Solved Desktop Hijacked, blue background stating system infected

broni · 2011/02/20

Good
Go on....

wisserd · 2011/02/20

Its been 15 min. on Scanning firefox settings..., at the bottom of the screen. I think its stalled.

broni · 2011/02/20

Be patient.....

wisserd · 2011/02/20

over one hour no change

broni · 2011/02/20

Restart computer, disable your AV program and try again.

wisserd · 2011/02/21

Redownloaded OLT and tried again. Stopped at Scanning firefox settings... Moused over window got a double arrow, click once on window got a our glass, click on window again and got Not Responding in header, with and without script . Tried quick scan and run scan. All the same.

broni · 2011/02/21

Did you disable your AV program?
If so...
Try safe mode.

wisserd · 2011/02/21

OTL logfile created on: 2/21/2011 12:22:24 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Wizard\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 353.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): D:\pagefile.sys 0 0E:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.17 Gb Total Space | 3.23 Gb Free Space | 24.51% Space Free | Partition Type: FAT32
Drive D: | 17.58 Gb Total Space | 7.38 Gb Free Space | 41.96% Space Free | Partition Type: NTFS
Drive E: | 20.51 Gb Total Space | 6.50 Gb Free Space | 31.70% Space Free | Partition Type: NTFS
Drive F: | 23.25 Gb Total Space | 2.91 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 11.71 Gb Total Space | 3.13 Gb Free Space | 26.73% Space Free | Partition Type: FAT32
Drive J: | 14.98 Gb Total Space | 14.66 Gb Free Space | 97.88% Space Free | Partition Type: FAT32
Drive K: | 11.44 Gb Total Space | 11.38 Gb Free Space | 99.43% Space Free | Partition Type: FAT32

Computer Name: ZAR | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/20 21:32:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wizard\Desktop\OTL.exe
PRC - [2011/02/16 19:14:24 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe
PRC - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe
PRC - [2007/06/13 05:23:08 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2011/02/20 21:32:16 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Wizard\Desktop\OTL.exe
MOD - [2006/08/25 10:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (TNBRLDS)
SRV - File not found [Disabled | Stopped] -- -- (sdCoreService)
SRV - File not found [Disabled | Stopped] -- -- (sdAuxService)
SRV - File not found [On_Demand | Stopped] -- -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [Disabled | Stopped] -- -- (FileDeleter)
SRV - File not found [Disabled | Stopped] -- -- (AVG Anti-Spyware Guard)
SRV - File not found [On_Demand | Stopped] -- -- (ASEService)
SRV - File not found [On_Demand | Stopped] -- -- (aawservice)
SRV - [2011/02/18 23:17:49 | 000,153,376 | ---- | M] (Sun Microsystems, Inc.) [Auto | Stopped] -- D:\Program Files\Java\bin\jqs.exe -- (JavaQuickStarterService)
SRV - [2011/02/16 19:14:24 | 001,201,640 | ---- | M] (Webroot Software, Inc. ) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\WRConsumerService.exe -- (WRConsumerService)
SRV - [2010/06/11 18:14:22 | 000,312,152 | ---- | M] (IObit) [Auto | Stopped] -- d:\Program Files\IObit\IObit Security 360\is360srv.exe -- (IS360service)
SRV - [2010/03/18 16:47:22 | 000,035,160 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\aspnet_state.exe -- (aspnet_state)
SRV - [2010/03/18 13:16:28 | 000,753,504 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\WPF\WPFFontCache_v0400.exe -- (WPFFontCache_v0400)
SRV - [2010/03/18 13:16:28 | 000,130,384 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe -- (clr_optimization_v4.0.30319_32)
SRV - [2010/03/18 13:16:28 | 000,124,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\WINDOWS\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe -- (NetTcpPortSharing)
SRV - [2009/11/06 12:00:22 | 004,048,240 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Auto | Running] -- C:\Program Files\Webroot\WebrootSecurity\SpySweeper.exe -- (WebrootSpySweeperService)
SRV - [2007/06/05 13:20:32 | 000,177,704 | ---- | M] () [Disabled | Stopped] -- C:\WINDOWS\system32\PSIService.exe -- (ProtexisLicensing)
SRV - [2005/10/06 16:43:58 | 000,184,320 | ---- | M] (V Communications, Inc.) [Auto | Stopped] -- D:\Program Files\VCOM\MXTASK.exe -- (SystemSuite Task Manager)
SRV - [2004/08/04 02:56:44 | 000,086,016 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\WINDOWS\system32\p2pgasvc.dll -- (p2pgasvc)
SRV - [2004/05/02 15:00:36 | 000,032,768 | ---- | M] (Acesoft) [On_Demand | Stopped] -- d:\Program Files\Acesoft\Tracks Eraser Pro\autocomp.exe -- (Autocomplete)
SRV - [2002/09/20 16:50:10 | 000,045,056 | ---- | M] (Analog Devices, Inc.) [Auto | Stopped] -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe -- (SoundMAX Agent Service (default))

