011/03/15 20:12:12 | 000,000,048 | ---- | C] () -- C:\WINDOWS\.prj
[2011/03/14 07:00:23 | 000,002,435 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Publisher.lnk
[2011/03/08 17:33:53 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Nitro PDF Reader.lnk
[2011/03/08 17:33:53 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Nitro PDF Reader.lnk
[2011/03/08 17:29:15 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PrimoPDF - Drop Files Here to Convert!.lnk
[2011/03/08 17:29:07 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2011/03/08 17:27:29 | 007,458,096 | ---- | C] () -- C:\Program Files\InternationalPrimoPDF.exe
[2011/03/08 16:01:55 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/03/08 15:59:45 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2011/03/08 15:59:02 | 000,002,513 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Outlook.lnk
[2011/03/08 15:59:02 | 000,002,489 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Word.lnk
[2011/03/08 15:59:02 | 000,002,475 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft PowerPoint.lnk
[2011/03/08 15:59:02 | 000,001,730 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
[2011/03/08 15:59:01 | 000,002,487 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Excel.lnk
[2011/03/08 15:59:01 | 000,002,465 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft FrontPage.lnk
[2011/03/08 15:59:01 | 000,002,463 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Access.lnk
[2011/03/05 09:31:08 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Admin\Local Settings\Application Data\PUTTY.RND
[2011/02/28 18:01:42 | 000,000,324 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\My Bluetooth Places.lnk
[2011/02/28 18:00:48 | 000,000,637 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
[2011/02/27 11:05:21 | 000,006,145 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\ntpa2241.inf
[2011/02/27 11:05:21 | 000,000,715 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\copyinf.ini
[2011/02/27 10:16:12 | 000,175,616 | ---- | C] () -- C:\WINDOWS\aacalc.exe
[2011/02/27 10:16:12 | 000,041,472 | ---- | C] () -- C:\WINDOWS\aaps.exe
[2011/02/27 10:14:54 | 002,313,317 | ---- | C] () -- C:\Program Files\data1.cab
[2011/02/27 10:14:54 | 000,291,594 | ---- | C] () -- C:\Program Files\_INST32I.EX_
[2011/02/27 10:14:54 | 000,204,361 | ---- | C] () -- C:\Program Files\_sys1.cab
[2011/02/27 10:14:54 | 000,063,890 | ---- | C] () -- C:\Program Files\setup.ins
[2011/02/27 10:14:54 | 000,058,343 | ---- | C] () -- C:\Program Files\_user1.cab
[2011/02/27 10:14:54 | 000,042,000 | ---- | C] () -- C:\Program Files\setup.BMP
[2011/02/27 10:14:54 | 000,004,557 | ---- | C] () -- C:\Program Files\lang.dat
[2011/02/27 10:14:54 | 000,000,353 | ---- | C] () -- C:\Program Files\layout.bin
[2011/02/27 10:14:54 | 000,000,118 | ---- | C] () -- C:\Program Files\DATA.TAG
[2011/02/27 10:14:54 | 000,000,069 | ---- | C] () -- C:\Program Files\SETUP.INI
[2011/02/27 10:14:54 | 000,000,049 | ---- | C] () -- C:\Program Files\setup.lid
[2011/02/27 10:14:53 | 000,000,417 | ---- | C] () -- C:\Program Files\os.dat
[2011/02/27 09:18:42 | 005,296,128 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\audacity.exe
[2011/02/27 09:15:18 | 005,296,128 | ---- | C] () -- C:\Documents and Settings\Admin\My Documents\audacity.exe
[2011/02/26 09:47:07 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Admin\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2011/02/26 08:36:33 | 000,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Bridge.lnk
[2011/02/26 08:19:05 | 000,001,744 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Help Center.lnk
[2011/02/26 08:18:51 | 000,000,988 | ---- | C] () -- C:\Documents and Settings\Admin\Start Menu\Programs\Startup\Adobe Gamma.lnk
[2011/02/26 08:14:46 | 000,001,776 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop CS2.lnk
[2011/02/26 08:14:46 | 000,001,773 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe ImageReady CS2.lnk
[2011/02/26 08:00:31 | 000,000,630 | ---- | C] () -- C:\Documents and Settings\Admin\Desktop\Shortcut to Adobe Photoshop CS2 With KeyGen.lnk
[2011/02/26 07:53:40 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/24 17:30:33 | 008,965,856 | ---- | C] () -- C:\Program Files\BitComet_1.26_setup.exe
[2011/02/24 11:50:03 | 000,000,168 | RHS- | C] () -- C:\WINDOWS\System32\8945331E8B.sys
[2011/02/24 11:50:02 | 000,005,642 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2009/12/20 20:42:18 | 000,000,314 | ---- | C] () -- C:\WINDOWS\primopdf.ini
[2007/11/09 06:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2007/09/11 13:24:28 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/09/11 13:12:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2007/05/04 12:07:38 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2007/05/04 12:05:04 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2007/05/04 12:02:30 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/05/04 11:52:12 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2007/05/04 11:52:11 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2007/05/04 11:52:11 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2007/05/04 11:38:10 | 000,024,041 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2007/05/04 11:32:23 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/05/04 11:32:23 | 001,519,616 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/05/04 11:32:23 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/05/04 11:32:23 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/05/04 11:32:22 | 001,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/05/04 11:32:22 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/05/04 11:32:20 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/05/04 11:32:20 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2007/05/04 11:32:19 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/05/04 11:32:13 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2007/05/04 11:32:09 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2007/05/04 11:31:09 | 000,000,391 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/09/24 13:37:00 | 000,169,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2005/04/09 10:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 13:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 13:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 13:02:15 | 000,023,412 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 13:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 12:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 12:57:15 | 000,254,272 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 12:51:20 | 000,445,080 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 12:51:20 | 000,073,420 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 12:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2001/11/14 14:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2011/02/26 07:58:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\BitComet
[2011/02/24 14:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\ElevatedDiagnostics
[2011/03/05 10:12:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\FileZilla
[2011/03/22 08:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Nitro PDF
[2011/03/08 17:28:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\OpenCandy
[2011/02/14 18:21:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Opera
[2011/03/09 11:17:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\PrimoPDF
[2011/02/24 16:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admin\Application Data\Zeon
[2011/02/16 12:43:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/03/20 10:14:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/03/08 17:33:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF

========== Purity Check ==========



========== Custom Scans ==========


< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\system32\*.sys /90 >
[2011/02/24 16:35:01 | 000,000,168 | RHS- | M] () -- C:\WINDOWS\system32\8945331E8B.sys
[2011/03/14 08:32:34 | 000,005,642 | -HS- | M] () -- C:\WINDOWS\system32\KGyGaAvL.sys
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2011/03/21 12:54:03 | 000,303,104 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2011/03/21 17:33:03 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav
[2011/03/21 12:54:03 | 023,330,816 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2011/03/21 12:54:03 | 004,718,592 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %SYSTEMDRIVE%\*.* >
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2011/02/14 18:05:55 | 000,000,211 | -HS- | M] () -- C:\Boot.bak
[2011/03/21 19:37:08 | 000,000,282 | -HS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/08/10 13:04:08 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2007/05/04 11:34:48 | 000,006,289 | RH-- | M] () -- C:\dell.sdr
[2011/03/26 15:26:41 | 2145,845,248 | -HS- | M] () -- C:\hiberfil.sys
[2002/03/18 09:15:02 | 000,004,300 | ---- | M] () -- C:\hotfix.txt
[2011/03/21 17:58:15 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2004/08/10 13:04:08 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/16 15:32:41 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/03/26 15:26:39 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\*. /mp /s >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< End of report >

#4 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 26 March 2011 - 04:10 PM

After you post the GMER log, please do this:


First, if you launch Task Manager and do File --> New Task, does anything happen if you hit "browse"? If yes, please navigate to C:\windows\ and let me know if explorer.exe is there or not.

Next, don't forget to let me know if you have a Windows CD or not.

Finally, do you have access to a working computer and a USB flash drive?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#5 unocentavo

unocentavo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 26 March 2011 - 04:25 PM

GMER, still scanning.

Yes, I have the CD. I've tried to do a repair a couple of times but it freezes up at the very end, right before its finished. Yes, I do have flash drive and access to a working cpu.


Yes, I can browse most of my programs through the task manager. Yes, I can navigate to C:\windows. Explorer.exe is there, but when I click on it, my screen just does a little split second flash and then nothing else happens, program won't open.

#6 unocentavo

unocentavo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 26 March 2011 - 04:52 PM

GMER log:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit scan 2011-03-26 16:50:32
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3 SAMSUNG_HM080HI rev.AB100-12
Running: gmer.exe; Driver: C:\DOCUME~1\Admin\LOCALS~1\Temp\kwldapog.sys


---- System - GMER 1.0.15 ----

SSDT \??\C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS (SASKUTIL.SYS/SUPERAdBlocker.com and SUPERAntiSpyware.com) ZwTerminateProcess [0xB64E3620]

---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9A12380, 0x21FC8D, 0xE8000020]

---- User code sections - GMER 1.0.15 ----

.text C:\Program Files\Mozilla Firefox\firefox.exe[276] ntdll.dll!LdrLoadDll 7C915CD3 5 Bytes JMP 00401410 C:\Program Files\Mozilla Firefox\firefox.exe (Firefox/Mozilla Corporation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1328] USER32.dll!SetWindowLongA 77D4DED3 5 Bytes JMP 10699777 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1328] USER32.dll!SetWindowLongW 77D4DEF1 5 Bytes JMP 10699709 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1328] USER32.dll!GetWindowInfo 77D4F122 1 Byte [E9]
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1328] USER32.dll!GetWindowInfo 77D4F122 5 Bytes JMP 104C7C37 C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)
.text C:\Program Files\Mozilla Firefox\plugin-container.exe[1328] USER32.dll!TrackPopupMenu 77D94F16 5 Bytes JMP 104C823A C:\Program Files\Mozilla Firefox\xul.dll (Mozilla Foundation)

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Kbdclass \Device\KeyboardClass0 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)
AttachedDevice \Driver\Kbdclass \Device\KeyboardClass1 SynTP.sys (Synaptics Touchpad Driver/Synaptics, Inc.)

