Ok. All I can tell you now is you will have to wait and see what crunchie says. I have asked him to take a look here, not sure when that will be but we need to be certain this computer is clean. You will get a message when he has taken a look. Ok?
Alright. Thank you very much for all the help so far.
Can you run this for me please;
Download OTL to your Desktop.
* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:
netsvcs
%SYSTEMDRIVE%\*.exe
/md5start
eventlog.dll
scecli.dll
netlogon.dll
cngaudit.dll
sceclt.dll
ntelogon.dll
logevent.dll
iaStor.sys
nvstor.sys
atapi.sys
IdeChnDr.sys
viasraid.sys
AGP440.sys
vaxscsi.sys
nvatabus.sys
viamraid.sys
nvata.sys
nvgts.sys
iastorv.sys
ViPrt.sys
eNetHook.dll
ahcix86.sys
KR10N.sys
nvstor32.sys
/md5stop
%systemroot%\*. /mp /s
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\System32\config\*.sav
CREATERESTOREPOINT
* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
OTL.txt (for the first run I accidentally hit quick scan before I copied the list into custom scan, so I did again and pasted it in. An Extras log didn't pop up the second time though, so I posted the first)
OTL logfile created on: 4/12/2011 12:44:09 AM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 54.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 54.65 Gb Free Space | 73.39% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 278.51 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Computer Name: IRVING-RQIHM94R | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/12 00:39:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2010/09/07 11:12:02 | 002,838,912 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastUI.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 15:48:16 | 020,525,056 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
PRC - [2005/07/22 15:03:00 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
========== Modules (SafeList) ==========
MOD - [2011/04/12 00:39:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/29 19:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/12/02 22:23:52 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2009/12/02 22:23:46 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/02/20 15:04:24 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbscoms.exe -- (lxbs_device)
========== Driver Services (SafeList) ==========
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/09 15:19:33 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2009/12/02 22:23:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2009/12/02 22:23:52 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2009/12/02 22:23:50 | 000,211,304 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2009/12/02 22:23:46 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2007/08/07 01:17:28 | 000,460,288 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.13
FF - prefs.js..extensions.enabledItems: Strata_XP_on_Linux@jed.litech.org:2.2.1.2
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=135963&p="
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/05/21 22:35:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2010/05/21 22:35:12 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 13:48:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/11 13:02:47 | 000,000,000 | ---D | M]
[2010/05/07 18:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/07 18:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/11 00:45:26 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions
[2010/10/28 12:03:56 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/07/25 13:54:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/28 12:01:34 | 000,000,000 | ---D | M] (Utopia FFSE White) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
[2010/12/23 16:22:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/19 09:18:54 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/10/28 12:00:59 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/05/21 22:34:08 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\searchrecs@veoh.com
[2010/10/28 12:02:34 | 000,000,000 | ---D | M] (Strata XP on Linux) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\Strata_XP_on_Linux@jed.litech.org
[2010/10/28 12:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/10/28 12:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\Strata_XP_on_Linux@jed.litech.org\chrome\mozapps\extensions
[2011/04/11 09:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/11 09:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2010/03/29 01:28:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O1 HOSTS File: ([2011/04/11 01:24:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [LXBSCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.DLL (Lexmark International, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SubOlccr] C:\Program Files\TABLET\SubOlccr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/28 19:57:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)
========== Files/Folders - Created Within 30 Days ==========
[2011/04/12 00:39:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/11 20:47:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/04/11 18:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/11 18:30:47 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/04/11 17:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\One Piece
[2011/04/11 14:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/04/11 12:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SoftGrid Client
[2011/04/11 12:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2011/04/11 12:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Home and Business (English)
[2011/04/11 12:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/11 12:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2011/04/11 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/11 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2011/04/11 12:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/04/11 12:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TP
[2011/04/11 11:11:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/11 01:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/11 00:06:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/10 23:59:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/10 23:36:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/10 23:36:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/10 23:36:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/10 23:36:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/10 23:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/10 23:36:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/10 23:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2011/04/10 14:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware
[2011/04/10 14:00:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/10 09:26:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/04/10 00:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Data Recovery Wizard Free Edition 5.5.1
[2011/04/10 00:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/04/09 23:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fear_Of_God-(DatPiff.com)
[2011/04/04 15:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ultimate_Hulk_Annual_01
[2011/04/03 14:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Darkstalkers_Tribute
[2011/04/03 13:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\street fighter tribute