========== Driver Services (SafeList) ==========

DRV - [2011/02/16 19:12:28 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\pwipf6.sys -- (pwipf6)
DRV - [2010/11/26 18:02:54 | 000,014,776 | ---- | M] () [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\Drivers\SmartDefragDriver.sys -- (SmartDefragDriver)
DRV - [2010/02/17 18:17:38 | 000,049,904 | R--- | M] (Avanquest Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS -- (BVRPMPR5)
DRV - [2009/11/06 12:00:36 | 000,176,752 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssidrv.sys -- (ssidrv)
DRV - [2009/11/06 12:00:36 | 000,023,152 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\sshrmd.sys -- (sshrmd)
DRV - [2009/11/06 12:00:34 | 000,029,808 | ---- | M] (Webroot Software, Inc. (www.webroot.com)) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\ssfs0bbc.sys -- (ssfs0bbc)
DRV - [2009/09/04 21:35:12 | 000,721,904 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2008/05/27 18:51:32 | 000,055,024 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- D:\Program Files\scanners cleaners\suuperantispyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2008/05/27 18:51:32 | 000,008,944 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Stopped] -- D:\Program Files\scanners cleaners\suuperantispyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2007/11/02 14:36:10 | 000,018,176 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2007/10/18 00:16:00 | 000,079,688 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksyssec.sys -- (IKSysSec)
DRV - [2007/10/18 00:15:00 | 000,062,280 | ---- | M] (PCTools Research Pty Ltd.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\iksysflt.sys -- (IKSysFlt)
DRV - [2007/10/18 00:14:00 | 000,041,288 | ---- | M] (PCTools Research Pty Ltd.) [File_System | Boot | Stopped] -- C:\WINDOWS\system32\drivers\ikfilesec.sys -- (IKFileSec)
DRV - [2007/05/30 06:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
DRV - [2007/01/23 19:03:44 | 000,007,680 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2006/02/16 17:51:08 | 000,004,096 | R--- | M] (SuperAdBlocker, Inc.) [Kernel | On_Demand | Stopped] -- D:\Program Files\scanners cleaners\suuperantispyware\SASENUM.SYS -- (SASENUM)
DRV - [2005/02/01 20:20:50 | 000,000,000 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\WINDOWS\System32\Ultra.dll -- (ultra)
DRV - [2004/08/04 01:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/06/03 12:10:00 | 000,071,596 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\PfModNT.sys -- (PfModNT)
DRV - [2003/11/07 04:50:00 | 000,070,798 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouFlt2.Sys -- (LMouFlt2)
DRV - [2003/11/07 04:50:00 | 000,051,486 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042pr2.Sys -- (L8042pr2)
DRV - [2003/11/07 04:50:00 | 000,037,884 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidUsb.sys -- (LHidUsb)
DRV - [2003/11/07 04:50:00 | 000,025,502 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidFlt2.Sys -- (LHidFlt2)
DRV - [2003/10/30 22:22:38 | 000,077,312 | R--- | M] (VIA Technologies inc,.ltd) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\viasraid.sys -- (viasraid)
DRV - [2003/07/02 04:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/06/12 14:09:28 | 000,008,023 | ---- | M] (Sygate Technologies, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\SYSTEM32\Drivers\wg3n.sys -- (wg3n)
DRV - [2003/01/08 09:43:16 | 000,243,968 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sndp202.sys -- (SNDP202)
DRV - [2002/10/08 05:03:16 | 000,007,582 | ---- | M] (Ahead Software AG) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\incdrm.sys -- (incdrm)
DRV - [2002/09/25 14:47:40 | 000,449,280 | ---- | M] (ahead software) [File_System | Auto | Stopped] -- C:\WINDOWS\System32\drivers\bsudf.sys -- (BsUDF)
DRV - [2002/06/05 11:07:00 | 000,009,344 | ---- | M] (B.H.A Co.,Ltd.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\bsstor.sys -- (BsStor)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://rd.yahoo.com/customize/ymsgr/defaults/cs/*http://www.yahoo.com/ext/search/search.html

