Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unkown malware blocks registry and explorer options


  • This topic is locked This topic is locked
10 replies to this topic

#1 jrpmh

jrpmh

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 22 May 2011 - 12:39 AM

The first sign that something was wrong arose when trying to replace an intermittent wireless card. New cards are installed not as a Network Adapter but under Other Devices as a network controller.

While trying to troubleshoot this, I found out that I could not change the View options under Tools->Folder Options in explorer.

I've tried installing Malwarebytes and running it; it reports an "Error Creating Registry Key" (message box attached).

Defogger also reports a problem modifying the registry:
defogger_disable by jpshortstuff (23.02.10.1)
Log created at 16:09 on 21/05/2011 (Jim)

Checking for autostart values...
Unable to open HKCU\~\Run key (5)
HKCU\~\Run values retrieved.
HKLM\~\Run values retrieved.

Checking for services/drivers...

-=E.O.F=-

Microsoft's anti-virus and Spybot find nothing wrong. SDFix reports "No Trojans Found".

Another glitch, possibly unrelated, is I get these pop-up message boxes suggesting I change the screen resolution appearing at intervals for about 20-30 seconds then going away - a new behavior of the past month.

Here is the DDS log:

.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jim at 18:42:53 on 2011-05-21
.
============== Running Processes ===============
.
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\System32\alg.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\Program Files\Google\Chrome\Application\chrome.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\OpenOffice.org 3\program\swriter.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\Documents and Settings\Jim.EMILE.000\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: DgnWebIE: {2843dac1-05ef-11d2-95ba-0060083493d6} - c:\windows\speech\dragon\web_ie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? gupdate1ca081e48cc5ff8;Google Update Service (gupdate1ca081e48cc5ff8)
R? gupdatem;Google Update Service (gupdatem)
R? MpKsl3fbe38e4;MpKsl3fbe38e4
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
R? Super G Wireless Cardbus Service;Super G Wireless Cardbus Adapter Service
S? EAPPkt;Realtek EAPPkt Protocol
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl07ad77f2;MpKsl07ad77f2
.
=============== Created Last 30 ================
.
2011-05-22 01:30:15 -------- d-----w- c:\documents and settings\jim.emile.000\application data\Malwarebytes
2011-05-22 01:27:36 -------- d-----w- c:\documents and settings\jim.emile.000\application data\OpenOffice.org
2011-05-22 01:26:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 01:26:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-21 20:29:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 20:29:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 20:16:21 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53cbe29e-c4a3-4e19-b658-8c3aa0af66f7}\MpKsl07ad77f2.sys
2011-05-21 20:04:22 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2011-05-21 20:02:23 -------- d-----w- c:\windows\ERUNT
2011-05-21 19:42:50 -------- d-----w- C:\SDFix
2011-05-16 03:24:30 7071056 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{53cbe29e-c4a3-4e19-b658-8c3aa0af66f7}\mpengine.dll
2011-05-14 21:23:05 -------- d-----w- c:\documents and settings\jim.emile.000\application data\SUPERAntiSpyware.com
2011-05-14 21:23:05 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-14 21:13:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-14 21:13:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-05-06 02:29:39 -------- d-----w- c:\program files\OpenOffice.org 3
2011-05-06 02:28:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-06 02:23:12 -------- d-----w- c:\program files\OpenOffice
2011-04-30 03:22:04 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-04-30 03:22:04 -------- d-----w- c:\windows\system32\wbem\Repository
.
==================== Find3M ====================
.
2011-05-06 02:28:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
2011-02-22 23:06:29 916480 ----a-w- c:\windows\system32\wininet.dll
2011-02-22 23:06:29 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-02-22 23:06:29 1469440 ------w- c:\windows\system32\inetcpl.cpl
2011-02-22 11:41:59 385024 ----a-w- c:\windows\system32\html.iec
.
============= FINISH: 18:43:50.15 ===============

Attached Files



BC AdBot (Login to Remove)

 


#2 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,911 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:12:47 PM

Posted 30 May 2011 - 07:34 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

Please take note:

  • If you have since resolved the original problem you were having, we would appreciate you letting us know.
  • If you are unable to create a log because your computer cannot start up successfully please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • If you are unable to perform the steps we have recommended please try one more time and if unsuccessful alert us of such and we will design an alternate means of obtaining the necessary information.
  • If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • Upon completing the steps below another staff member will review your topic an do their best to resolve your issues.
  • If you have already posted a DDS log, please do so again, as your situation may have changed.
  • Use the 'Add Reply' and add the new log to this thread.

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download DDS by sUBs from one of the following links if you no longer have it available. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explanation about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


We also need a new log from the GMER anti-rootkit Scanner.

Please note that if you are running a 64-bit version of Windows you will not be able to run GMER and you may skip this step.

Please first disable any CD emulation programs using the steps found in this topic:

Why we request you disable CD Emulation when receiving Malware Removal Advice

Then create another GMER log and post it as an attachment to the reply where you post your new DDS log. Instructions on how to properly create a GMER log can be found here:

How to create a GMER log


Thanks and again sorry for the delay.
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript

#3 jrpmh

jrpmh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 30 May 2011 - 10:20 PM

Following up, as requested, with the new scan results:


.
DDS (Ver_11-05-19.01) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Jim at 14:43:09 on 2011-05-30
.
============== Running Processes ===============
.
C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Microsoft\BingBar\SeaPort.EXE
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\Documents and Settings\Jim.EMILE.000\My Documents\Downloads\dds.scr
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k imgsvc
.
============== Pseudo HJT Report ===============
.
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: Winamp Toolbar Loader: {25cee8ec-5730-41bc-8b58-22ddc8ab8c20} - c:\program files\winamp toolbar\winamptb.dll
BHO: DgnWebIE: {2843dac1-05ef-11d2-95ba-0060083493d6} - c:\windows\speech\dragon\web_ie.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\program files\spybot - search & destroy\SDHelper.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype add-on for Internet Explorer: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Bing Bar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - "c:\program files\microsoft\bingbar\BingExt.dll"
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: Winamp Toolbar: {ebf2ba02-9094-4c5a-858b-bb198f3d8de2} - c:\program files\winamp toolbar\winamptb.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
TB: Bing Bar: {8dcb7100-df86-4384-8842-8fa844297b3f} - "c:\program files\microsoft\bingbar\BingExt.dll"
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [WinampAgent] "c:\program files\winamp\winampa.exe"
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [ArcSoft Connection Service] c:\program files\common files\arcsoft\connection service\bin\ACDaemon.exe
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [Adobe ARM] "c:\program files\common files\adobe\arm\1.0\AdobeARM.exe"
mRun: [MSC] "c:\program files\microsoft security client\msseces.exe" -hide -runkey
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRunOnce: [Malwarebytes' Anti-Malware] c:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent
dRun: [DWQueuedReporting] "c:\progra~1\common~1\micros~1\dw\dwtrig20.exe" -t
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\program files\spybot - search & destroy\SDHelper.dll
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab
DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: igfxcui - igfxsrvc.dll
.
============= SERVICES / DRIVERS ===============
.
R? BBSvc;Bing Bar Update Service
R? gupdate1ca081e48cc5ff8;Google Update Service (gupdate1ca081e48cc5ff8)
R? gupdatem;Google Update Service (gupdatem)
R? MpKsl3fbe38e4;MpKsl3fbe38e4
R? SASDIFSV;SASDIFSV
R? SASKUTIL;SASKUTIL
R? Super G Wireless Cardbus Service;Super G Wireless Cardbus Adapter Service
S? EAPPkt;Realtek EAPPkt Protocol
S? MpFilter;Microsoft Malware Protection Driver
S? MpKsl1fef319c;MpKsl1fef319c
.
=============== Created Last 30 ================
.
2011-05-30 21:39:30 28752 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8b1f0de-c7b5-41d3-858f-9cb8e4bb7e60}\MpKsl1fef319c.sys
2011-05-30 17:15:08 6962000 ----a-w- c:\documents and settings\all users\application data\microsoft\microsoft antimalware\definition updates\{c8b1f0de-c7b5-41d3-858f-9cb8e4bb7e60}\mpengine.dll
2011-05-22 01:30:15 -------- d-----w- c:\documents and settings\jim.emile.000\application data\Malwarebytes
2011-05-22 01:27:36 -------- d-----w- c:\documents and settings\jim.emile.000\application data\OpenOffice.org
2011-05-22 01:26:52 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-05-22 01:26:51 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-05-21 20:29:35 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-05-21 20:29:35 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-05-21 20:04:22 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2011-05-21 20:02:23 -------- d-----w- c:\windows\ERUNT
2011-05-21 19:42:50 -------- d-----w- C:\SDFix
2011-05-14 21:23:05 -------- d-----w- c:\documents and settings\jim.emile.000\application data\SUPERAntiSpyware.com
2011-05-14 21:23:05 -------- d-----w- c:\documents and settings\all users\application data\SUPERAntiSpyware.com
2011-05-14 21:13:25 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-14 21:13:25 -------- d-----w- c:\documents and settings\all users\application data\Spybot - Search & Destroy
2011-05-06 02:29:39 -------- d-----w- c:\program files\OpenOffice.org 3
2011-05-06 02:28:54 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-06 02:23:12 -------- d-----w- c:\program files\OpenOffice
.
==================== Find3M ====================
.
2011-05-06 02:28:36 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33:50 692736 ----a-w- c:\windows\system32\inetcomm.dll
2011-03-04 06:37:06 420864 ----a-w- c:\windows\system32\vbscript.dll
2011-03-03 13:21:11 1857920 ----a-w- c:\windows\system32\win32k.sys
.
============= FINISH: 14:43:57.73 ===============

Attached Files



#4 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 01 June 2011 - 08:45 AM

Hi jrpmh,



Welcome to BleepingComputer Virus, Trojan, Spyware, and Malware Removal Logs Forum. :welcome:
My name is sundavis, I will be helping you to deal with your Malware problems today.




Step1

  • Download TDSSKiller and save it to your Desktop.
  • Extract its contents to your desktop.
  • Once extracted, open the TDSSKiller folder and doubleclick on TDSSKiller.exe to run the application, then on Start Scan.
  • If an infected file is detected, the default action will be Cure, click on Continue.
  • If a suspicious file is detected, the default action will be Skip, click on Continue.
  • It may ask you to reboot the computer to complete the process. Click on Reboot Now
  • If no reboot is require, click on Report. A log file should appear. Please copy and paste the contents of that file here.
  • If a reboot is required, the report can also be found in your root directory, (usually C:\TDSSKiller folder). Please copy and paste the contents of that file here.


Step2

  • Please download OTL and save it to your desktop.
  • Double click on the icon on your desktop.
  • Under the Standard Registry box change it to All
  • Click the "Scan All Users" checkbox.
  • Under the Custom Scan box paste the following bolded text:


    /md5start
    explorer.exe
    winlogon.exe
    userinit.exe
    svchost.exe
    volsnap.sys
    /md5stop
    %ALLUSERSPROFILE%\Application Data\*.
    %ALLUSERSPROFILE%\Application Data\*.exe /s
    %APPDATA%\*.
    %APPDATA%\*.exe /s
    %SYSTEMDRIVE%\*.exe
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    C:\program files\common files\data\* /s
    %systemroot%\system32\drivers\*.sys /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90
    C:\Documents and Settings\mhumphrey\Desktop\*.* /s
    :reg
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s
    HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /s
    HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s
    HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download /s


  • Click the "Quick Scan" button.
  • The scan should take just a few minutes.
  • OTListIt.txt <-- Will be opened and Extra.txt <-- Will be minimized
  • Copy and paste both logs back here in your next reply.