[2011/04/03 13:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Fighter IV Art
[2011/04/03 13:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Fighter IV Manual
[2011/04/03 13:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Super Street Fighter IV Official Complete Works
[2011/03/19 19:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2011/03/14 15:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/14 15:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/14 15:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[67 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files - Modified Within 30 Days ==========
[2011/04/12 00:43:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1004336348-682003330-1003UA.job
[2011/04/12 00:39:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/11 20:20:55 | 002,135,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/11 20:20:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/11 18:31:02 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/04/11 15:36:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/11 12:55:28 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MicrosoftFixit50154.msi
[2011/04/11 12:35:39 | 000,469,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/11 12:35:38 | 000,081,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/11 01:24:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/10 23:59:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/10 23:34:51 | 004,318,520 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/10 23:16:39 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/04/10 18:03:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/10 17:57:47 | 000,272,531 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\daniwebthread.rtf
[2011/04/10 15:48:55 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 14:00:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/10 10:43:07 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1004336348-682003330-1003Core.job
[2011/04/10 09:36:27 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\zon5364g.exe
[2011/04/10 09:36:25 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/10 09:26:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/04/10 03:01:08 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/10 02:36:46 | 264,808,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoMedic.mov
[2011/04/10 02:36:26 | 271,325,862 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoGunner.mov
[2011/04/10 02:36:06 | 268,574,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoFreak.mov
[2011/04/10 02:35:43 | 273,901,457 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoAssassin.mov
[2011/04/10 02:23:30 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/10 02:18:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 01:34:48 | 005,973,401 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lloyd Banks Ft Raekwon - Sooner Or Later [CDQ DIRTY].mp3
[2011/04/10 00:48:56 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 23:55:44 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2011/04/09 22:56:03 | 012,975,347 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SMV_Portfolio(2).pdf
[2011/04/07 20:04:17 | 000,013,026 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Viper Punishment Guide.rtf
[2011/04/04 11:20:37 | 000,039,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Viper Curriculum.rtf
[2011/03/29 16:59:43 | 000,353,986 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\NewYorkFlyer041411.pdf
[2011/03/27 19:44:03 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/03/27 19:44:03 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/21 03:19:12 | 000,103,509 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2011/03/14 15:54:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[67 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[5 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[4 C:\WINDOWS\System32\dllcache\*.tmp files -> C:\WINDOWS\System32\dllcache\*.tmp -> ]
========== Files Created - No Company Name ==========
[2011/04/11 12:55:28 | 000,807,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MicrosoftFixit50154.msi
[2011/04/10 23:59:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/10 23:59:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/10 23:36:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/10 23:36:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/10 23:36:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/10 23:36:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/10 23:36:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/10 23:34:37 | 004,318,520 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/10 23:16:33 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/04/10 18:03:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/10 17:52:07 | 000,272,531 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\daniwebthread.rtf
[2011/04/10 14:02:38 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 09:36:27 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\zon5364g.exe
[2011/04/10 09:36:17 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/10 02:36:31 | 264,808,393 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoMedic.mov
[2011/04/10 02:36:10 | 271,325,862 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoGunner.mov
[2011/04/10 02:35:49 | 268,574,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoFreak.mov
[2011/04/10 02:35:28 | 273,901,457 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoAssassin.mov
[2011/04/10 01:31:52 | 005,973,401 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lloyd Banks Ft Raekwon - Sooner Or Later [CDQ DIRTY].mp3
[2011/04/09 23:55:44 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2011/04/09 22:54:00 | 012,975,347 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SMV_Portfolio(2).pdf
[2011/04/07 20:04:17 | 000,013,026 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Viper Punishment Guide.rtf
[2011/04/04 10:45:33 | 000,039,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Viper Curriculum.rtf
[2011/03/29 16:59:43 | 000,353,986 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\NewYorkFlyer041411.pdf
[2011/03/21 03:13:02 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/03/21 03:13:02 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/03/14 15:54:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/13 11:58:42 | 000,350,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\oC11b72rv1.exe
[2011/02/17 19:50:38 | 000,056,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/24 17:09:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2011/01/18 13:59:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Abaloxi.dat
[2011/01/18 13:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qqinogovi.bin
[2011/01/14 01:58:16 | 000,641,368 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-1004336348-682003330-1003-0.dat
[2011/01/14 01:58:16 | 000,347,986 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/20 10:46:45 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbsih.exe
[2010/08/20 10:46:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbsvs.dll
[2010/08/20 10:46:45 | 000,001,456 | ---- | C] () -- C:\WINDOWS\System32\lxbsprod.ini