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-515967899-308236825-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com
IE - HKU\S-1-5-21-515967899-308236825-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch =
IE - HKU\S-1-5-21-515967899-308236825-725345543-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant =
IE - HKU\S-1-5-21-515967899-308236825-725345543-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google "
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}:6.0.24
FF - prefs.js..extensions.enabledItems: {ABDE892B-13A8-4d1b-88E6-365A6E755758}:1.1.4

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/05/21 23:03:38 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: D:\Program Files\Java\lib\deploy\jqs\ff [2011/02/18 23:18:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2010/12/25 11:45:09 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2011/02/08 19:26:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Components: D:\Program Files\Mozilla Firefox 4.0 Beta 4\components [2010/09/15 21:28:14 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0b6\extensions\\Plugins: D:\Program Files\Mozilla Firefox 4.0 Beta 4\plugins
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: D:\Program Files\Netscape\Navigator 9\components [2010/05/21 22:03:26 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: D:\Program Files\Netscape\Navigator 9\plugins [2011/02/08 19:26:02 | 000,000,000 | ---D | M]

[2009/01/12 20:01:10 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2006/03/11 11:29:44 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\fjz5jkk0.default\extensions
[2010/05/21 23:03:38 | 000,000,000 | ---D | M] (RealPlayer Browser Record Plugin) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\REAL\REALPLAYER\BROWSERRECORDPLUGIN\FIREFOX\EXT
[2011/02/18 23:18:01 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\LIB\DEPLOY\JQS\FF
[2008/11/26 21:08:17 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0010-ABCDEFFEDCBA}
[2010/07/10 22:43:50 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/08/14 07:15:14 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/10/16 21:06:15 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2011/02/18 23:18:21 | 000,000,000 | ---D | M] (Java Console) -- D:\PROGRAM FILES\MOZILLA FIREFOX\EXTENSIONS\{CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA}

O1 HOSTS File: ([2011/02/20 13:39:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\HOSTS
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - D:\Program Files\scanners cleaners\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - D:\Program Files\Java\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - D:\Program Files\Java\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O4 - HKLM..\Run: [Lexmark X74-X75] C:\Program Files\Lexmark X74-X75\lxbbbmgr.exe (Lexmark International, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKLM..\Run: [SpySweeper] C:\Program Files\Webroot\WebrootSecurity\SpySweeperUI.exe (Webroot Software, Inc.)
O4 - HKU\.DEFAULT..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [RunNarrator] C:\WINDOWS\System32\narrator.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk = C:\Documents and Settings\Administrator\Application Data\wruninstall.exe (Webroot Software, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - D:\Program Files\scanners cleaners\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/d.../mrkt/rhapx/RhapsodyPlayerEngine_Inst_Win.cab (Reg Error: Value error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/download/F/6/E/F6E491A6-77E1-4E20-9F5F-94901338C922/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} http://www.xblock.com/download/xclean_micro.exe (Reg Error: Value error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper:
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\scanners cleaners\suuperantispyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {a5780613-492e-4a2a-a7fd-549610edf6cc} - d:\Program Files\VCOM\Recovery Commander\RCHOOK.DLL ()
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/09/17 21:06:14 | 000,000,000 | ---- | M] () - I:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - C:\WINDOWS\System32\iprip.dll (Microsoft Corporation)
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: MIDI1 - C:\WINDOWS\System32\Syncor11.dll (SoundMAX)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: VIDC.WMV3 - C:\WINDOWS\System32\wmv9vcm.dll (Microsoft Corporation)

CREATERESTOREPOINT
Error starting restore point: The function was called in safe mode.
Error closing restore point: The sequence number is invalid.