In your next reply, please post back:

1.TDSSKiller log
2.OTListIt.txt and Extra.txt Thanks

#5 jrpmh

jrpmh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 02 June 2011 - 02:46 AM

Aye aye, Captain - as you commanded:

TDSSKiller (which reported no infections found and didn't request a restart)
2011/06/02 00:13:37.0234 3000 TDSS rootkit removing tool 2.5.3.0 May 25 2011 07:09:24
2011/06/02 00:13:37.0796 3000 ================================================================================
2011/06/02 00:13:37.0796 3000 SystemInfo:
2011/06/02 00:13:37.0796 3000
2011/06/02 00:13:37.0796 3000 OS Version: 5.1.2600 ServicePack: 3.0
2011/06/02 00:13:37.0796 3000 Product type: Workstation
2011/06/02 00:13:37.0796 3000 ComputerName: EMILE
2011/06/02 00:13:37.0796 3000 UserName: Jim
2011/06/02 00:13:37.0796 3000 Windows directory: C:\WINDOWS
2011/06/02 00:13:37.0796 3000 System windows directory: C:\WINDOWS
2011/06/02 00:13:37.0796 3000 Processor architecture: Intel x86
2011/06/02 00:13:37.0796 3000 Number of processors: 1
2011/06/02 00:13:37.0796 3000 Page size: 0x1000
2011/06/02 00:13:37.0796 3000 Boot type: Normal boot
2011/06/02 00:13:37.0796 3000 ================================================================================
2011/06/02 00:13:39.0125 3000 Initialize success
2011/06/02 00:13:44.0671 3276 ================================================================================
2011/06/02 00:13:44.0671 3276 Scan started
2011/06/02 00:13:44.0671 3276 Mode: Manual;
2011/06/02 00:13:44.0671 3276 ================================================================================
2011/06/02 00:13:44.0984 3276 ACPI (8fd99680a539792a30e97944fdaecf17) C:\WINDOWS\system32\DRIVERS\ACPI.sys
2011/06/02 00:13:45.0078 3276 ACPIEC (9859c0f6936e723e4892d7141b1327d5) C:\WINDOWS\system32\drivers\ACPIEC.sys
2011/06/02 00:13:45.0218 3276 aeaudio (11c04b17ed2abbb4833694bcd644ac90) C:\WINDOWS\system32\drivers\aeaudio.sys
2011/06/02 00:13:45.0312 3276 aec (8bed39e3c35d6a489438b8141717a557) C:\WINDOWS\system32\drivers\aec.sys
2011/06/02 00:13:45.0390 3276 AegisP (30bb1bde595ca65fd5549462080d94e5) C:\WINDOWS\system32\DRIVERS\AegisP.sys
2011/06/02 00:13:45.0515 3276 Afc (fe3ea6e9afc1a78e6edca121e006afb7) C:\WINDOWS\system32\drivers\Afc.sys
2011/06/02 00:13:45.0593 3276 AFD (7618d5218f2a614672ec61a80d854a37) C:\WINDOWS\System32\drivers\afd.sys
2011/06/02 00:13:45.0875 3276 AR5211 (f03fc45e839912cb576e2496f582867c) C:\WINDOWS\system32\DRIVERS\ar5211.sys
2011/06/02 00:13:46.0031 3276 AsyncMac (b153affac761e7f5fcfa822b9c4e97bc) C:\WINDOWS\system32\DRIVERS\asyncmac.sys
2011/06/02 00:13:46.0078 3276 atapi (9f3a2f5aa6875c72bf062c712cfa2674) C:\WINDOWS\system32\DRIVERS\atapi.sys
2011/06/02 00:13:46.0125 3276 Atmarpc (9916c1225104ba14794209cfa8012159) C:\WINDOWS\system32\DRIVERS\atmarpc.sys
2011/06/02 00:13:46.0187 3276 audstub (d9f724aa26c010a217c97606b160ed68) C:\WINDOWS\system32\DRIVERS\audstub.sys
2011/06/02 00:13:46.0250 3276 Beep (da1f27d85e0d1525f6621372e7b685e9) C:\WINDOWS\system32\drivers\Beep.sys
2011/06/02 00:13:46.0312 3276 cbidf2k (90a673fc8e12a79afbed2576f6a7aaf9) C:\WINDOWS\system32\drivers\cbidf2k.sys
2011/06/02 00:13:46.0359 3276 CCDECODE (0be5aef125be881c4f854c554f2b025c) C:\WINDOWS\system32\DRIVERS\CCDECODE.sys
2011/06/02 00:13:46.0437 3276 Cdaudio (c1b486a7658353d33a10cc15211a873b) C:\WINDOWS\system32\drivers\Cdaudio.sys
2011/06/02 00:13:46.0484 3276 Cdfs (c885b02847f5d2fd45a24e219ed93b32) C:\WINDOWS\system32\drivers\Cdfs.sys
2011/06/02 00:13:46.0515 3276 Cdrom (1f4260cc5b42272d71f79e570a27a4fe) C:\WINDOWS\system32\DRIVERS\cdrom.sys
2011/06/02 00:13:46.0578 3276 cercsr6 (84853b3fd012251690570e9e7e43343f) C:\WINDOWS\system32\drivers\cercsr6.sys
2011/06/02 00:13:46.0781 3276 CVirtA (b5ecadf7708960f1818c7fa015f4c239) C:\WINDOWS\system32\DRIVERS\CVirtA.sys
2011/06/02 00:13:46.0843 3276 CVPNDRVA (18994842386fd3039279d7865740abbd) C:\WINDOWS\system32\Drivers\CVPNDRVA.sys
2011/06/02 00:13:46.0937 3276 Disk (044452051f3e02e7963599fc8f4f3e25) C:\WINDOWS\system32\DRIVERS\disk.sys
2011/06/02 00:13:47.0015 3276 dmboot (d992fe1274bde0f84ad826acae022a41) C:\WINDOWS\system32\drivers\dmboot.sys
2011/06/02 00:13:47.0062 3276 dmio (7c824cf7bbde77d95c08005717a95f6f) C:\WINDOWS\system32\drivers\dmio.sys
2011/06/02 00:13:47.0109 3276 dmload (e9317282a63ca4d188c0df5e09c6ac5f) C:\WINDOWS\system32\drivers\dmload.sys
2011/06/02 00:13:47.0140 3276 DMusic (8a208dfcf89792a484e76c40e5f50b45) C:\WINDOWS\system32\drivers\DMusic.sys
2011/06/02 00:13:47.0187 3276 DNE (b5aa5aa5ac327bd7c1aec0c58f0c1144) C:\WINDOWS\system32\DRIVERS\dne2000.sys
2011/06/02 00:13:47.0296 3276 drmkaud (8f5fcff8e8848afac920905fbd9d33c8) C:\WINDOWS\system32\drivers\drmkaud.sys
2011/06/02 00:13:47.0343 3276 E1000 (a8b3ec8ee13cbe14f067c72110155a1b) C:\WINDOWS\system32\DRIVERS\e1000325.sys
2011/06/02 00:13:47.0406 3276 EAPPkt (d82414ec520453efe2eba936f6a9115a) C:\WINDOWS\system32\DRIVERS\EAPPkt.sys
2011/06/02 00:13:47.0500 3276 Fastfat (38d332a6d56af32635675f132548343e) C:\WINDOWS\system32\drivers\Fastfat.sys
2011/06/02 00:13:47.0562 3276 Fdc (92cdd60b6730b9f50f6a1a0c1f8cdc81) C:\WINDOWS\system32\DRIVERS\fdc.sys
2011/06/02 00:13:47.0593 3276 Fips (d45926117eb9fa946a6af572fbe1caa3) C:\WINDOWS\system32\drivers\Fips.sys
2011/06/02 00:13:47.0625 3276 Flpydisk (9d27e7b80bfcdf1cdd9b555862d5e7f0) C:\WINDOWS\system32\DRIVERS\flpydisk.sys
2011/06/02 00:13:47.0656 3276 FltMgr (b2cf4b0786f8212cb92ed2b50c6db6b0) C:\WINDOWS\system32\drivers\fltmgr.sys
2011/06/02 00:13:47.0703 3276 Fs_Rec (3e1e2bd4f39b0e2b7dc4f4d2bcc2779a) C:\WINDOWS\system32\drivers\Fs_Rec.sys
2011/06/02 00:13:47.0734 3276 Ftdisk (6ac26732762483366c3969c9e4d2259d) C:\WINDOWS\system32\DRIVERS\ftdisk.sys
2011/06/02 00:13:47.0796 3276 Gpc (0a02c63c8b144bd8c86b103dee7c86a2) C:\WINDOWS\system32\DRIVERS\msgpc.sys
2011/06/02 00:13:47.0875 3276 hidusb (ccf82c5ec8a7326c3066de870c06daf1) C:\WINDOWS\system32\DRIVERS\hidusb.sys
2011/06/02 00:13:47.0953 3276 HTTP (f80a415ef82cd06ffaf0d971528ead38) C:\WINDOWS\system32\Drivers\HTTP.sys
2011/06/02 00:13:48.0062 3276 i8042prt (4a0b06aa8943c1e332520f7440c0aa30) C:\WINDOWS\system32\DRIVERS\i8042prt.sys
2011/06/02 00:13:48.0140 3276 ialm (3ca41cdb9c912aed354b0c7abe4a4654) C:\WINDOWS\system32\DRIVERS\ialmnt5.sys
2011/06/02 00:13:48.0203 3276 Imapi (083a052659f5310dd8b6a6cb05edcf8e) C:\WINDOWS\system32\DRIVERS\imapi.sys
2011/06/02 00:13:48.0281 3276 IntelIde (b5466a9250342a7aa0cd1fba13420678) C:\WINDOWS\system32\DRIVERS\intelide.sys
2011/06/02 00:13:48.0312 3276 intelppm (8c953733d8f36eb2133f5bb58808b66b) C:\WINDOWS\system32\DRIVERS\intelppm.sys
2011/06/02 00:13:48.0359 3276 Ip6Fw (3bb22519a194418d5fec05d800a19ad0) C:\WINDOWS\system32\drivers\ip6fw.sys
2011/06/02 00:13:48.0421 3276 IpFilterDriver (731f22ba402ee4b62748adaf6363c182) C:\WINDOWS\system32\DRIVERS\ipfltdrv.sys
2011/06/02 00:13:48.0453 3276 IpInIp (b87ab476dcf76e72010632b5550955f5) C:\WINDOWS\system32\DRIVERS\ipinip.sys
2011/06/02 00:13:48.0500 3276 IpNat (cc748ea12c6effde940ee98098bf96bb) C:\WINDOWS\system32\DRIVERS\ipnat.sys
2011/06/02 00:13:48.0531 3276 IPSec (23c74d75e36e7158768dd63d92789a91) C:\WINDOWS\system32\DRIVERS\ipsec.sys
2011/06/02 00:13:48.0578 3276 IRENUM (c93c9ff7b04d772627a3646d89f7bf89) C:\WINDOWS\system32\DRIVERS\irenum.sys
2011/06/02 00:13:48.0609 3276 isapnp (05a299ec56e52649b1cf2fc52d20f2d7) C:\WINDOWS\system32\DRIVERS\isapnp.sys
2011/06/02 00:13:48.0656 3276 Kbdclass (463c1ec80cd17420a542b7f36a36f128) C:\WINDOWS\system32\DRIVERS\kbdclass.sys
2011/06/02 00:13:48.0687 3276 kbdhid (9ef487a186dea361aa06913a75b3fa99) C:\WINDOWS\system32\DRIVERS\kbdhid.sys
2011/06/02 00:13:48.0718 3276 kmixer (692bcf44383d056aed41b045a323d378) C:\WINDOWS\system32\drivers\kmixer.sys
2011/06/02 00:13:48.0765 3276 KSecDD (b467646c54cc746128904e1654c750c1) C:\WINDOWS\system32\drivers\KSecDD.sys
2011/06/02 00:13:48.0859 3276 mnmdd (4ae068242760a1fb6e1a44bf4e16afa6) C:\WINDOWS\system32\drivers\mnmdd.sys
2011/06/02 00:13:48.0906 3276 Modem (dfcbad3cec1c5f964962ae10e0bcc8e1) C:\WINDOWS\system32\drivers\Modem.sys
2011/06/02 00:13:48.0953 3276 Mouclass (35c9e97194c8cfb8430125f8dbc34d04) C:\WINDOWS\system32\DRIVERS\mouclass.sys
2011/06/02 00:13:48.0984 3276 mouhid (b1c303e17fb9d46e87a98e4ba6769685) C:\WINDOWS\system32\DRIVERS\mouhid.sys
2011/06/02 00:13:49.0015 3276 MountMgr (a80b9a0bad1b73637dbcbba7df72d3fd) C:\WINDOWS\system32\drivers\MountMgr.sys
2011/06/02 00:13:49.0062 3276 MpFilter (7e34bfa1a7b60bba1da03d677f16cd63) C:\WINDOWS\system32\DRIVERS\MpFilter.sys
2011/06/02 00:13:49.0187 3276 MpKslc13e2823 (5f53edfead46fa7adb78eee9ecce8fdf) C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AE103C5-C8B3-4A1A-80F7-DCDF8D38610F}\MpKslc13e2823.sys
2011/06/02 00:13:49.0234 3276 MRxDAV (11d42bb6206f33fbb3ba0288d3ef81bd) C:\WINDOWS\system32\DRIVERS\mrxdav.sys
2011/06/02 00:13:49.0296 3276 MRxSmb (0ea4d8ed179b75f8afa7998ba22285ca) C:\WINDOWS\system32\DRIVERS\mrxsmb.sys