[2010/06/12 14:44:45 | 000,104,445 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/06/12 14:44:45 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/04/16 10:49:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/04/16 10:39:55 | 000,011,630 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\80gVvQwk
[2010/04/16 10:39:55 | 000,011,630 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\80gVvQwk
[2010/04/07 02:29:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LAHOOK32.DLL
[2010/04/07 02:29:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\olgest.dll
[2010/04/07 02:29:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ActOlccr.exe
[2010/04/03 22:30:19 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2010/04/03 22:30:19 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2010/04/03 22:30:19 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2010/04/03 22:30:19 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2010/04/03 22:30:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2010/04/03 22:30:19 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2010/04/03 22:30:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2010/04/03 22:30:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2010/04/03 22:30:18 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2010/04/03 22:30:18 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2010/04/03 22:30:18 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2010/04/03 22:30:18 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2010/04/03 22:30:18 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2010/04/03 22:30:18 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2010/04/03 22:30:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2010/04/03 22:30:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2010/04/03 22:30:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2010/04/03 22:30:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2010/04/03 22:30:17 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2010/04/03 22:30:17 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2010/04/03 22:30:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2010/04/03 22:30:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2010/03/30 16:11:29 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 20:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/28 20:02:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/28 19:55:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/28 14:51:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/28 14:50:13 | 002,135,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,469,780 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,081,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2010/03/28 23:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/03/29 00:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/28 21:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/07 03:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2010/03/28 21:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/09 15:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/12 14:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/01 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/04/10 18:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/12/23 00:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/29 00:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/03/28 23:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acoustica
[2010/05/29 16:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2010/04/07 03:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artweaver
[2010/03/28 22:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/04/11 09:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/08/09 15:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canneverbe Limited
[2010/04/21 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fltk.org
[2010/04/07 02:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/03/28 22:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/04/11 20:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2011/04/11 12:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TP
========== Purity Check ==========
========== Custom Scans ==========
< %SYSTEMDRIVE%\*.exe >
< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2010/03/28 23:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:AGP440.sys
[2010/03/28 23:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/04 00:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
< MD5 for: ATAPI.SYS >
[2003/07/16 16:46:14 | 010,158,890 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp1.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2010/03/28 23:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp2.cab:atapi.sys
[2010/03/28 23:15:25 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll
< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB968389\SP2QFE\netlogon.dll
[2009/02/06 14:46:09 | 000,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\$hf_mig$\KB975467\SP2QFE\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll
< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll
< %systemroot%\*. /mp /s >
< %systemroot%\system32\*.dll /lockedfiles >
[2009/03/08 04:31:44 | 000,348,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 04:31:38 | 000,216,064 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[67 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]
< %systemroot%\System32\config\*.sav >
[2010/03/28 14:49:26 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2010/03/28 14:49:26 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2010/03/28 14:49:26 | 000,405,504 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64202D1C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
Extras.txt
OTL Extras logfile created on: 4/12/2011 12:40:48 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 54.65 Gb Free Space | 73.39% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 278.51 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Computer Name: IRVING-RQIHM94R | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Extra Registry (SafeList) ==========
========== File Associations ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.exe [@ = exefile] -- Reg Error: Key error. File not found
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Shell Spawning ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
========== Security Center Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
========== System Restore Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2
========== Firewall Settings ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]
[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
========== Authorized Applications List ==========
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\BitTorrent\bittorrent.exe" = C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL Inc.)
========== HKEY_LOCAL_MACHINE Uninstall List ==========
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08234a0d-cf39-4dca-99f0-0c5cb496da81}" = MSN Toolbar
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{112C23F2-C036-4D40-BED4-0CB47BF5555C}" = Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU
"{14DD7530-CCD2-3798-B37D-3839ED6A441C}" = Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1F63ED0B-EDD2-4037-B6AB-1358C624AF48}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 18
"{2A2F3AE8-246A-4252-BB26-1BEB45627074}" = Microsoft SQL Server System CLR Types
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DC94AFD-A6E2-4AB4-9132-4A3F8E07B386}" = Apple Application Support