========== Files/Folders - Created Within 30 Days ==========

[2011/02/20 21:03:03 | 000,000,000 | -HSD | C] -- C:\Recycled
[2011/02/20 20:04:36 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/02/20 13:29:20 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/20 13:26:51 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/20 13:26:51 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/20 13:26:51 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/20 13:26:51 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/20 13:26:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/20 13:25:41 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/19 20:14:58 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/19 20:14:54 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/19 19:13:20 | 000,000,000 | ---D | C] -- C:\FOUND.002
[2011/02/19 19:00:22 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/02/19 11:40:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/02/19 00:43:20 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/02/19 00:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Webroot
[2011/02/18 08:42:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2011/02/17 23:58:36 | 000,000,000 | ---D | C] -- C:\FOUND.001
[2011/02/17 21:49:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/16 19:13:52 | 000,108,880 | ---- | C] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2011/02/16 19:13:39 | 001,563,008 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRSetup.dll
[2011/02/16 19:13:38 | 000,000,000 | ---D | C] -- C:\Program Files\Webroot
[2011/02/16 16:54:19 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2011/02/16 13:20:20 | 000,000,000 | ---D | C] -- C:\Webroot
[2011/02/15 19:24:12 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IETldCache
[2011/02/15 16:12:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\33f20000-d8f8-4acd-3d22-5f9c81cea6b2
[2011/02/15 15:53:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Webroot
[2011/02/15 15:49:55 | 005,555,080 | ---- | C] (Webroot Software, Inc.) -- C:\Documents and Settings\Administrator\Application Data\wruninstall.exe
[2011/02/14 17:40:22 | 000,000,000 | ---D | C] -- C:\FOUND.000
[2011/02/08 21:22:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/01/25 23:09:10 | 000,017,712 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalui.dll
[2011/01/25 23:09:09 | 000,026,416 | ---- | C] (Nitro PDF Software) -- C:\WINDOWS\System32\nitrolocalmon.dll
[2011/01/25 23:08:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF

========== Files - Modified Within 30 Days ==========

[2011/02/21 12:20:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/21 12:13:32 | 000,088,070 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/21 12:13:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/21 12:13:24 | 000,000,280 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1003.job
[2011/02/21 12:13:22 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1006.job
[2011/02/21 12:03:14 | 000,000,288 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1003.job
[2011/02/21 10:57:02 | 000,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Checkpoint.job
[2011/02/20 13:29:24 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/02/20 12:55:52 | 000,000,520 | ---- | M] () -- C:\WINDOWS\PSTUDIO.INI
[2011/02/20 10:50:18 | 000,000,653 | ---- | M] () -- C:\WINDOWS\LEXSTAT.INI
[2011/02/19 20:15:00 | 000,000,658 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 19:01:30 | 000,009,744 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110219_190118.reg
[2011/02/19 09:58:44 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/18 08:44:06 | 000,000,609 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2011/02/18 08:40:42 | 000,000,695 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/02/18 00:35:28 | 000,000,748 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2011/02/17 21:49:24 | 000,000,697 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
[2011/02/17 21:49:24 | 000,000,685 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/02/17 08:15:08 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/02/16 19:14:22 | 000,001,577 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Webroot Security.lnk
[2011/02/16 19:12:28 | 000,108,880 | ---- | M] (Privacyware/PWI, Inc.) -- C:\WINDOWS\System32\drivers\pwipf6.sys
[2011/02/16 18:52:06 | 005,555,080 | ---- | M] (Webroot Software, Inc.) -- C:\Documents and Settings\Administrator\Application Data\wruninstall.exe
[2011/02/16 18:52:06 | 000,001,912 | ---- | M] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
[2011/02/15 22:08:46 | 001,284,836 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/02/15 19:10:20 | 000,000,292 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1006.job
[2011/02/14 22:04:32 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/02/13 10:06:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/11 15:12:04 | 000,000,700 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk

========== Files Created - No Company Name ==========

[2011/02/20 13:29:22 | 000,000,212 | ---- | C] () -- C:\Boot.bak
[2011/02/20 13:29:20 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/20 13:26:51 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/20 13:26:51 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/20 13:26:51 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/20 13:26:51 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/20 13:26:51 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/19 20:14:59 | 000,000,658 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/19 19:01:27 | 000,009,744 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\cc_20110219_190118.reg
[2011/02/19 09:27:00 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/02/18 08:44:05 | 000,000,609 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\IObit Security 360.lnk
[2011/02/18 08:40:42 | 000,028,496 | ---- | C] () -- C:\WINDOWS\System32\SmartDefragBootTime.exe
[2011/02/18 08:40:42 | 000,014,776 | ---- | C] () -- C:\WINDOWS\System32\drivers\SmartDefragDriver.sys
[2011/02/18 08:40:41 | 000,000,695 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Smart Defrag 2.lnk
[2011/02/18 00:35:27 | 000,000,748 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Advanced SystemCare.lnk
[2011/02/17 21:49:22 | 000,000,697 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Switch to Gaming Mode.lnk
[2011/02/17 21:49:22 | 000,000,685 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Game Booster.lnk
[2011/02/16 19:14:21 | 000,001,577 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Webroot Security.lnk
[2011/02/16 19:14:16 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\askcom.xml
[2011/02/16 18:52:05 | 000,001,912 | ---- | C] () -- C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Uninstall Webroot RunOnce.lnk
[2011/02/15 19:10:19 | 000,000,284 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1006.job
[2011/02/15 19:10:18 | 000,000,292 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-515967899-308236825-725345543-1006.job
[2011/02/15 15:37:52 | 001,284,836 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\bdinstall.bin
[2011/01/29 19:54:10 | 000,000,280 | ---- | C] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-515967899-308236825-725345543-1003.job
[2011/01/27 19:56:20 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/01/25 21:58:56 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\redmonnt.dll
[2010/12/11 15:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2010/12/11 15:52:10 | 000,303,104 | ---- | C] () -- C:\WINDOWS\System32\sndp202.dll
[2010/12/11 15:52:10 | 000,015,525 | ---- | C] () -- C:\WINDOWS\sndp202.ini
[2010/12/11 15:52:09 | 000,243,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndp202.sys
[2010/12/11 15:52:09 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\dsndp202.dll
[2010/12/11 15:52:08 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\vsndp202.dll
[2010/06/08 19:59:58 | 000,000,754 | ---- | C] () -- C:\WINDOWS\wordpad.INI
[2009/09/04 21:35:10 | 000,721,904 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2008/10/30 06:26:13 | 000,000,577 | ---- | C] () -- C:\WINDOWS\ULead.ini
[2008/10/28 17:40:48 | 000,173,552 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2008/10/09 16:31:54 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\txmlutil.dll
[2008/09/01 09:41:01 | 000,000,135 | ---- | C] () -- C:\WINDOWS\wcx_ftp.ini
[2008/02/12 20:50:28 | 000,000,121 | ---- | C] () -- C:\WINDOWS\bdagent.INI
[2008/02/03 13:51:46 | 000,003,558 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/02/03 13:51:46 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\9BA75D0DC1.sys
[2008/01/20 11:33:13 | 000,000,215 | ---- | C] () -- C:\WINDOWS\clientshell.INI
[2008/01/16 23:02:25 | 000,003,107 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2007/05/04 23:10:37 | 000,000,082 | ---- | C] () -- C:\WINDOWS\System32\keyreader.ini
[2006/09/10 10:22:54 | 000,034,308 | ---- | C] () -- C:\WINDOWS\System32\BASSMOD.dll
[2006/03/10 23:31:18 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/10 03:06:00 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2005/12/10 03:06:00 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2005/12/10 03:06:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2005/12/10 03:06:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2005/12/10 03:06:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2005/12/10 03:06:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2005/12/10 03:06:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/12/06 23:15:53 | 000,001,125 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2005/12/05 17:36:55 | 000,000,587 | ---- | C] () -- C:\WINDOWS\wincode.ini
[2005/11/27 23:31:19 | 000,000,044 | ---- | C] () -- C:\WINDOWS\liveup.ini
[2005/11/02 19:14:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\TEXTART.INI
[2005/10/31 22:56:08 | 000,000,733 | ---- | C] () -- C:\WINDOWS\CoD.INI