2011/06/02 00:13:49.0375 3276 Msfs (c941ea2454ba8350021d774daf0f1027) C:\WINDOWS\system32\drivers\Msfs.sys
2011/06/02 00:13:49.0437 3276 MSKSSRV (d1575e71568f4d9e14ca56b7b0453bf1) C:\WINDOWS\system32\drivers\MSKSSRV.sys
2011/06/02 00:13:49.0484 3276 MSPCLOCK (325bb26842fc7ccc1fcce2c457317f3e) C:\WINDOWS\system32\drivers\MSPCLOCK.sys
2011/06/02 00:13:49.0515 3276 MSPQM (bad59648ba099da4a17680b39730cb3d) C:\WINDOWS\system32\drivers\MSPQM.sys
2011/06/02 00:13:49.0562 3276 mssmbios (af5f4f3f14a8ea2c26de30f7a1e17136) C:\WINDOWS\system32\DRIVERS\mssmbios.sys
2011/06/02 00:13:49.0625 3276 MSTEE (e53736a9e30c45fa9e7b5eac55056d1d) C:\WINDOWS\system32\drivers\MSTEE.sys
2011/06/02 00:13:49.0656 3276 Mup (2f625d11385b1a94360bfc70aaefdee1) C:\WINDOWS\system32\drivers\Mup.sys
2011/06/02 00:13:49.0718 3276 NABTSFEC (5b50f1b2a2ed47d560577b221da734db) C:\WINDOWS\system32\DRIVERS\NABTSFEC.sys
2011/06/02 00:13:49.0781 3276 NDIS (1df7f42665c94b825322fae71721130d) C:\WINDOWS\system32\drivers\NDIS.sys
2011/06/02 00:13:49.0812 3276 NdisIP (7ff1f1fd8609c149aa432f95a8163d97) C:\WINDOWS\system32\DRIVERS\NdisIP.sys
2011/06/02 00:13:49.0843 3276 NdisTapi (1ab3d00c991ab086e69db84b6c0ed78f) C:\WINDOWS\system32\DRIVERS\ndistapi.sys
2011/06/02 00:13:49.0890 3276 Ndisuio (f927a4434c5028758a842943ef1a3849) C:\WINDOWS\system32\DRIVERS\ndisuio.sys
2011/06/02 00:13:49.0921 3276 NdisWan (edc1531a49c80614b2cfda43ca8659ab) C:\WINDOWS\system32\DRIVERS\ndiswan.sys
2011/06/02 00:13:49.0968 3276 NDProxy (9282bd12dfb069d3889eb3fcc1000a9b) C:\WINDOWS\system32\drivers\NDProxy.sys
2011/06/02 00:13:50.0015 3276 NetBIOS (5d81cf9a2f1a3a756b66cf684911cdf0) C:\WINDOWS\system32\DRIVERS\netbios.sys
2011/06/02 00:13:50.0062 3276 NetBT (74b2b2f5bea5e9a3dc021d685551bd3d) C:\WINDOWS\system32\DRIVERS\netbt.sys
2011/06/02 00:13:50.0125 3276 Npfs (3182d64ae053d6fb034f44b6def8034a) C:\WINDOWS\system32\drivers\Npfs.sys
2011/06/02 00:13:50.0156 3276 Ntfs (78a08dd6a8d65e697c18e1db01c5cdca) C:\WINDOWS\system32\drivers\Ntfs.sys
2011/06/02 00:13:50.0250 3276 Null (73c1e1f395918bc2c6dd67af7591a3ad) C:\WINDOWS\system32\drivers\Null.sys
2011/06/02 00:13:50.0296 3276 NwlnkFlt (b305f3fad35083837ef46a0bbce2fc57) C:\WINDOWS\system32\DRIVERS\nwlnkflt.sys
2011/06/02 00:13:50.0328 3276 NwlnkFwd (c99b3415198d1aab7227f2c88fd664b9) C:\WINDOWS\system32\DRIVERS\nwlnkfwd.sys
2011/06/02 00:13:50.0390 3276 Parport (5575faf8f97ce5e713d108c2a58d7c7c) C:\WINDOWS\system32\DRIVERS\parport.sys
2011/06/02 00:13:50.0421 3276 PartMgr (beb3ba25197665d82ec7065b724171c6) C:\WINDOWS\system32\drivers\PartMgr.sys
2011/06/02 00:13:50.0453 3276 ParVdm (70e98b3fd8e963a6a46a2e6247e0bea1) C:\WINDOWS\system32\drivers\ParVdm.sys
2011/06/02 00:13:50.0484 3276 PCI (a219903ccf74233761d92bef471a07b1) C:\WINDOWS\system32\DRIVERS\pci.sys
2011/06/02 00:13:50.0546 3276 PCIIde (ccf5f451bb1a5a2a522a76e670000ff0) C:\WINDOWS\system32\drivers\PCIIde.sys
2011/06/02 00:13:50.0593 3276 Pcmcia (9e89ef60e9ee05e3f2eef2da7397f1c1) C:\WINDOWS\system32\drivers\Pcmcia.sys
2011/06/02 00:13:50.0859 3276 PptpMiniport (efeec01b1d3cf84f16ddd24d9d9d8f99) C:\WINDOWS\system32\DRIVERS\raspptp.sys
2011/06/02 00:13:50.0890 3276 PSched (09298ec810b07e5d582cb3a3f9255424) C:\WINDOWS\system32\DRIVERS\psched.sys
2011/06/02 00:13:50.0937 3276 Ptilink (80d317bd1c3dbc5d4fe7b1678c60cadd) C:\WINDOWS\system32\DRIVERS\ptilink.sys
2011/06/02 00:13:50.0984 3276 PxHelp20 (153d02480a0a2f45785522e814c634b6) C:\WINDOWS\system32\Drivers\PxHelp20.sys
2011/06/02 00:13:51.0140 3276 RasAcd (fe0d99d6f31e4fad8159f690d68ded9c) C:\WINDOWS\system32\DRIVERS\rasacd.sys
2011/06/02 00:13:51.0171 3276 Rasl2tp (11b4a627bc9614b885c4969bfa5ff8a6) C:\WINDOWS\system32\DRIVERS\rasl2tp.sys
2011/06/02 00:13:51.0203 3276 RasPppoe (5bc962f2654137c9909c3d4603587dee) C:\WINDOWS\system32\DRIVERS\raspppoe.sys
2011/06/02 00:13:51.0234 3276 Raspti (fdbb1d60066fcfbb7452fd8f9829b242) C:\WINDOWS\system32\DRIVERS\raspti.sys
2011/06/02 00:13:51.0281 3276 Rdbss (7ad224ad1a1437fe28d89cf22b17780a) C:\WINDOWS\system32\DRIVERS\rdbss.sys
2011/06/02 00:13:51.0312 3276 RDPCDD (4912d5b403614ce99c28420f75353332) C:\WINDOWS\system32\DRIVERS\RDPCDD.sys
2011/06/02 00:13:51.0359 3276 rdpdr (15cabd0f7c00c47c70124907916af3f1) C:\WINDOWS\system32\DRIVERS\rdpdr.sys
2011/06/02 00:13:51.0406 3276 RDPWD (6728e45b66f93c08f11de2e316fc70dd) C:\WINDOWS\system32\drivers\RDPWD.sys
2011/06/02 00:13:51.0453 3276 redbook (f828dd7e1419b6653894a8f97a0094c5) C:\WINDOWS\system32\DRIVERS\redbook.sys
2011/06/02 00:13:51.0562 3276 rtl8185 (e080154c04f9ae81485e4baac8b9d82c) C:\WINDOWS\system32\DRIVERS\rtl8185.sys
2011/06/02 00:13:51.0765 3276 Secdrv (90a3935d05b494a5a39d37e71f09a677) C:\WINDOWS\system32\DRIVERS\secdrv.sys
2011/06/02 00:13:51.0812 3276 serenum (0f29512ccd6bead730039fb4bd2c85ce) C:\WINDOWS\system32\DRIVERS\serenum.sys
2011/06/02 00:13:51.0843 3276 Serial (cca207a8896d4c6a0c9ce29a4ae411a7) C:\WINDOWS\system32\DRIVERS\serial.sys
2011/06/02 00:13:51.0875 3276 Sfloppy (8e6b8c671615d126fdc553d1e2de5562) C:\WINDOWS\system32\drivers\Sfloppy.sys
2011/06/02 00:13:51.0968 3276 SLIP (866d538ebe33709a5c9f5c62b73b7d14) C:\WINDOWS\system32\DRIVERS\SLIP.sys
2011/06/02 00:13:52.0031 3276 smwdm (31fd0707c7dbe715234f2823b27214fe) C:\WINDOWS\system32\drivers\smwdm.sys
2011/06/02 00:13:52.0125 3276 splitter (ab8b92451ecb048a4d1de7c3ffcb4a9f) C:\WINDOWS\system32\drivers\splitter.sys
2011/06/02 00:13:52.0156 3276 sr (76bb022c2fb6902fd5bdd4f78fc13a5d) C:\WINDOWS\system32\DRIVERS\sr.sys
2011/06/02 00:13:52.0218 3276 Srv (47ddfc2f003f7f9f0592c6874962a2e7) C:\WINDOWS\system32\DRIVERS\srv.sys
2011/06/02 00:13:52.0296 3276 streamip (77813007ba6265c4b6098187e6ed79d2) C:\WINDOWS\system32\DRIVERS\StreamIP.sys
2011/06/02 00:13:52.0343 3276 swenum (3941d127aef12e93addf6fe6ee027e0f) C:\WINDOWS\system32\DRIVERS\swenum.sys
2011/06/02 00:13:52.0375 3276 swmidi (8ce882bcc6cf8a62f2b2323d95cb3d01) C:\WINDOWS\system32\drivers\swmidi.sys
2011/06/02 00:13:52.0531 3276 sysaudio (8b83f3ed0f1688b4958f77cd6d2bf290) C:\WINDOWS\system32\drivers\sysaudio.sys
2011/06/02 00:13:52.0593 3276 Tcpip (9aefa14bd6b182d61e3119fa5f436d3d) C:\WINDOWS\system32\DRIVERS\tcpip.sys
2011/06/02 00:13:52.0640 3276 TDPIPE (6471a66807f5e104e4885f5b67349397) C:\WINDOWS\system32\drivers\TDPIPE.sys
2011/06/02 00:13:52.0671 3276 TDTCP (c56b6d0402371cf3700eb322ef3aaf61) C:\WINDOWS\system32\drivers\TDTCP.sys
2011/06/02 00:13:52.0718 3276 TermDD (88155247177638048422893737429d9e) C:\WINDOWS\system32\DRIVERS\termdd.sys
2011/06/02 00:13:52.0828 3276 Udfs (5787b80c2e3c5e2f56c2a233d91fa2c9) C:\WINDOWS\system32\drivers\Udfs.sys
2011/06/02 00:13:52.0906 3276 Update (402ddc88356b1bac0ee3dd1580c76a31) C:\WINDOWS\system32\DRIVERS\update.sys
2011/06/02 00:13:52.0984 3276 usbaudio (e919708db44ed8543a7c017953148330) C:\WINDOWS\system32\drivers\usbaudio.sys
2011/06/02 00:13:53.0031 3276 usbccgp (173f317ce0db8e21322e71b7e60a27e8) C:\WINDOWS\system32\DRIVERS\usbccgp.sys
2011/06/02 00:13:53.0078 3276 usbehci (65dcf09d0e37d4c6b11b5b0b76d470a7) C:\WINDOWS\system32\DRIVERS\usbehci.sys
2011/06/02 00:13:53.0109 3276 usbhub (1ab3cdde553b6e064d2e754efe20285c) C:\WINDOWS\system32\DRIVERS\usbhub.sys
2011/06/02 00:13:53.0171 3276 USBSTOR (a32426d9b14a089eaa1d922e0c5801a9) C:\WINDOWS\system32\DRIVERS\USBSTOR.SYS
2011/06/02 00:13:53.0218 3276 usbuhci (26496f9dee2d787fc3e61ad54821ffe6) C:\WINDOWS\system32\DRIVERS\usbuhci.sys
2011/06/02 00:13:53.0265 3276 usbvideo (63bbfca7f390f4c49ed4b96bfb1633e0) C:\WINDOWS\system32\Drivers\usbvideo.sys
2011/06/02 00:13:53.0281 3276 VgaSave (0d3a8fafceacd8b7625cd549757a7df1) C:\WINDOWS\System32\drivers\vga.sys
2011/06/02 00:13:53.0359 3276 VolSnap (4c8fcb5cc53aab716d810740fe59d025) C:\WINDOWS\system32\drivers\VolSnap.sys
2011/06/02 00:13:53.0421 3276 Wanarp (e20b95baedb550f32dd489265c1da1f6) C:\WINDOWS\system32\DRIVERS\wanarp.sys
2011/06/02 00:13:53.0515 3276 wdmaud (6768acf64b18196494413695f0c3a00f) C:\WINDOWS\system32\drivers\wdmaud.sys
2011/06/02 00:13:53.0593 3276 WmBEnum (588c1df21321ec51eebff2c8909d1587) C:\WINDOWS\system32\drivers\WmBEnum.sys
2011/06/02 00:13:53.0656 3276 WmFilter (3b45b7bfd513d3313e895d187849e3a3) C:\WINDOWS\system32\drivers\WmFilter.sys
2011/06/02 00:13:53.0703 3276 WmVirHid (fe7d6991fd5894f06aae95dc78e79948) C:\WINDOWS\system32\drivers\WmVirHid.sys
2011/06/02 00:13:53.0734 3276 WmXlCore (dcbb4688ee775912444b9010cd3fe9b6) C:\WINDOWS\system32\drivers\WmXlCore.sys
2011/06/02 00:13:53.0796 3276 WSTCODEC (c98b39829c2bbd34e454150633c62c78) C:\WINDOWS\system32\DRIVERS\WSTCODEC.SYS
2011/06/02 00:13:53.0875 3276 MBR (0x1B8) (8f558eb6672622401da993e1e865c861) \Device\Harddisk0\DR0
2011/06/02 00:13:54.0000 3276 ================================================================================
2011/06/02 00:13:54.0000 3276 Scan finished
2011/06/02 00:13:54.0000 3276 ================================================================================
2011/06/02 00:13:54.0015 0484 Detected object count: 0
2011/06/02 00:13:54.0015 0484 Actual detected object count: 0