"{31800004-6386-4999-A519-518F2D78D8F0}" = Python 2.5.1
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player
"{3A9FC03D-C685-4831-94CF-4EDFD3749497}" = Microsoft SQL Server Compact 3.5 SP2 ENU
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{47C39E4A-28F2-33B1-B9B7-97F24E52D917}" = Microsoft Help Viewer 1.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4E968D9C-21A7-4915-B698-F7AEB913541D}" = Microsoft SQL Server 2008 R2 Management Objects
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{59F24743-2EA1-3A45-B8C2-6E0E1E078FA8}" = Microsoft Visual C# 2010 Express - ENU
"{5C1DA723-24FC-48AD-93BA-925695C3EF26}" = Logitech Gaming Software
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{6421F085-1FAA-DE13-D02A-CFB412C522A4}" = Acrobat.com
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics Driver
"{90140000-006D-0409-0000-0000000FF1CE}" = Microsoft Office Click-to-Run 2010
"{90140011-0062-0409-0000-0000000FF1CE}" = Microsoft Office Home and Business 2010 - English
"{9EEBF8D5-8712-4D1D-88F4-4CDC2D270BC3}" = PrintScreen
"{A1062847-0846-427A-92A1-BB8251A91E91}" = HP PSC & OfficeJet 4.2
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A4EA3AB4-E78C-4286-96DF-26035507CE55}" = AiO_Scan
"{A65F7CF8-6F76-40CE-B44D-D5A89D9881C7}" = MSN Toolbar Platform
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.2
"{B194272D-1F92-46DF-99EB-8D5CE91CB4EC}" = Adobe AIR
"{B7E38540-E355-3503-AFD7-635B2F2F76E1}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4974
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}" = Microsoft .NET Framework 4 Multi-Targeting Pack
"{ED784556-66AA-3F17-9B58-7246ACB5C7E4}" = Microsoft Visual Basic 2010 Express - ENU
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F313D122-57F1-4AC2-8149-71D20EDF7F2F}" = D-Link RangeBooster N DWA-142
"{F8A3C1B6-D2E0-4CE1-80A2-555D6F71C639}" = Microsoft Search Enhancement Pack
"Acoustica Effects Pack" = Acoustica Effects Pack
"Acoustica Mixcraft 4.5" = Acoustica Mixcraft 4.5
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_7" = AIM 7
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"avast5" = avast! Free Antivirus
"CDisplay_is1" = CDisplay 1.8
"com.adobe.amp.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Media Player
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Dell Photo AIO Printer 924" = Dell Photo AIO Printer 924
"ESET Online Scanner" = ESET Online Scanner v3
"Hello World_is1" = Hello World 0.1
"HP Photo & Imaging" = HP Image Zone 4.2
"ie8" = Windows Internet Explorer 8
"Lexmark 810 Series" = Lexmark 810 Series
"LibUSB-Win32_is1" = LibUSB-Win32-0.1.10.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft Help Viewer 1.0" = Microsoft Help Viewer 1.0
"Microsoft Visual Basic 2010 Express - ENU" = Microsoft Visual Basic 2010 Express - ENU
"Microsoft Visual C# 2010 Express - ENU" = Microsoft Visual C# 2010 Express - ENU
"Mozilla Firefox (3.6.16)" = Mozilla Firefox (3.6.16)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"Office14.Click2Run" = Microsoft Office Click-to-Run 2010
"Picasa 3" = Picasa 3
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"SpywareBlaster_is1" = SpywareBlaster 4.2
"Stani's Python Editor_is1" = SPE
"The Weather Channel Desktop 6" = The Weather Channel Desktop 6
"VLC media player" = VLC media player 1.0.3
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"wxPython2.8-unicode-py25_is1" = wxPython 2.8.7.1 (unicode) for Python 2.5
========== HKEY_CURRENT_USER Uninstall List ==========
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Numeric-py2.5" = Python 2.5 Numeric-24.2
"pygame-py2.5" = Python 2.5 pygame-1.7.1release
"PythonCard-py2.5" = Python 2.5 PythonCard-0.8.2
========== Last 10 Event Log Errors ==========
[ Application Events ]
Error - 4/11/2011 11:15:37 AM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 11:50:29 AM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 11:54:41 AM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 11:57:41 AM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 12:10:45 PM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 12:19:35 PM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 12:31:30 PM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 1:11:31 PM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 1:16:16 PM | Computer Name = IRVING-RQIHM94R | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.50.1.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.
Error - 4/11/2011 2:49:34 PM | Computer Name = IRVING-RQIHM94R | Source = CVHSVC | ID = 100
Description = Information only. (Patch task for {90140011-0062-0409-0000-0000000FF1CE}):
DownloadLatest Failed: There are currently no active network connections. Background
Intelligent Transfer Service (BITS) will try again when an adapter is connected.
[ System Events ]
Error - 4/11/2011 10:58:38 AM | Computer Name = IRVING-RQIHM94R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments "" in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}
Error - 4/11/2011 10:58:55 AM | Computer Name = IRVING-RQIHM94R | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}
Error - 4/11/2011 10:59:47 AM | Computer Name = IRVING-RQIHM94R | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.
Error - 4/11/2011 10:59:53 AM | Computer Name = IRVING-RQIHM94R | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
Error - 4/11/2011 10:59:56 AM | Computer Name = IRVING-RQIHM94R | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
PCIIde
Error - 4/11/2011 12:21:01 PM | Computer Name = IRVING-RQIHM94R | Source = PSched | ID = 14107
Description = QoS [Adapter {2ADABF19-4651-4AE7-BB57-FAAE3666E489}]: The Packet Scheduler
could not initialize the virtual miniport with NDIS.
Error - 4/11/2011 12:22:14 PM | Computer Name = IRVING-RQIHM94R | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
Error - 4/11/2011 1:13:13 PM | Computer Name = IRVING-RQIHM94R | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00179A50C8BB. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 4/11/2011 6:07:55 PM | Computer Name = IRVING-RQIHM94R | Source = Dhcp | ID = 1001
Description = Your computer was not assigned an address from the network (by the
DHCP Server) for the Network Card with network address 00179A50C8BB. The following
error occurred: %%1223. Your computer will continue to try and obtain an address
on its own from the network address (DHCP) server.
Error - 4/11/2011 8:20:22 PM | Computer Name = IRVING-RQIHM94R | Source = Service Control Manager | ID = 7000
Description = The adfs service failed to start due to the following error: %%2
< End of report >
Run OTL
- Under the Custom Scans/Fixes box at the bottom, paste in the following
:Files :OTL [2010/04/16 10:39:55 | 000,011,630 | -HS- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\80gVvQwk [2010/04/16 10:39:55 | 000,011,630 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\80gVvQwk :Commands [purity] [emptyflash] [emptytemp] [resethosts] [Reboot]
- Then click the Run Fix button at the top.
- Let the program run unhindered, reboot the PC when it is done.
- Post log from this run.
- Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.
Run Fix log:
All processes killed
========== FILES ==========
========== OTL ==========
C:\Documents and Settings\Owner\Local Settings\Application Data\80gVvQwk moved successfully.
C:\Documents and Settings\All Users\Application Data\80gVvQwk moved successfully.