Device \FileSystem\Fastfat \Fat B2190C8A
Device \FileSystem\Fs_Rec \FileSystem\UdfsCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatCdRomRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\CdfsRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\FatDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Fs_Rec \FileSystem\UdfsDiskRecognizer tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)
Device \FileSystem\Cdfs \Cdfs tfsnifs.sys (Drive Letter Access Component/Sonic Solutions)

---- EOF - GMER 1.0.15 ----

#7 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 27 March 2011 - 07:39 AM

Hello, unocentavo.

P2P Warning and Request
The log shows that you have been using so called peer-to-peer or file-sharing programmes (in your case BitComet). These programmes allow to share files between users as the name(s) suggest. In today's world the cyber crime has come a long way and any means is used to infect personal computers to make use of their stored data or machine power for further propagation of their malware files. A popular means is the use of file-sharing tools as a tremendous amount of prospective victims can be reached through it.

It is therefore possible to be infected by downloading manipulated files via peer-to-peer tools and thus suggested to be used with intense care. I recommend that you uninstall this program. That is optional, however. If you decide to not uninstall, please refrain from using it until I let you know your computer is clean.




It also appears you are using keygens. These are extremely dangerous as they are commonly used to distribute malware and viruses.



Now, let's see if explorer is infected, or if something is blocking it from running. Also, did you create explorercopy.exe? I see a registry entry for it that is not normal.



Step 1

Please make sure that you can view all hidden files. Instructions on how to do this can be found here:

How to see hidden files in Windows

Please click this link-->Jotti

When the jotti page has finished loading, click the Browse button and navigate to the following file and click Submit.

C:\windows\explorercopy.exe
c:\windows\explorer.exe


Please post back the results of the scan in your next post.

If Jotti is busy, try the same at Virustotal: http://www.virustotal.com/

etavares


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#8 unocentavo

unocentavo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 27 March 2011 - 04:21 PM

OK. I did go ahead and uninstall the bitcomet, appreciate the advice. I should have done that long ago.
The explorercopy.exe was an explorer.exe file that I made a copy of to see if my cpu would allow it to open in task manager, but forgot to go back and delete it when it failed to load too.

The Jotti scan said, "no problems found" for the explorer.exe files.

#9 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 27 March 2011 - 04:24 PM

It appears to be something else then. You mentioned you had a Windows CD that would freeze when you tried to repair it. What kind of repair were you trying, a Repair Install or an SFC?


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#10 unocentavo

unocentavo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 29 March 2011 - 06:20 PM

Yes, a repair from the cd.

#11 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 29 March 2011 - 09:07 PM

OK, let's try a system file check. Make sure to have your Windows CD handy.


  • Please click start --> Run, type cmd in the box and press Enter.
  • In the popup window type the bold text below and press Enter. Note the space between sfc and the /scannow parts.

    sfc /scannow

  • It will scan your system files. If something is missing or corrupted, it will prompt you for the Windows CD. Follow the prompts and let it replace anything it wants to.

Once that's done, let me know if it ran OK and what files, if any, you had to replace with the scan.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#12 unocentavo

unocentavo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 01 April 2011 - 11:18 AM

Did the scan, it prompted me to insert the cd, it loaded what it needed I guess but didn't state what was missing. I restarted but still no explorer, desktop or taskbar?

#13 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 01 April 2011 - 06:15 PM

Please try to launch explorer.exe via Task Manager, will it start now?

If not, I have other tricks up my sleeve.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 


#14 unocentavo

unocentavo
  • Topic Starter

  • Members
  • 28 posts
  • OFFLINE
  •  
  • Local time:03:24 PM

Posted 03 April 2011 - 09:47 AM

Thanks Etavares, yeah I tried to open explorer.exe up in task manager, but still nothing. Guess I'm just gonna have to save my files and restore again.

#15 etavares

etavares

    Bleepin' Remover


  • Malware Response Team
  • 15,514 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:04:24 PM

Posted 03 April 2011 - 03:28 PM

OK, if that's the path you want to work with, it will guarantee a 100% working computer. If you want to try another tack to repair it, just let me know.


If I don't respond within 2 days, please feel free to PM me.
Please don't ask for help via PM. The forums are there for a reason. Please post in the forums so others may benefit as well.

Posted Image
Unified Network of Instructors and Trusted Eliminators
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users