The OTL log (incidentally, since the downloads were automatically directed to C:\Documents and Settings\Jim.EMILE.000\My Documents\Downloads, I just saved and ran them from that location):

OTL logfile created on: 6/2/2011 12:21:07 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jim.EMILE.000\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

509.98 Mb Total Physical Memory | 172.24 Mb Available Physical Memory | 33.77% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.50 Gb Free Space | 73.13% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 74.51 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: EMILE | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/02 00:18:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim.EMILE.000\My Documents\Downloads\OTL.exe
PRC - [2011/05/19 22:54:14 | 001,010,232 | ---- | M] (Google Inc.) -- C:\Program Files\Google\Chrome\Application\chrome.exe
PRC - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
PRC - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe
PRC - [2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE


========== Modules (SafeList) ==========

MOD - [2011/06/02 00:18:03 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim.EMILE.000\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Super G Wireless Cardbus Service)
SRV - File not found [On_Demand | Stopped] -- -- (MSDTC)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/02/28 19:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 11:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/23 13:19:32 | 001,528,616 | ---- | M] (Cisco Systems, Inc.) [Auto | Running] -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe -- (CVPND)
SRV - [2010/03/18 11:19:26 | 000,113,152 | ---- | M] (ArcSoft Inc.) [Auto | Running] -- C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACService.exe -- (ACDaemon)


========== Driver Services (SafeList) ==========

DRV - [2011/06/02 00:04:42 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4AE103C5-C8B3-4A1A-80F7-DCDF8D38610F}\MpKslc13e2823.sys -- (MpKslc13e2823)
DRV - [2010/03/23 13:15:36 | 000,308,859 | ---- | M] (Cisco Systems, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\System32\Drivers\CVPNDRVA.sys -- (CVPNDRVA)
DRV - [2008/11/16 18:39:44 | 000,131,984 | ---- | M] (Deterministic Networks, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\DRIVERS\dne2000.sys -- (DNE)
DRV - [2007/01/18 20:28:02 | 000,005,275 | ---- | M] (Cisco Systems, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\CVirtA.sys -- (CVirtA)
DRV - [2006/11/10 16:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\Afc.sys -- (Afc)
DRV - [2005/02/10 08:07:50 | 000,456,448 | R--- | M] (Atheros Communications, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\ar5211.sys -- (AR5211)
DRV - [2002/06/20 10:45:42 | 000,020,128 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2002/06/20 10:45:40 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2002/06/20 10:45:36 | 000,005,728 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2002/06/20 10:45:34 | 000,039,776 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\WmXlCore.sys -- (WmXlCore)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0