========== COMMANDS ==========
[EMPTYFLASH]
User: Administrator
->Flash cache emptied: 56504 bytes
User: All Users
User: Default User
->Flash cache emptied: 56504 bytes
User: LocalService
->Flash cache emptied: 343 bytes
User: NetworkService
User: Owner
->Flash cache emptied: 67101 bytes
Total Flash Files Cleaned = 0.00 mb
[EMPTYTEMP]
User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 0 bytes
User: All Users
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 0 bytes
User: LocalService
->Temp folder emptied: 66016 bytes
->Temporary Internet Files folder emptied: 32902 bytes
->Flash cache emptied: 0 bytes
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: Owner
->Temp folder emptied: 23817097 bytes
->Temporary Internet Files folder emptied: 6147904 bytes
->Java cache emptied: 3655787 bytes
->FireFox cache emptied: 162777680 bytes
->Google Chrome cache emptied: 819568 bytes
->Opera cache emptied: 272 bytes
->Flash cache emptied: 0 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1145933 bytes
%systemroot%\System32 .tmp files removed: 48210772 bytes
%systemroot%\System32\dllcache .tmp files removed: 1466880 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 73953 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 73868 bytes
Total Files Cleaned = 237.00 mb
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
OTL by OldTimer - Version 3.2.22.3 log created on 04122011_085758
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Quick Scan log:
OTL logfile created on: 4/12/2011 9:03:15 AM - Run 3
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 56.00% Memory free
3.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 1920 3840 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 54.68 Gb Free Space | 73.43% Space Free | Partition Type: NTFS
Drive D: | 279.46 Gb Total Space | 278.51 Gb Free Space | 99.66% Space Free | Partition Type: NTFS
Computer Name: IRVING-RQIHM94R | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2011/04/12 00:39:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/03/23 08:31:31 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe
PRC - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/09/20 15:48:16 | 020,525,056 | ---- | M] ( ) -- C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe
PRC - [2005/07/22 15:03:00 | 000,425,984 | ---- | M] (Dell) -- C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe
PRC - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () -- C:\WINDOWS\system32\dlcccoms.exe
PRC - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) -- C:\WINDOWS\system32\libusbd-nt.exe
========== Modules (SafeList) ==========
MOD - [2011/04/12 00:39:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 12:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
========== Win32 Services (SafeList) ==========
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (AppMgmt)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/09/07 11:11:59 | 000,040,384 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/04/29 19:52:18 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2010/04/24 01:10:54 | 000,209,768 | ---- | M] (Microsoft Corporation) [On_Demand | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftvsa.exe -- (sftvsa)
SRV - [2010/04/24 01:10:44 | 000,483,688 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft Application Virtualization Client\sftlist.exe -- (sftlist)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand | Running] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2005/03/09 21:50:18 | 000,018,944 | ---- | M] (http://libusb-win32.sourceforge.net) [Auto | Running] -- C:\WINDOWS\system32\libusbd-nt.exe -- (libusbd)
SRV - [2004/03/18 16:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)
SRV - [2004/02/20 15:04:24 | 000,421,888 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxbscoms.exe -- (lxbs_device)
========== Driver Services (SafeList) ==========
DRV - [2010/09/07 10:52:25 | 000,046,672 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/09/07 10:52:03 | 000,165,584 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/09/07 10:47:46 | 000,023,376 | ---- | M] (AVAST Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/09/07 10:47:19 | 000,100,176 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/09/07 10:47:07 | 000,017,744 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/09/07 10:46:51 | 000,028,880 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/08/09 15:19:33 | 000,697,328 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/04/24 01:10:54 | 000,018,280 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftvolxp.sys -- (Sftvol)
DRV - [2010/04/24 01:10:52 | 000,020,584 | ---- | M] (Microsoft Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftredirxp.sys -- (Sftredir)
DRV - [2010/04/24 01:10:50 | 000,211,432 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftplayxp.sys -- (Sftplay)
DRV - [2010/04/24 01:10:44 | 000,554,344 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sftfsxp.sys -- (Sftfs)
DRV - [2007/08/07 01:17:28 | 000,460,288 | ---- | M] (Marvell Semiconductor, Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MRVW245.sys -- (MRVW245) Marvell TOPDOG 802.11n WLAN Driver for Windows XP (USB8x)
DRV - [2005/04/12 20:21:32 | 000,022,240 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2005/04/12 20:21:28 | 000,010,144 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2005/04/12 20:21:28 | 000,005,600 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2005/04/12 20:21:26 | 000,045,504 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2005/03/09 21:50:16 | 000,033,792 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\libusb0.sys -- (libusb0)
DRV - [2004/09/17 09:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/03/05 12:19:28 | 000,015,840 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\PFMODNT.SYS -- (PfModNT)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
========== FireFox ==========
FF - prefs.js..browser.search.param.yahoo-fr: "chr-greentree_ff&type=135963"
FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: searchrecs@veoh.com:1.5.2
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.3.3
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {de5809e0-2b07-11dd-bd0b-0800200c9a66}:1.2.0
FF - prefs.js..extensions.enabledItems: {20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}:3.13
FF - prefs.js..extensions.enabledItems: Strata_XP_on_Linux@jed.litech.org:2.2.1.2
FF - prefs.js..extensions.enabledItems: {07b2a769-ed19-4483-87ce-c643914c81bb}:3.0.0.91
FF - prefs.js..keyword.URL: "http://search.yahoo.com/search?fr=greentree_ff1&ei=utf-8&type=135963&p="
FF - HKLM\software\mozilla\Firefox\extensions\\msntoolbar@msn.com: C:\Program Files\MSN Toolbar\Platform\4.0.0379.0\Firefox [2010/05/21 22:35:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{27182e60-b5f3-411c-b545-b44205977502}: C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\firefoxextension\SearchHelperExtension\ [2011/04/12 08:49:24 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/03/25 13:48:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/11 13:02:47 | 000,000,000 | ---D | M]
[2010/05/07 18:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2010/05/07 18:53:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/04/12 01:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions
[2010/10/28 12:03:56 | 000,000,000 | ---D | M] (Vista-aero) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}
[2010/07/25 13:54:14 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/10/28 12:01:34 | 000,000,000 | ---D | M] (Utopia FFSE White) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{20C3BDFF-DA68-468d-8D9A-F5A6C76B0F9E}
[2010/12/23 16:22:26 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/09/19 09:18:54 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2010/10/28 12:00:59 | 000,000,000 | ---D | M] (Gradient iCool) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{de5809e0-2b07-11dd-bd0b-0800200c9a66}
[2010/05/21 22:34:08 | 000,000,000 | ---D | M] (Veoh Video Compass) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\searchrecs@veoh.com
[2010/10/28 12:02:34 | 000,000,000 | ---D | M] (Strata XP on Linux) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\Strata_XP_on_Linux@jed.litech.org
[2010/10/28 12:03:56 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\{07b2a769-ed19-4483-87ce-c643914c81bb}\chrome\mozapps\extensions
[2010/10/28 12:02:34 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\elg9d4tm.default\extensions\Strata_XP_on_Linux@jed.litech.org\chrome\mozapps\extensions
[2011/04/12 01:01:28 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/04/11 09:00:10 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\wtxpcom@mybrowserbar.com
[2010/03/29 01:28:47 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
O1 HOSTS File: ([2011/04/12 08:58:34 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKLM..\Run: [LXBSCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXBStime.DLL (Lexmark International, Inc.)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [SubOlccr] C:\Program Files\TABLET\SubOlccr.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Wireless Connection Manager.lnk = C:\Program Files\D-Link\D-Link RangeBooster N DWA-142\wirelesscm.exe ( )
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_18-windows-i586.cab (Java Plug-in 1.6.0_18)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/28 19:57:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- Reg Error: Key error. File not found
========== Files/Folders - Created Within 30 Days ==========
[2011/04/12 08:57:58 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/12 00:39:07 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/11 18:31:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/11 18:30:47 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/04/11 17:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\One Piece
[2011/04/11 14:49:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2011/04/11 12:38:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\SoftGrid Client
[2011/04/11 12:38:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2011/04/11 12:37:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office Home and Business (English)
[2011/04/11 12:35:01 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\DESIGNER
[2011/04/11 12:34:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\SoftGrid Client
[2011/04/11 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Office
[2011/04/11 12:34:43 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Application Virtualization Client
[2011/04/11 12:34:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Microsoft
[2011/04/11 12:33:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\TP
[2011/04/11 11:11:47 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/11 01:22:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/04/11 00:06:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2011/04/10 23:59:38 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/10 23:36:42 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/10 23:36:42 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/10 23:36:42 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/10 23:36:42 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/10 23:36:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/10 23:36:26 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/10 23:16:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\tdsskiller
[2011/04/10 14:02:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Malwarebytes' Anti-Malware
[2011/04/10 14:00:06 | 007,734,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/10 09:26:39 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/04/10 00:02:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\EASEUS Data Recovery Wizard Free Edition 5.5.1
[2011/04/10 00:02:06 | 000,000,000 | ---D | C] -- C:\Program Files\EASEUS
[2011/04/09 23:05:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Fear_Of_God-(DatPiff.com)
[2011/04/04 15:28:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Ultimate_Hulk_Annual_01
[2011/04/03 14:40:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Darkstalkers_Tribute
[2011/04/03 13:36:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\street fighter tribute
[2011/04/03 13:18:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Fighter IV Art
[2011/04/03 13:18:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Street Fighter IV Manual
[2011/04/03 13:18:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\Super Street Fighter IV Official Complete Works
[2011/03/19 19:23:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Identities
[2011/03/14 15:54:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/03/14 15:53:26 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/03/14 15:53:20 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
========== Files - Modified Within 30 Days ==========
[2011/04/12 08:59:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/12 08:58:34 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/12 08:48:59 | 000,469,780 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/04/12 08:48:59 | 000,081,430 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/04/12 00:43:03 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1004336348-682003330-1003UA.job
[2011/04/12 00:39:13 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/11 20:20:55 | 002,135,808 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/11 18:31:02 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\Owner\Desktop\esetsmartinstaller_enu.exe
[2011/04/11 15:36:07 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/11 12:55:28 | 000,807,424 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MicrosoftFixit50154.msi
[2011/04/10 23:59:44 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/10 23:34:51 | 004,318,520 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/10 23:16:39 | 001,263,721 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/04/10 18:03:10 | 000,000,754 | ---- | M] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/10 17:57:47 | 000,272,531 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\daniwebthread.rtf
[2011/04/10 15:48:55 | 000,000,963 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 14:00:10 | 007,734,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Owner\Desktop\mbam-setup-1.50.1.1100.exe
[2011/04/10 10:43:07 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-117609710-1004336348-682003330-1003Core.job
[2011/04/10 09:36:27 | 000,301,568 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\zon5364g.exe