[2005/10/02 11:29:52 | 000,001,563 | ---- | C] () -- C:\WINDOWS\System32\drivers\servers.ini
[2005/10/02 11:29:52 | 000,000,705 | ---- | C] () -- C:\WINDOWS\System32\drivers\popups.ini
[2005/10/02 11:29:52 | 000,000,289 | ---- | C] () -- C:\WINDOWS\System32\drivers\aliases.ini
[2005/10/02 11:29:52 | 000,000,271 | ---- | C] () -- C:\WINDOWS\System32\drivers\users.ini
[2005/10/02 11:29:52 | 000,000,198 | ---- | C] () -- C:\WINDOWS\System32\drivers\perform.ini
[2005/10/02 11:29:52 | 000,000,013 | ---- | C] () -- C:\WINDOWS\System32\drivers\remote.ini
[2005/07/04 13:20:35 | 000,000,057 | ---- | C] () -- C:\WINDOWS\System32\o2k2o3du.ini
[2005/05/01 18:07:07 | 000,000,313 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2005/01/05 17:10:36 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2005/01/05 17:10:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\vi_setup.ini
[2005/01/01 17:57:47 | 000,000,067 | ---- | C] () -- C:\WINDOWS\IDMan.INI
[2004/12/29 21:32:04 | 000,000,280 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2004/12/26 20:34:45 | 000,000,520 | ---- | C] () -- C:\WINDOWS\PSTUDIO.INI
[2004/12/15 18:41:07 | 000,002,470 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2004/11/28 19:38:48 | 000,028,747 | ---- | C] () -- C:\WINDOWS\System32\KMemoryMMX.dll
[2004/11/28 19:38:48 | 000,024,632 | ---- | C] () -- C:\WINDOWS\System32\KMemory.dll
[2004/11/28 19:38:48 | 000,020,546 | ---- | C] () -- C:\WINDOWS\System32\KMemoryC.dll
[2004/11/28 19:38:47 | 000,024,653 | ---- | C] () -- C:\WINDOWS\System32\KMemoryPIII.dll
[2004/11/28 19:38:23 | 000,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2004/11/28 19:38:23 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EnrouteStitch.dll
[2004/11/28 19:38:22 | 000,332,800 | ---- | C] () -- C:\WINDOWS\System32\FPXLIB.DLL
[2004/11/28 19:38:22 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\JPEGLIB.DLL
[2004/11/28 19:38:22 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\CPUINF32.DLL
[2004/11/07 11:29:46 | 000,000,378 | ---- | C] () -- C:\WINDOWS\ob1.INI
[2004/10/26 20:44:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\winhlp32.ini
[2004/10/26 20:44:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2004/10/26 20:44:11 | 000,000,321 | ---- | C] () -- C:\WINDOWS\System32\cosmo.ini
[2004/10/26 20:44:05 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\sx83p32.dll
[2004/10/26 20:43:50 | 000,150,016 | ---- | C] () -- C:\WINDOWS\CRLASP95.DLL
[2004/10/26 20:42:42 | 000,017,552 | ---- | C] () -- C:\WINDOWS\System32\TTYTWIN.DRV
[2004/10/26 20:42:05 | 000,022,480 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI16.DLL
[2004/10/26 20:42:05 | 000,020,992 | ---- | C] () -- C:\WINDOWS\System32\PFMAPI32.DLL
[2004/10/26 16:39:05 | 003,375,104 | ---- | C] () -- C:\WINDOWS\System32\qt-mt331.dll
[2004/10/24 01:08:13 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\Ultra.dll
[2004/10/12 00:38:49 | 000,000,056 | ---- | C] () -- C:\WINDOWS\uilib.INI
[2004/10/09 23:18:18 | 000,071,749 | ---- | C] () -- C:\WINDOWS\HCExtOutput.dll
[2004/10/09 23:18:18 | 000,000,823 | ---- | C] () -- C:\WINDOWS\TSC.ini
[2004/10/09 23:15:52 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2004/10/06 00:05:26 | 000,000,045 | ---- | C] () -- C:\WINDOWS\BJIIKONJ.ini
[2004/10/01 01:12:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mgshell.INI
[2004/10/01 01:07:22 | 000,016,973 | ---- | C] () -- C:\WINDOWS\System32\ZWebAuth.dll
[2004/09/25 13:08:06 | 000,000,653 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI
[2004/09/21 00:31:14 | 000,000,492 | ---- | C] () -- C:\WINDOWS\demo.INI
[2004/09/20 00:22:46 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2004/09/20 00:22:46 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2004/09/20 00:22:46 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2004/09/13 21:27:54 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2004/09/08 16:45:06 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2004/09/08 15:55:25 | 000,002,888 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2004/09/07 17:14:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/12/10 00:00:00 | 001,708,032 | ---- | C] () -- C:\WINDOWS\System32\MSO97V.DLL
[2002/12/10 00:00:00 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\DOCOBJ.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\MSORFS.DLL
[2002/12/10 00:00:00 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\hlinkprx.dll
[2002/11/01 16:17:50 | 000,000,256 | ---- | C] () -- C:\WINDOWS\aucfg.ini
[2002/10/14 15:39:18 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\lxbbcoin.ini
[2002/07/04 15:05:34 | 000,000,269 | ---- | C] () -- C:\WINDOWS\tmupdate.ini
[2001/12/14 13:34:46 | 000,164,864 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[1999/12/07 00:00:00 | 000,024,957 | ---- | C] () -- C:\WINDOWS\twain_16.dll
[1999/07/23 13:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 10:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/08/16 05:00:00 | 000,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== LOP Check ==========