O1 HOSTS File: ([2011/05/21 13:05:30 | 000,000,686 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Winamp Toolbar Loader) - {25CEE8EC-5730-41bc-8B58-22DDC8AB8C20} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O2 - BHO: (DgnWebIE) - {2843DAC1-05EF-11D2-95BA-0060083493D6} - C:\WINDOWS\speech\Dragon\web_ie.dll (Dragon Systems)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - File not found
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Winamp Toolbar) - {EBF2BA02-9094-4c5a-858B-BB198F3D8DE2} - C:\Program Files\Winamp Toolbar\winamptb.dll (AOL LLC.)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft Inc.)
O4 - HKLM..\Run: [MSC] C:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKU\.DEFAULT..\Run: [DWQueuedReporting] File not found
O4 - HKU\S-1-5-18..\Run: [DWQueuedReporting] File not found
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Application Data [2009/07/27 09:25:56 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Cookies [2011/05/14 15:06:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Desktop [2011/05/21 13:04:22 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Favorites [2009/07/18 18:52:06 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Administrator\IECompatCache [2009/07/20 22:40:55 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\IETldCache [2009/07/18 18:52:05 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\My Documents [2009/07/18 18:52:05 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Administrator\NetHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Administrator\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Administrator\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Administrator\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\PrivacIE [2009/07/18 20:04:20 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\Recent [2009/07/17 23:11:59 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\SendTo [2011/05/21 12:46:47 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Administrator\Templates [2011/05/21 12:46:43 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Administrator\UserData [2009/07/18 16:21:24 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Administrator\WINDOWS [2009/07/26 13:48:12 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Application Data [2011/05/21 18:26:51 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\All Users\Desktop [2011/05/21 18:26:53 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Documents [2011/02/10 17:33:28 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\All Users\DRM [2009/07/27 09:26:30 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\All Users\Favorites [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\All Users\Start Menu [2009/12/06 12:31:05 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\All Users\Templates [2011/05/05 19:33:31 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser\Application Data [2010/02/10 21:55:32 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser\Cookies [2011/05/14 15:06:10 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser\Desktop [2009/10/25 17:57:20 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Browser\Favorites [2009/09/19 13:56:49 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser\IETldCache [2009/07/27 19:28:47 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser\My Documents [2009/09/11 19:41:48 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser\NetHood [2010/03/01 10:32:10 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Browser\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Browser\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Browser\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser\PrivacIE [2009/07/27 19:34:56 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser\Recent [2010/02/22 23:43:59 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser\SendTo [2009/07/27 19:28:47 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Application Data [2011/04/29 20:21:50 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Cookies [2011/04/29 20:21:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Desktop [2011/04/29 20:21:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Favorites [2011/04/29 20:21:52 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\IETldCache [2011/04/29 20:21:52 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Local Settings [2011/04/29 20:21:53 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\My Documents [2011/04/29 20:21:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\NetHood [2011/04/29 20:21:54 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Browser.EMILE\PrintHood [2011/04/29 20:21:54 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Recent [2011/04/29 20:21:54 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\SendTo [2011/04/29 20:21:54 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Start Menu [2011/04/29 20:21:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE\Templates [2011/04/29 20:21:54 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Application Data [2010/05/08 21:04:01 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Cookies [2011/05/14 15:06:18 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Desktop [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Favorites [2010/04/20 22:45:03 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\IETldCache [2010/04/20 22:44:54 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\My Documents [2010/11/03 20:32:59 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\NetHood [2010/05/01 13:08:23 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\PrivacIE [2010/05/08 21:57:51 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Recent [2010/05/01 13:12:03 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\SendTo [2010/04/20 22:44:55 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Browser.EMILE.000\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Clara\Application Data [2011/05/08 12:22:16 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Clara\Cookies [2011/05/29 14:00:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Clara\Desktop [2010/02/26 21:10:08 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Clara\Favorites [2011/04/03 21:18:54 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Clara\IECompatCache [2010/05/13 17:51:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Clara\IETldCache [2009/08/02 11:45:08 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Clara\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Clara\My Documents [2011/05/25 21:45:29 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Clara\NetHood [2010/09/06 13:50:43 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Clara\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Clara\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Clara\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Clara\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Clara\PrivacIE [2009/08/02 11:47:28 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Clara\Recent [2011/05/25 21:45:29 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Clara\SendTo [2010/10/15 21:41:13 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Clara\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Clara\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Application Data [2009/12/04 16:26:04 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Cookies [2009/07/17 23:08:21 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Default User\Desktop [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Default User\Favorites [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Default User\Local Settings [2009/07/17 15:54:18 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Default User\My Documents [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Default User\NetHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Default User\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Default User\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Recent [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Default User\SendTo [2009/07/17 23:04:35 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Default User\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Default User\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\Application Data [2010/05/01 18:01:12 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\Cookies [2011/05/14 15:06:42 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\Desktop [2009/12/06 13:18:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim\Favorites [2009/10/15 08:39:01 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim\IECompatCache [2009/07/29 21:44:48 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim\IETldCache [2009/07/29 21:43:42 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\My Documents [2009/08/02 22:35:52 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim\NetHood [2010/05/01 18:02:22 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Jim\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Jim\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Jim\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\PrivacIE [2009/07/29 21:44:14 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim\Recent [2010/05/01 18:02:36 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\SendTo [2010/05/16 22:40:57 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\Start Menu [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim\WINDOWS [2009/09/06 18:14:49 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Application Data [2010/12/15 21:46:15 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Cookies [2009/07/17 23:08:21 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Desktop [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Favorites [2010/12/15 21:46:26 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\IETldCache [2010/12/15 21:45:33 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\My Documents [2010/12/15 21:46:24 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\NetHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Jim.EMILE\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Jim.EMILE\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Jim.EMILE\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\PrivacIE [2010/12/15 21:48:24 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Recent [2010/12/15 21:46:24 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\SendTo [2010/12/15 21:46:10 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Application Data [2011/05/21 18:30:15 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Cookies [2011/05/14 15:06:48 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\defogger_reenable ()
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Desktop [2011/05/21 18:41:24 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Favorites [2010/12/15 22:10:58 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\IETldCache [2010/12/15 22:10:12 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\My Documents [2011/04/29 16:25:04 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\NetHood [2011/01/29 21:38:20 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\PrivacIE [2010/12/25 00:54:32 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Recent [2010/12/15 22:10:57 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\SendTo [2011/04/29 20:28:31 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Start Menu [2009/07/17 15:54:18 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Jim.EMILE.000\Templates [2011/04/27 23:02:24 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\LocalService\Application Data [2010/08/29 23:57:32 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\LocalService\Cookies [2009/07/17 23:11:25 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\LocalService\IETldCache [2009/09/10 02:01:04 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\LocalService\Local Settings [2009/07/17 23:11:24 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\LocalService\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\LocalService\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\LocalService\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\NetworkService\Application Data [2009/07/17 23:08:59 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\NetworkService\Cookies [2009/11/26 14:58:16 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\NetworkService\Local Settings [2009/07/17 23:09:00 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\NetworkService\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\NetworkService\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Pascale\Application Data [2011/03/16 10:30:34 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Pascale\Cookies [2011/05/26 18:45:57 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Pascale\Desktop [2011/03/23 22:33:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\Pascale\Favorites [2010/09/12 22:56:10 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Pascale\IECompatCache [2009/08/03 12:40:36 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Pascale\IETldCache [2009/07/27 09:09:06 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Pascale\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Pascale\My Documents [2011/01/13 23:02:37 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Pascale\NetHood [2011/03/12 21:03:33 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Pascale\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Pascale\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\Pascale\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\Pascale\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\Pascale\PrivacIE [2009/07/27 09:10:02 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\Pascale\Recent [2011/04/09 23:05:28 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Pascale\SendTo [2010/08/05 17:49:00 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\Pascale\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\Pascale\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\TEMP\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\TEMP\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE(2).000\Local Settings(2) [2010/04/25 23:00:54 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE(2).000\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE(2).000\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\Application Data [2010/08/24 22:43:43 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\Desktop [2010/08/14 17:16:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\Favorites [2010/10/03 21:54:07 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\Local Settings [2010/08/14 17:16:09 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\ntuser.dat ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\Recent [2010/08/14 17:16:40 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.000\Start Menu [2010/08/14 17:16:40 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\Local Settings [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\My Documents [2011/01/21 15:50:55 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\NetHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\NTUSER.DAT ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\ntuser.ini ()
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\PrintHood [2009/07/17 15:54:18 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\PrivacIE [2011/01/21 15:51:30 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\Recent [2011/01/21 15:50:55 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\SendTo [2011/01/21 15:50:46 | 000,000,000 | RH-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.001\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.002\Start Menu [2009/07/17 15:54:18 | 000,000,000 | R--D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.002\Templates [2009/07/17 23:01:26 | 000,000,000 | -H-D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.003\Application Data [2011/04/14 11:29:23 | 000,000,000 | ---D | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.003\Cookies [2011/04/15 11:29:24 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.003\IETldCache [2011/04/14 09:32:15 | 000,000,000 | -HSD | M]
O4 - Startup: C:\Documents and Settings\TEMP.EMILE.003\Local Settings [2011/04/14 11:29:23 | 000,000,000 | -H-D | M]
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1993962763-308236825-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1 68.94.156.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/07/17 23:05:44 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/21 18:26:52 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/21 18:26:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/21 18:26:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/21 13:29:35 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/21 13:29:35 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/21 13:02:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2011/05/21 12:42:50 | 000,000,000 | ---D | C] -- C:\SDFix
[2011/05/21 12:42:50 | 000,000,000 | ---D | C] -- \SDFix
[2011/05/14 14:23:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/05/14 14:13:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Spybot - Search & Destroy
[2011/05/14 14:13:25 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/05/14 14:13:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/05/05 19:33:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpenOffice.org 3.3
[2011/05/05 19:29:39 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice.org 3
[2011/05/05 19:29:10 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2011/05/05 19:28:32 | 000,000,000 | ---D | C] -- C:\Program Files\Java
[2011/05/05 19:23:12 | 000,000,000 | ---D | C] -- C:\Program Files\OpenOffice
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/02 00:24:26 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{159D9C4E-7B55-48C4-882F-51580D7CB89D}.job
[2011/06/02 00:11:00 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/02 00:09:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/06/02 00:04:49 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/06/02 00:04:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 23:50:07 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/26 14:51:31 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/05/23 15:45:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/21 18:26:53 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 16:09:49 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jim.EMILE.000\defogger_reenable
[2011/05/21 13:05:30 | 000,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2011/05/14 13:55:15 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2011/05/07 20:33:57 | 000,291,680 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/05 19:33:34 | 000,000,885 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\All Users\Documents\*.tmp files -> C:\Documents and Settings\All Users\Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/21 18:26:53 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/21 16:09:49 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim.EMILE.000\defogger_reenable
[2011/05/05 19:33:34 | 000,000,885 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\OpenOffice.org 3.3.lnk
[2011/01/18 20:58:51 | 000,000,053 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2011/01/18 20:58:45 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2010/08/03 15:35:22 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/20 11:05:15 | 000,000,100 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2010/03/23 13:26:48 | 000,201,512 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2010/03/23 13:17:40 | 000,197,416 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2009/07/19 13:29:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\audio.INI
[2009/07/19 12:37:48 | 000,000,231 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2009/07/18 15:58:21 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2009/07/17 23:08:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2009/07/17 23:05:44 | 000,000,000 | RHS- | C] () -- \MSDOS.SYS
[2009/07/17 23:05:44 | 000,000,000 | RHS- | C] () -- \IO.SYS
[2009/07/17 23:05:44 | 000,000,000 | ---- | C] () -- \CONFIG.SYS
[2009/07/17 23:05:44 | 000,000,000 | ---- | C] () -- \AUTOEXEC.BAT
[2009/07/17 23:02:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2009/07/17 15:54:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/07/17 15:53:30 | 000,291,680 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/07/17 15:52:42 | 000,000,211 | -HS- | C] () -- \boot.ini
[2009/07/17 15:47:36 | 805,306,368 | -HS- | C] () --
[2005/03/21 18:48:05 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/21 18:48:05 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,311,604 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,250,048 | RHS- | C] () -- \ntldr
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,047,564 | RHS- | C] () -- \NTDETECT.COM
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,039,992 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2009/07/27 09:25:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2011/05/14 15:06:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Cookies
[2011/05/21 13:04:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Desktop
[2009/07/18 18:52:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Favorites
[2009/07/20 22:40:55 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\IECompatCache
[2009/07/18 18:52:05 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Local Settings
[2009/07/18 18:52:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\My Documents
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\PrintHood
[2009/07/18 20:04:20 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\PrivacIE
[2009/07/17 23:11:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Recent
[2011/05/21 12:46:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\SendTo
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Start Menu
[2011/05/21 12:46:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Administrator\Templates
[2009/07/18 16:21:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Administrator\UserData
[2009/07/26 13:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\WINDOWS
[2011/05/21 18:26:51 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2011/05/21 18:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2011/02/10 17:33:28 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Documents
[2009/07/27 09:26:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\All Users\DRM
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Favorites
[2009/12/06 12:31:05 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu
[2011/05/05 19:33:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Templates
[2010/02/10 21:55:32 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser\Application Data
[2011/05/14 15:06:10 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser\Cookies
[2009/10/25 17:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Browser\Desktop
[2009/09/19 13:56:49 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser\Favorites
[2009/07/27 19:28:47 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser\Local Settings
[2009/09/11 19:41:48 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser\My Documents
[2010/03/01 10:32:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser\PrintHood
[2009/07/27 19:34:56 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser\PrivacIE
[2010/02/22 23:43:59 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser\Recent
[2009/07/27 19:28:47 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser\SendTo
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser\Templates
[2011/04/29 20:21:50 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser.EMILE\Application Data
[2011/04/29 20:21:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser.EMILE\Cookies
[2011/04/29 20:21:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Browser.EMILE\Desktop
[2011/04/29 20:21:52 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser.EMILE\Favorites
[2011/04/29 20:21:52 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser.EMILE\IETldCache
[2011/04/29 20:21:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE\Local Settings
[2011/04/29 20:21:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser.EMILE\My Documents
[2011/04/29 20:21:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE\NetHood
[2011/04/29 20:21:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE\PrintHood
[2011/04/29 20:21:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser.EMILE\Recent
[2011/04/29 20:21:54 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser.EMILE\SendTo
[2011/04/29 20:21:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser.EMILE\Start Menu
[2011/04/29 20:21:54 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE\Templates
[2010/05/08 21:04:01 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser.EMILE.000\Application Data
[2011/05/14 15:06:18 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser.EMILE.000\Cookies
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Browser.EMILE.000\Desktop
[2010/04/20 22:45:03 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser.EMILE.000\Favorites
[2010/04/20 22:44:54 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser.EMILE.000\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE.000\Local Settings
[2010/11/03 20:32:59 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser.EMILE.000\My Documents
[2010/05/01 13:08:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE.000\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE.000\PrintHood
[2010/05/08 21:57:51 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Browser.EMILE.000\PrivacIE
[2010/05/01 13:12:03 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser.EMILE.000\Recent
[2010/04/20 22:44:55 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Browser.EMILE.000\SendTo
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Browser.EMILE.000\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Browser.EMILE.000\Templates
[2011/05/08 12:22:16 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Clara\Application Data
[2011/05/29 14:00:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Clara\Cookies
[2010/02/26 21:10:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Clara\Desktop
[2011/04/03 21:18:54 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Clara\Favorites
[2010/05/13 17:51:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Clara\IECompatCache
[2009/08/02 11:45:08 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Clara\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Clara\Local Settings
[2011/05/25 21:45:29 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Clara\My Documents
[2010/09/06 13:50:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Clara\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Clara\PrintHood
[2009/08/02 11:47:28 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Clara\PrivacIE
[2011/05/25 21:45:29 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Clara\Recent
[2010/10/15 21:41:13 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Clara\SendTo
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Clara\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Clara\Templates
[2009/12/04 16:26:04 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2009/07/17 23:08:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Default User\Cookies
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Desktop
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Favorites
[2009/07/17 15:54:18 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Local Settings
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\My Documents
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\PrintHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Recent
[2009/07/17 23:04:35 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\SendTo
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Default User\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Default User\Templates
[2010/05/01 18:01:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Application Data
[2011/05/14 15:06:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Cookies
[2009/12/06 13:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Desktop
[2009/10/15 08:39:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Favorites
[2009/07/29 21:44:48 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim\IECompatCache
[2009/07/29 21:43:42 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Local Settings
[2009/08/02 22:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\My Documents
[2010/05/01 18:02:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\PrintHood
[2009/07/29 21:44:14 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim\PrivacIE
[2010/05/01 18:02:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Recent
[2010/05/16 22:40:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\SendTo
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim\Templates
[2009/09/06 18:14:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\WINDOWS
[2010/12/15 21:46:15 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Jim.EMILE\Application Data
[2009/07/17 23:08:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim.EMILE\Cookies
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE\Desktop
[2010/12/15 21:46:26 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Jim.EMILE\Favorites
[2010/12/15 21:45:33 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim.EMILE\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE\Local Settings
[2010/12/15 21:46:24 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Jim.EMILE\My Documents
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE\PrintHood
[2010/12/15 21:48:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim.EMILE\PrivacIE
[2010/12/15 21:46:24 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Jim.EMILE\Recent
[2010/12/15 21:46:10 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Jim.EMILE\SendTo
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Jim.EMILE\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE\Templates
[2011/05/21 18:30:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data
[2011/05/14 15:06:48 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\Cookies
[2011/05/21 18:41:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Desktop
[2010/12/15 22:10:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Favorites
[2010/12/15 22:10:12 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim.EMILE.000\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\Local Settings
[2011/04/29 16:25:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\My Documents
[2011/01/29 21:38:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\PrintHood
[2010/12/25 00:54:32 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Jim.EMILE.000\PrivacIE
[2010/12/15 22:10:57 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\Recent
[2011/04/29 20:28:31 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\SendTo
[2009/07/17 15:54:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Start Menu
[2011/04/27 23:02:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Jim.EMILE.000\Templates
[2010/08/29 23:57:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2009/07/17 23:11:25 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\Cookies
[2009/09/10 02:01:04 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\LocalService\IETldCache
[2009/07/17 23:11:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\LocalService\Local Settings
[2009/07/17 23:08:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2009/11/26 14:58:16 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\NetworkService\Cookies
[2009/07/17 23:09:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\NetworkService\Local Settings
[2011/03/16 10:30:34 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Pascale\Application Data
[2011/05/26 18:45:57 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pascale\Cookies
[2011/03/23 22:33:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Pascale\Desktop
[2010/09/12 22:56:10 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Pascale\Favorites
[2009/08/03 12:40:36 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pascale\IECompatCache
[2009/07/27 09:09:06 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pascale\IETldCache
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Pascale\Local Settings
[2011/01/13 23:02:37 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Pascale\My Documents
[2011/03/12 21:03:33 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Pascale\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Pascale\PrintHood
[2009/07/27 09:10:02 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Pascale\PrivacIE
[2011/04/09 23:05:28 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Pascale\Recent
[2010/08/05 17:49:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Pascale\SendTo
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Pascale\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Pascale\Templates
[2010/04/25 23:00:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP.EMILE(2).000\Local Settings(2)
[2010/08/24 22:43:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP.EMILE.000\Application Data
[2010/08/14 17:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP.EMILE.000\Desktop
[2010/10/03 21:54:07 | 000,000,000 | R--D | M] -- C:\Documents and Settings\TEMP.EMILE.000\Favorites
[2010/08/14 17:16:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP.EMILE.000\Local Settings
[2010/08/14 17:16:40 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\TEMP.EMILE.000\Recent
[2010/08/14 17:16:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP.EMILE.000\Start Menu
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TEMP.EMILE.001\Local Settings
[2011/01/21 15:50:55 | 000,000,000 | R--D | M] -- C:\Documents and Settings\TEMP.EMILE.001\My Documents
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TEMP.EMILE.001\NetHood
[2009/07/17 15:54:18 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TEMP.EMILE.001\PrintHood
[2011/01/21 15:51:30 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\TEMP.EMILE.001\PrivacIE
[2011/01/21 15:50:55 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\TEMP.EMILE.001\Recent
[2011/01/21 15:50:46 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\TEMP.EMILE.001\SendTo
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\TEMP.EMILE.001\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TEMP.EMILE.001\Templates
[2009/07/17 15:54:18 | 000,000,000 | R--D | M] -- C:\Documents and Settings\TEMP.EMILE.002\Start Menu
[2009/07/17 23:01:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TEMP.EMILE.002\Templates
[2011/04/14 11:29:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\TEMP.EMILE.003\Application Data
[2011/04/15 11:29:24 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\TEMP.EMILE.003\Cookies
[2011/04/14 09:32:15 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\TEMP.EMILE.003\IETldCache
[2011/04/14 11:29:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\TEMP.EMILE.003\Local Settings
[2011/06/02 00:09:42 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2011/06/02 00:24:26 | 000,000,418 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{159D9C4E-7B55-48C4-882F-51580D7CB89D}.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: EXPLORER.EXE >
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\explorer.exe
[2008/04/13 17:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) MD5=12896823FB95BFB3DC9B46BCAEDC9923 -- C:\WINDOWS\ServicePackFiles\i386\explorer.exe
[2004/08/04 05:00:00 | 001,032,192 | ---- | M] (Microsoft Corporation) MD5=A0732187050030AE399B241436565E64 -- C:\WINDOWS\$NtServicePackUninstall$\explorer.exe