[2011/04/10 09:36:25 | 000,625,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/10 09:26:40 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner\Desktop\HijackThis.exe
[2011/04/10 03:01:08 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/04/10 02:36:46 | 264,808,393 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoMedic.mov
[2011/04/10 02:36:26 | 271,325,862 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoGunner.mov
[2011/04/10 02:36:06 | 268,574,909 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoFreak.mov
[2011/04/10 02:35:43 | 273,901,457 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\MarkoAssassin.mov
[2011/04/10 02:23:30 | 000,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/04/10 02:18:47 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/04/10 01:34:48 | 005,973,401 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Lloyd Banks Ft Raekwon - Sooner Or Later [CDQ DIRTY].mp3
[2011/04/10 00:48:56 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/09 23:55:44 | 000,000,224 | ---- | M] () -- C:\WINDOWS\System32\9B13A86D.plf
[2011/04/09 22:56:03 | 012,975,347 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\SMV_Portfolio(2).pdf
[2011/04/07 20:04:17 | 000,013,026 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Viper Punishment Guide.rtf
[2011/04/04 11:20:37 | 000,039,552 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Viper Curriculum.rtf
[2011/03/29 16:59:43 | 000,353,986 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\NewYorkFlyer041411.pdf
[2011/03/27 19:44:03 | 000,002,284 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Google Chrome.lnk
[2011/03/27 19:44:03 | 000,002,262 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2011/03/21 03:19:12 | 000,103,509 | ---- | M] () -- C:\WINDOWS\hpoins04.dat
[2011/03/14 15:54:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
========== Files Created - No Company Name ==========
[2011/04/11 12:55:28 | 000,807,424 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MicrosoftFixit50154.msi
[2011/04/10 23:59:44 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/10 23:59:39 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/10 23:36:42 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/10 23:36:42 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/10 23:36:42 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/10 23:36:42 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/10 23:36:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/10 23:34:37 | 004,318,520 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/10 23:16:33 | 001,263,721 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\tdsskiller.zip
[2011/04/10 18:03:10 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2011/04/10 17:52:07 | 000,272,531 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\daniwebthread.rtf
[2011/04/10 14:02:38 | 000,000,963 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 09:36:27 | 000,301,568 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\zon5364g.exe
[2011/04/10 09:36:17 | 000,625,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\dds.scr
[2011/04/10 02:36:31 | 264,808,393 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoMedic.mov
[2011/04/10 02:36:10 | 271,325,862 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoGunner.mov
[2011/04/10 02:35:49 | 268,574,909 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoFreak.mov
[2011/04/10 02:35:28 | 273,901,457 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\MarkoAssassin.mov
[2011/04/10 01:31:52 | 005,973,401 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Lloyd Banks Ft Raekwon - Sooner Or Later [CDQ DIRTY].mp3
[2011/04/09 23:55:44 | 000,000,224 | ---- | C] () -- C:\WINDOWS\System32\9B13A86D.plf
[2011/04/09 22:54:00 | 012,975,347 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\SMV_Portfolio(2).pdf
[2011/04/07 20:04:17 | 000,013,026 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Viper Punishment Guide.rtf
[2011/04/04 10:45:33 | 000,039,552 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Viper Curriculum.rtf
[2011/03/29 16:59:43 | 000,353,986 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\NewYorkFlyer041411.pdf
[2011/03/21 03:13:02 | 000,103,509 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2011/03/21 03:13:02 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2011/03/14 15:54:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/03/13 11:58:42 | 000,350,208 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\oC11b72rv1.exe
[2011/02/17 19:50:38 | 000,056,712 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/01/24 17:09:02 | 000,033,792 | ---- | C] () -- C:\WINDOWS\System32\drivers\libusb0.sys
[2011/01/18 13:59:12 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Abaloxi.dat
[2011/01/18 13:59:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Qqinogovi.bin
[2011/01/14 01:58:16 | 000,641,368 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-117609710-1004336348-682003330-1003-0.dat
[2011/01/14 01:58:16 | 000,347,986 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2010/08/20 10:46:45 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxbsih.exe
[2010/08/20 10:46:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbsvs.dll
[2010/08/20 10:46:45 | 000,001,456 | ---- | C] () -- C:\WINDOWS\System32\lxbsprod.ini
[2010/06/12 14:44:45 | 000,104,445 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2010/06/12 14:44:45 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2010/04/16 10:49:50 | 000,000,036 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\housecall.guid.cache
[2010/04/07 02:29:59 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\LAHOOK32.DLL
[2010/04/07 02:29:59 | 000,053,248 | ---- | C] () -- C:\WINDOWS\System32\olgest.dll
[2010/04/07 02:29:59 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\ActOlccr.exe
[2010/04/03 22:30:19 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2010/04/03 22:30:19 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2010/04/03 22:30:19 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2010/04/03 22:30:19 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2010/04/03 22:30:19 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2010/04/03 22:30:19 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2010/04/03 22:30:19 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2010/04/03 22:30:19 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2010/04/03 22:30:18 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2010/04/03 22:30:18 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2010/04/03 22:30:18 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2010/04/03 22:30:18 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2010/04/03 22:30:18 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2010/04/03 22:30:18 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2010/04/03 22:30:18 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2010/04/03 22:30:18 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2010/04/03 22:30:18 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2010/04/03 22:30:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2010/04/03 22:30:17 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2010/04/03 22:30:17 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2010/04/03 22:30:17 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2010/04/03 22:30:16 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2010/03/30 16:11:29 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/28 20:49:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/28 20:02:21 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/28 19:55:35 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/28 14:51:07 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/28 14:50:13 | 002,135,808 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/02 15:20:40 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,469,780 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,081,430 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