< MD5 for: SVCHOST.EXE >
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\ServicePackFiles\i386\svchost.exe
[2008/04/13 17:12:36 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=27C6D03BCDB8CFEB96B716F3D8BE3E18 -- C:\WINDOWS\System32\svchost.exe
[2004/08/04 05:00:00 | 000,014,336 | ---- | M] (Microsoft Corporation) MD5=8F078AE4ED187AAABC0A305146DE6716 -- C:\WINDOWS\$NtServicePackUninstall$\svchost.exe

< MD5 for: USERINIT.EXE >
[2004/08/04 05:00:00 | 000,024,576 | ---- | M] (Microsoft Corporation) MD5=39B1FFB03C2296323832ACBAE50D2AFF -- C:\WINDOWS\$NtServicePackUninstall$\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\ServicePackFiles\i386\userinit.exe
[2008/04/13 17:12:38 | 000,026,112 | ---- | M] (Microsoft Corporation) MD5=A93AEE1928A9D7CE3E16D24EC7380F89 -- C:\WINDOWS\System32\userinit.exe

< MD5 for: VOLSNAP.SYS >
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 11:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\System32\drivers\volsnap.sys
[2004/08/04 05:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< MD5 for: WINLOGON.EXE >
[2004/08/04 05:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 17:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\System32\winlogon.exe

< %ALLUSERSPROFILE%\Application Data\*. >
[2011/03/18 10:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2011/04/15 23:11:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ArcSoft
[2009/07/29 21:48:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2009/07/18 20:08:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google Updater
[2011/05/21 18:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/08/26 23:42:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/03/29 21:35:46 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2011/05/19 18:40:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help
[2011/04/22 21:04:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/07/29 22:35:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2010/03/15 23:40:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Real
[2010/08/03 15:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Skype
[2011/05/14 14:15:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2010/02/06 16:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/05/14 14:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/07/29 22:35:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2011/01/18 21:00:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\The Learning Company
[2009/07/27 09:26:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Winamp Toolbar
[2010/03/31 23:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage

< %ALLUSERSPROFILE%\Application Data\*.exe /s >
[2011/04/25 15:35:23 | 000,526,512 | ---- | M] (Google Inc.) -- C:\Documents and Settings\All Users\Application Data\Google\Google Toolbar\Update\GoogleToolbarInstaller_updater_signed.exe

< %APPDATA%\*. >
[2011/05/10 23:30:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\Adobe
[2011/04/29 16:27:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\ArcSoft
[2010/12/25 00:55:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\Google
[2010/12/15 22:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\Identities
[2011/04/28 22:04:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\InstallShield
[2009/12/04 16:26:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\Macromedia
[2011/05/21 18:30:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\Malwarebytes
[2011/05/07 20:56:48 | 000,000,000 | --SD | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\Microsoft
[2011/05/21 18:27:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\OpenOffice.org
[2011/02/26 21:46:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\Real
[2011/05/14 14:23:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim.EMILE.000\Application Data\SUPERAntiSpyware.com

< %APPDATA%\*.exe /s >

< %SYSTEMDRIVE%\*.exe >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< C:\program files\common files\data\* /s >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2009/07/17 15:52:41 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/07/17 15:52:41 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/07/17 15:52:41 | 000,884,736 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >

< C:\Documents and Settings\mhumphrey\Desktop\*.* /s >

< :reg >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList /s >
"ProfilesDirectory" = %SystemDrive%\Documents and Settings -- [2011/05/31 09:31:27 | 000,000,000 | ---D | M]
"DefaultUserProfile" = Default User
"AllUsersProfile" = All Users
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-18]
"Flags" = 12
"State" = 0
"RefCount" = 1
"Sid" = 01 01 00 00 00 00 00 05 12 00 00 00 [binary data]
"ProfileImagePath" = %systemroot%\system32\config\systemprofile -- [2011/04/29 20:22:12 | 000,000,000 | ---D | M]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-19]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\LocalService -- [2011/04/29 20:22:12 | 000,000,000 | -HSD | M]
"Sid" = 01 01 00 00 00 00 00 05 13 00 00 00 [binary data]
"Flags" = 9
"State" = 0
"CentralProfile" =
"ProfileLoadTimeLow" = 1389581480
"ProfileLoadTimeHigh" = 30154995
"RefCount" = 4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-20]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\NetworkService -- [2011/04/29 20:22:13 | 000,000,000 | -HSD | M]
"Sid" = 01 01 00 00 00 00 00 05 14 00 00 00 [binary data]
"Flags" = 9
"State" = 0
"CentralProfile" =
"ProfileLoadTimeLow" = 1382706480
"ProfileLoadTimeHigh" = 30154995
"RefCount" = 2
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\Jim.EMILE.000 -- [2011/05/21 16:09:49 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 0B 75 D9 76 19 52 5F 12 07 E5 3B 2B EB 03 00 00 [binary data]
"Flags" = 0
"State" = 256
"CentralProfile" =
"ProfileLoadTimeLow" = 961801684
"ProfileLoadTimeHigh" = 30154996
"RefCount" = 1
"RunLogonScriptSync" = 0
"OptimizedLogonStatus" = 11
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003\Software]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003\Software\Microsoft]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003\Software\Microsoft\Internet Explorer]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003\Software\Microsoft\Internet Explorer\LinksBar]
"MarketingLinksMigrate" = C8 49 51 21 9F 13 CC 01 [binary data]
"LinksFolderMigrate" = C8 49 51 21 9F 13 CC 01 [binary data]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003\Software\Microsoft\Internet Explorer\LinksBar\ItemCache]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\0]
"Path" = C:\Documents and Settings\Jim.EMILE.000\Favorites\Links\Suggested Sites.url -- [2010/12/25 00:54:44 | 000,000,302 | ---- | M] ()
"Handler" = {B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
"FeedUrl" = https://ieonline.microsoft.com/#ieslice
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003\Software\Microsoft\Internet Explorer\LinksBar\ItemCache\1]
"Path" = C:\Documents and Settings\Jim.EMILE.000\Favorites\Links\Web Slice Gallery.url -- [2010/12/15 22:10:59 | 000,000,226 | ---- | M] ()
"Handler" = {B0FA7D7C-7195-4F03-B03E-9DC1C9EBC394}
"FeedUrl" = http://go.microsoft.com/fwlink/?LinkId=121315
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1003.bak]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\Jim.EMILE.000 -- [2011/05/21 16:09:49 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 0B 75 D9 76 19 52 5F 12 07 E5 3B 2B EB 03 00 00 [binary data]
"Flags" = 0
"State" = 33024
"CentralProfile" =
"ProfileLoadTimeLow" = -410353640
"ProfileLoadTimeHigh" = 30153964
"RefCount" = 1
"RunLogonScriptSync" = 0
"OptimizedLogonStatus" = 11
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1004]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\Pascale -- [2011/05/07 20:32:20 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 0B 75 D9 76 19 52 5F 12 07 E5 3B 2B EC 03 00 00 [binary data]
"Flags" = 0
"State" = 0
"CentralProfile" =
"ProfileLoadTimeLow" = 1695002986
"ProfileLoadTimeHigh" = 30154984
"RefCount" = 0
"RunLogonScriptSync" = 0
"OptimizedLogonStatus" = 11
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1005.bak]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\Clara -- [2011/05/24 20:04:38 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 0B 75 D9 76 19 52 5F 12 07 E5 3B 2B ED 03 00 00 [binary data]
"Flags" = 0
"State" = 32768
"CentralProfile" =
"ProfileLoadTimeLow" = -1734514076
"ProfileLoadTimeHigh" = 30154305
"RefCount" = 0
"RunLogonScriptSync" = 0
"OptimizedLogonStatus" = 11
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-1006]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\Browser.EMILE.000 -- [2011/04/29 20:22:13 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 0B 75 D9 76 19 52 5F 12 07 E5 3B 2B EE 03 00 00 [binary data]
"Flags" = 0
"State" = 0
"CentralProfile" =
"ProfileLoadTimeLow" = 1771710314
"ProfileLoadTimeHigh" = 30153966
"RefCount" = 0
"RunLogonScriptSync" = 0
"OptimizedLogonStatus" = 11
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProfileList\S-1-5-21-1993962763-308236825-725345543-500]
"ProfileImagePath" = %SystemDrive%\Documents and Settings\Administrator -- [2011/04/29 20:23:24 | 000,000,000 | ---D | M]
"Sid" = 01 05 00 00 00 00 00 05 15 00 00 00 0B 75 D9 76 19 52 5F 12 07 E5 3B 2B F4 01 00 00 [binary data]
"Flags" = 0
"State" = 256
"CentralProfile" =
"ProfileLoadTimeLow" = -829929148
"ProfileLoadTimeHigh" = 30152687
"RefCount" = 1
"RunLogonScriptSync" = 0
"OptimizedLogonStatus" = 11

< HKEY_LOCAL_MACHINE\SOFTWARE\Clients\StartMenuInternet\IEXPLORE.EXE\shell\open\command /s >
"" = C:\Program Files\Internet Explorer\iexplore.exe -- [2009/03/08 14:09:26 | 000,638,816 | ---- | M] (Microsoft Corporation)

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Policies\Associations /s >

< HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Explorer\Advanced /s >

< HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Download /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\vsinit.dll:SummaryInformation
@Alternate Data Stream - 60 bytes -> C:\Documents and Settings\All Users\Documents\.TemporaryItems:AFP_AfpInfo

< End of report >


And finally, the OTL extras:

OTL Extras logfile created on: 6/2/2011 12:21:07 AM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\Jim.EMILE.000\My Documents\Downloads
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

509.98 Mb Total Physical Memory | 172.24 Mb Available Physical Memory | 33.77% Memory free
1.22 Gb Paging File | 0.90 Gb Available in Paging File | 73.75% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.53 Gb Total Space | 54.50 Gb Free Space | 73.13% Space Free | Partition Type: NTFS
Drive D: | 74.52 Gb Total Space | 74.51 Gb Free Space | 99.99% Space Free | Partition Type: NTFS
Unable to calculate disk information.

Computer Name: EMILE | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Enabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Google\Google Earth\googleearth.exe" = C:\Program Files\Google\Google Earth\googleearth.exe:*:Enabled:Google Earth
"C:\Program Files\Google\Chrome\Application\chrome.exe" = C:\Program Files\Google\Chrome\Application\chrome.exe:*:Enabled:Google Chrome -- (Google Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2656D0AB-9EA4-4C58-A117-635F3CED8B93}" = Microsoft UI Engine
"{26A24AE4-039D-4CA4-87B4-2F83216022FF}" = Java™ 6 Update 22
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E171899-0175-47CC-84C4-562ACDD4C021}" = OpenOffice.org 3.3
"{4286E640-B5FB-11DF-AC4B-005056C00008}" = Google Earth
"{435673AB-6821-416D-806A-E477DFA60A42}" = WingMan Software
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{54B8C2B4-58F8-4C1A-9BB5-3A4097C65DEF}" = Airlink101 SuperG Wireless Adapter
"{66349B1A-A8CB-4DBF-8643-FEBE86F8AF16}" = Dragon NaturallySpeaking 5.0
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{77C71BFE-2598-4DB5-8F7C-0CF81A16DA40}" = ArcSoft MediaImpression
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics 2 Driver
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_PROR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_PROR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_PROR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_PROR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_PROR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}" = Microsoft Office Professional 2007
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-0014-0000-0000-0000000FF1CE}_PROR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.3
"{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}" = Cisco Systems VPN Client 5.0.07.0290
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Any Video Converter_is1" = Any Video Converter 3.0.5
"Digital Editions" = Adobe Digital Editions
"Flight Simulator 8.0" = Microsoft Flight Simulator 2002
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"ie8" = Windows Internet Explorer 8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft Security Client" = Microsoft Security Essentials
"PROR" = Microsoft Office Professional 2007
"PROSet" = Intel® PRO Network Adapters and Drivers
"RealPlayer 12.0" = RealPlayer
"Ricochet_is1" = Ricochet 1.3 (Distributed by Logitech)
"SpongeBob SquarePants Typing" = SpongeBob SquarePants Typing
"Winamp" = Winamp
"Winamp Toolbar" = Winamp Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/28/2011 12:07:28 AM | Computer Name = EMILE | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\Jim.EMILE.000\ntuser.dat

Error - 5/28/2011 12:07:59 AM | Computer Name = EMILE | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 5/28/2011 12:08:30 AM | Computer Name = EMILE | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 5/28/2011 12:08:52 AM | Computer Name = EMILE | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\Jim.EMILE.000\ntuser.dat

Error - 5/28/2011 12:09:23 AM | Computer Name = EMILE | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 5/28/2011 12:09:54 AM | Computer Name = EMILE | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Access is denied.

Error - 5/31/2011 12:31:17 PM | Computer Name = EMILE | Source = Userenv | ID = 1508
Description = Windows was unable to load the registry. This is often caused by insufficient
memory or insufficient security rights. DETAIL - The process cannot access the
file because it is being used by another process. for C:\Documents and Settings\Clara\ntuser.dat

Error - 5/31/2011 12:31:27 PM | Computer Name = EMILE | Source = Userenv | ID = 1502
Description = Windows cannot load the locally stored profile. Possible causes of
this error include insufficient security rights or a corrupt local profile. If
this problem persists, contact your network administrator. DETAIL - The process
cannot access the file because it is being used by another process.

Error - 5/31/2011 12:31:27 PM | Computer Name = EMILE | Source = Userenv | ID = 1515
Description = Windows has backed up this user's profile. Windows will automatically
try to use the backed up profile the next time this user logs on.

Error - 5/31/2011 12:31:29 PM | Computer Name = EMILE | Source = Userenv | ID = 1511
Description = Windows cannot find the local profile and is logging you on with a
temporary profile. Changes you make to this profile will be lost when you log off.

[ System Events ]
Error - 5/30/2011 5:39:25 PM | Computer Name = EMILE | Source = Service Control Manager | ID = 7000
Description = The Super G Wireless Cardbus Adapter Service service failed to start
due to the following error: %%2

Error - 5/30/2011 5:39:26 PM | Computer Name = EMILE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 6/1/2011 1:29:25 AM | Computer Name = EMILE | Source = Service Control Manager | ID = 7000
Description = The Super G Wireless Cardbus Adapter Service service failed to start
due to the following error: %%2

Error - 6/1/2011 1:29:28 AM | Computer Name = EMILE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 6/1/2011 1:54:02 PM | Computer Name = EMILE | Source = Service Control Manager | ID = 7000
Description = The Super G Wireless Cardbus Adapter Service service failed to start
due to the following error: %%2

Error - 6/1/2011 1:54:04 PM | Computer Name = EMILE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 6/2/2011 1:44:59 AM | Computer Name = EMILE | Source = Service Control Manager | ID = 7000
Description = The Super G Wireless Cardbus Adapter Service service failed to start
due to the following error: %%2

Error - 6/2/2011 1:45:01 AM | Computer Name = EMILE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL

Error - 6/2/2011 3:04:37 AM | Computer Name = EMILE | Source = Service Control Manager | ID = 7000
Description = The Super G Wireless Cardbus Adapter Service service failed to start
due to the following error: %%2

Error - 6/2/2011 3:04:38 AM | Computer Name = EMILE | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
SASDIFSV SASKUTIL


< End of report >

#6 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 02 June 2011 - 06:06 AM

Hi jrpmh,





Please uninstall MBAM via Add/Remove programs. After restarting your computer, please run mbam-clean.exe from Here. Then please download ResetPerms and save it to your desktop.

Close any open programs and save anything you were working on, double click on restoredefaultperms.exe to run it. Once it completes it will restart your computer.

After that, please download unhide.exe on your desktop and double cllick on it to run. When done, please proceed the following:

BTW, Have you ever tried to use a third-party migration tool to perform an intraforest migration of the user account and of the computer or add any user accouts by yourself? Advise me in your next reply.


Step1

Please download Malwarebytes' Anti-Malware from Here or Here

  • Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.or you can find from here:
  • C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • You can refer to this tutorial

Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediately.



Step2

  • If you already have Combofix, please delete that copy and download it again as it's being updated regularly.
  • Please visit this webpage for download links, and instructions for running the tool:
    http://www.bleepingcomputer.com/combofix/how-to-use-combofix
  • Note: CombFix has recently been updated to include the option for installing the Recovery Console automatically. The Windows Recovery Console will allow you to boot up into a special recovery (repair) mode.
    This allows us to more easily help you should your computer have a problem after an attempted removal of malware. It is a simple procedure that will only take a few moments of your time.
  • Close/disable all antivirus and antimalware programs so they do not interfere with the running of ComboFix.
  • Click Yes to allow Combofix to continue scanning for malware.
  • When done, a log will be produced (or locate it in C:\ComboFix.txt). Please post that log in your next reply. If you run into problems, please rerun it in safe mode.
  • Do not mouse click on Combofix while it is running. That may cause it to stall.


In your next reply, please post back:



1.MBAM log
2.ComboFix log

Tell me what the current symptoms you're still experiencing now.

,

Edited by sundavis, 02 June 2011 - 06:59 PM.


#7 jrpmh

jrpmh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 03 June 2011 - 05:17 AM

Hi there sundavis,

Re: your questions -

I didn't use any migration tools in setting up this machine, but I did create 4 user accounts. Curiously, only 2 of the 4 were affected by the problem of not being able to change the View options in Explorer.

I've regained control of these options in the "Jim" account, and will test the Browser account tomorrow. I will also test whether I'm now able to install a wireless network card. The problem noted during my previous attempt to install Malwarebytes, an error message saying that the process was not able to set the registry keys, did not appear this time.



The new logs are below.


Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6758

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/3/2011 1:55:02 AM
mbam-log-2011-06-03 (01-55-02).txt

Scan type: Quick scan
Objects scanned: 284052
Time elapsed: 9 minute(s), 10 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



ComboFix 11-06-03.01 - Jim 06/03/2011 2:39.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.304 [GMT -7:00]
Running from: c:\documents and settings\Jim.EMILE.000\My Documents\Downloads\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
AV: Microsoft Security Essentials *Disabled/Updated* {EDB4FA23-53B8-4AFA-8C5D-99752CCA7095}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\WINDOWS
c:\documents and settings\Jim\WINDOWS
c:\windows\Temp\scsE.tmp
.
.
((((((((((((((((((((((((( Files Created from 2011-05-03 to 2011-06-03 )))))))))))))))))))))))))))))))
.
.
2011-06-03 08:43 . 2011-06-03 08:43 -------- d-----w- c:\documents and settings\Jim.EMILE.000\Application Data\Malwarebytes
2011-06-03 08:43 . 2011-05-29 16:11 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-03 08:43 . 2011-06-03 08:43 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2011-06-03 08:43 . 2011-05-29 16:11 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-06-03 08:43 . 2011-06-03 08:43 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-06-03 06:10 . 2011-05-09 20:46 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{091D7E1D-DD51-4189-A0C7-E0C39C8D8CED}\mpengine.dll
2011-05-22 01:27 . 2011-05-22 01:27 -------- d-----w- c:\documents and settings\Jim.EMILE.000\Application Data\OpenOffice.org
2011-05-21 20:04 . 2011-05-21 20:04 578560 -c--a-w- c:\windows\system32\dllcache\user32.dll
2011-05-21 20:02 . 2011-05-21 20:02 -------- d-----w- c:\windows\ERUNT
2011-05-21 19:42 . 2011-05-23 22:45 -------- d-----w- C:\SDFix
2011-05-14 21:23 . 2011-05-14 21:23 -------- d-----w- c:\documents and settings\Jim.EMILE.000\Application Data\SUPERAntiSpyware.com
2011-05-14 21:23 . 2011-05-14 21:23 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2011-05-14 21:13 . 2011-05-16 03:12 -------- d-----w- c:\program files\Spybot - Search & Destroy
2011-05-14 21:13 . 2011-05-14 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2011-05-08 19:22 . 2011-05-08 19:22 -------- d-----w- c:\documents and settings\Clara\Application Data\OpenOffice.org
2011-05-06 02:29 . 2011-05-06 02:29 -------- d-----w- c:\program files\Common Files\Java
2011-05-06 02:28 . 2011-05-06 02:28 73728 ----a-w- c:\windows\system32\javacpl.cpl
2011-05-06 02:28 . 2011-05-06 02:28 -------- d-----w- c:\program files\Java
2011-05-06 02:23 . 2011-05-06 02:23 -------- d-----w- c:\program files\OpenOffice
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-09 20:46 . 2010-04-02 17:57 6962000 ----a-w- c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2011-05-06 02:28 . 2010-07-08 06:01 472808 ----a-w- c:\windows\system32\deployJava1.dll
2011-03-07 05:33 . 2009-07-18 06:02 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2006-05-25 155648]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2006-05-25 126976]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2009-07-01 37888]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2009-12-06 198160]
"ArcSoft Connection Service"="c:\program files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe" [2010-10-28 207424]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-01-31 35760]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"MSC"="c:\program files\Microsoft Security Client\msseces.exe" [2010-11-30 997408]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-05-29 449584]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2008-11-04 435096]
.
c:\documents and settings\Clara\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\Jim.EMILE.000\Start Menu\Programs\Startup\
OpenOffice.org 3.3.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2010-12-13 1198592]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
VPN Client.lnk - c:\windows\Installer\{B0BF7057-6869-4E4B-920C-EA2A58DA07F0}\Icon3E5562ED7.ico [2010-10-3 6144]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
.
R1 MpKsl10358c42;MpKsl10358c42;c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{091D7E1D-DD51-4189-A0C7-E0C39C8D8CED}\MpKsl10358c42.sys [6/3/2011 1:17 AM 28752]
R2 EAPPkt;Realtek EAPPkt Protocol;c:\windows\system32\drivers\EAPPkt.sys [9/27/2009 12:58 PM 38144]
S1 MpKsl3fbe38e4;MpKsl3fbe38e4;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{084AAFCA-B449-4FD2-B7CF-E3029DDA3BB9}\MpKsl3fbe38e4.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{084AAFCA-B449-4FD2-B7CF-E3029DDA3BB9}\MpKsl3fbe38e4.sys [?]
S1 SASDIFSV;SASDIFSV;\??\c:\windows\TEMP\SAS_SelfExtract\SASDIFSV.SYS --> c:\windows\TEMP\SAS_SelfExtract\SASDIFSV.SYS [?]
S1 SASKUTIL;SASKUTIL;\??\c:\windows\TEMP\SAS_SelfExtract\SASKUTIL.SYS --> c:\windows\TEMP\SAS_SelfExtract\SASKUTIL.SYS [?]
S2 gupdate1ca081e48cc5ff8;Google Update Service (gupdate1ca081e48cc5ff8);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 8:09 PM 133104]
S2 Super G Wireless Cardbus Service;Super G Wireless Cardbus Adapter Service;c:\program files\Airlink101\AWLH4030\WLService.exe --> c:\program files\Airlink101\AWLH4030\WLService.exe [?]
S3 BBSvc;Bing Bar Update Service;c:\program files\Microsoft\BingBar\BBSvc.EXE [2/28/2011 7:44 PM 183560]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\Google\Update\GoogleUpdate.exe [7/18/2009 8:09 PM 133104]
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - MPKSL10358C42
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-03 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2009-07-19 03:08]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 03:09]
.
2011-06-03 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-07-19 03:09]
.
2011-06-03 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Microsoft Security Client\Antimalware\MpCmdRun.exe [2010-11-11 19:26]
.
2011-06-03 c:\windows\Tasks\User_Feed_Synchronization-{159D9C4E-7B55-48C4-882F-51580D7CB89D}.job
- c:\windows\system32\msfeedssync.exe [2009-03-08 11:31]
.
.
------- Supplementary Scan -------
.
TCP: DhcpNameServer = 192.168.0.1 68.94.156.1
.
- - - - ORPHANS REMOVED - - - -
.
AddRemove-{2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\Google\Google Toolbar\Component\GoogleToolbarManager_C8CBFED7F00D3A8C.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-03 02:48
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\igfxsrvc.dll
c:\windows\system32\hccutils.DLL
.
Completion time: 2011-06-03 02:50:39
ComboFix-quarantined-files.txt 2011-06-03 09:50
.
Pre-Run: 58,426,458,112 bytes free
Post-Run: 59,731,386,368 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
- - End Of File - - 009965DDA121A91F873AA903421B7E95

#8 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 03 June 2011 - 06:41 AM

Hi jrpmh,



Curiously, only 2 of the 4 were affected by the problem of not being able to change the View options in Explorer.

I assume the only 2 affected user accounts are Jim.EMILE.000 and Clara. Advise me in your next reply. Besides that, your logs look good. :thumbup2: All your problem seemed to be have a corrupted new user profile while installing wireless network card.

If you have not received any alerts from your protection software, and the only symptom you are experiencing is the one you report, then I would say the problem is not likely to be malware-related.

For help with non-malware-related issues, I recommend you try posting at a general troubleshooting subforum from Here . The experts at that forum specialize in this type of problem so you will be well served discussing the problem you are confronted now.

Otherewise, If you wish to look closer for malware then we can give your machine a thorough check. Please let me know how you wish to proceed.

#9 jrpmh

jrpmh
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:11:47 AM

Posted 04 June 2011 - 05:00 PM

Actually it was Jim.Emile.000 and Browser, although I didn't try to identify which of the 3 browser accounts it was. I guess I'll take the issue of how Windows multiplies the accounts I created and why the network card wasn't recognized correctly to the general forum - thanks for pointing me in that direction.

As for malware, perhaps I can run Malwarebytes and a couple of the other utilities on a deep scan - does that seem like a good middle ground approach to you?

Also, I wouldn't mind learning to examine the scan logs or do a bit more of the diagnosis and repair myself. I imagine that part of it is years of experience - but is there a good introduction published or available online?

Otherwise, thanks for your help and guidance, and best wishes for many successful future hunts.

#10 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 04 June 2011 - 10:29 PM

Hi jrpmh,



but is there a good introduction published or available online?

I don't think so. but we do provide Training Program for our members. It might take years for hard training. :crazy: For more info: check this thread . Ok, lets get down to business. From your current event logs, all the events go to the following errors

1.ID = 7026 ( SASDIFSV SASKUTIL )----> SUPERAntiSpyware drivers failed to load due to a logon failure. For more info: go to this thread.

2.ID = 7000 ---->The Super G Wireless Cardbus Adapter Service failed to start. For more info: go to this thread .

3.ID = 1058 and 1055 ---->Windows cannot load the user's profile but has logged you on with the default profile for the system. For more info: go to this thread .

4.ID = 1502 ---->Windows cannot load the locally stored profile. For more info: go to Here and Here .


If No3 and No4 can be fixed, then No1 and No2 should be resolved by uninstalling and reinstalling process. Now, you might try to logon your affected users account to fix the following ntuser.dat ( C:\Documents and Settings\Username\ntuser.dat ) with Fix it from Here .

If still no go, you should know where you can turn to. Other than that, your system appears clean now. :thumbsup: The following instructions are usually gvien to our members while the system is clear of malware and do some housecleaning.


Step1

Click START then RUN
Now copy/paste ComboFix /Uninstall in the runbox and click OK.
Note the space between the X and the /Uninstall, it needs to be there.

Posted Image

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Step2

Start OTL from your desktop.
  • Double click OTL and let it run
  • Then Click the Cleanup button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.


Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:


  • Update your antivirus programs

    Update your Antivirus programs and other security products regularly to avoid new threats that could infect your system. You can use one of these sites to check if any updates are needed for your pc.
    Secunia Software Inspector
    F-secure Health Check

  • Update all programs regularly - Make sure you update all the programs regularly. Without regular updates you WILL NOT be protected when new malicious programs are released.

  • Backup your valid registry -ERUNT (Emergency Recovery Utility NT) allows you to store a complete backup of your registry and restore if needed. Due to malware affects, a corrupt registry can prevent a system from booting. You're well advised to backup your valid registry while the system is clean now. For more info: Here and Here .


Please check out Tony Klein's article "How did I get infected in the first place?"
Read some information Here how to prevent Malware.


Glad to be of help. Safe surfing!!

#11 sundavis

sundavis

  • Malware Response Team
  • 2,708 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Local time:11:47 AM

Posted 10 June 2011 - 05:02 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users