========== LOP Check ==========
[2010/03/28 23:32:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Acoustica
[2010/03/29 00:09:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/28 21:37:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/04/07 03:17:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Artweaver
[2010/03/28 21:57:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2010/08/09 15:56:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Canneverbe Limited
[2010/06/12 14:25:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Drivers HeadQuarters
[2010/11/01 11:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2011/04/10 18:16:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/11 14:49:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/12/23 00:30:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/03/29 00:09:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2010/03/28 23:33:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Acoustica
[2010/05/29 16:22:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2010/04/07 03:17:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Artweaver
[2010/03/28 22:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Azureus
[2011/04/11 09:00:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2010/08/09 15:56:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Canneverbe Limited
[2010/04/21 22:32:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\fltk.org
[2010/04/07 02:23:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\GetRightToGo
[2010/03/28 22:33:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2011/04/11 20:18:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SoftGrid Client
[2011/04/11 12:41:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\TP
========== Purity Check ==========
========== Alternate Data Streams ==========
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:64202D1C
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
< End of report >
How are things at present?
Everything seems fine. Is there any possible way I can recover those missing files?
Which missing files are those? If you are refering to those missing from the desktop, have you done a search on the computer for them? The files or icons on the desktop are normally shortcuts to the programs themselves which are located elsewhere on the computer so it would be very easy to create new shortcuts on the desktop for them. What kinds of files are they?
They weren't icons; they were mostly pictures and videos. I ran a search but I didn't find anything at all.
Personal pictures and videos or ones that you downloaded?
Most of the pictures were downloaded, but the videos were purchased digitally.
As long as you have the purchase receipts you should be able to get them again by contacting the websites where the purchases were made. Usually if you explain the situation either infection or a reformat that caused you to lose whatever you purchased then you probably will be able to get them again.
Pictures, I am not sure about. I if you purchased these pictures and have receipts you should be able to get them again as long as you have receipts to show for the purchases.
Anything that you got via P2P I would advise against, solely because this is likely one of the ways your computer was infected in the first place. Use P2P again and you will shortly be right back in the same situation.
Copyrighted material must be paid for so if any of these were downloaded without paying for them then, no you likely will not be able to get them again.
None of the pictures were gotten via torrent, actually I barely even used the thing which is why I'm not even sure how it proved to be a problem. Those I can recover even though it's gonna take a long time.
The videos though, I still have the transaction record and what-not so if that's the case I should be able to get it back. I was just wondering whether it was put somewhere else on my computer or if it really did vanish. Seems like it actually did disappear though.
like I said the only way is to do a search on the computer by title and see if something turns up. There should be a folder where these were stored, generally things aren't stored on the desktop
I searched a few times, but I didn't find anything.
Then you will have to download them again. You need to be very careful what you download and thoroughly scan each and every download BEFORE opening.
Okay, I've definitely learned my lesson. Thanks for all the help.
You need to uninstall Combofix before leaving:
Uninstall Combofix:
Go Start > Run [Vista users, go Start>"Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall"
Click OK (Vista users - press Enter).
Restart computer.
You also need to set a new, clean Restore point.
To do this Right Click My computer.
Choose Properties
When System Properties opens choose the System Restore Tab.
Place a check mark in Shut down System Restore.
You will probably get a message telling you it will be shut down, click ok or yes.
Allow it to shut down.
Wait a moment. Then go back in and take that check mark Out so that System Restore will turn back on.
Done. Is that all?
Try searching for the file extension like this; *.jpg or whatever the file extension is.
That will show every file on the pc with that particular file extension.
Still nothing :(
What program did you use to view the pictures and videos? You have the VLC player on the computer, have you looked in the VLC folder?
You have to use "something" to view pictures they just don't open on their own, open that program and see if they can be found that way.
I used VLC player, but I haven't found anything in that folder either.
Have you looked in the Desktop Folder in Windows Explorer?
Yeah, I've checked. When I looked at Recent Documents, the shortcuts to the files were there but windows couldn't find the actual files they linked to. I think they somehow have gotten deleted. Is that why the folders came back after I did a system restore but not the files themselves?
Yeah, I've checked. When I looked at Recent Documents, the shortcuts to the files were there but windows couldn't find the actual files they linked to. I think they somehow have gotten deleted. Is that why the folders came back after I did a system restore but not the files themselves?
Yes. System Restore actually operates only on a very few system files and settings. System Restore backs up your registry. System Restore does not backup your data. If you delete or damage a file, System Restore will not recover it.
We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.