[2004/09/25 13:11:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2004/09/25 22:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2005/04/23 18:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2006/11/19 22:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\101 Software
[2007/05/31 23:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Backup
[2007/12/22 15:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/02/03 13:48:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lightning
[2008/03/19 19:55:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/09/19 22:48:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2009/01/09 21:31:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/01/24 23:14:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{92E7A367-8E12-4830-AA70-29C32E331A81}
[2009/09/04 21:44:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/09/04 22:07:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fallout3
[2011/01/25 23:08:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2011/02/08 21:22:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FileCure
[2011/02/15 16:12:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\33f20000-d8f8-4acd-3d22-5f9c81cea6b2
[2011/02/17 21:49:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IObit
[2011/02/18 08:42:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeApp
[2005/09/25 12:41:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\VCOM
[2007/09/10 11:02:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Tenebril
[2010/03/14 01:02:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\gtk-2.0
[2010/02/15 13:46:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\QuickScan
[2009/01/01 16:19:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\EvidenceBlaster
[2009/09/04 21:35:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\DAEMON Tools Lite
[2004/10/10 00:19:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Adorons
[2004/10/11 23:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Tenebril
[2004/10/11 23:36:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\VCOM
[2010/03/13 10:13:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\DiskSpaceFan
[2004/11/07 11:27:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Opera
[2004/11/16 01:27:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Leadertech
[2010/08/20 20:31:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\BitCometLite
[2005/01/01 17:50:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\DMCache
[2010/09/21 18:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Uniblue
[2011/01/25 23:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Downloaded Installations
[2010/12/05 14:53:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\FixCleaner
[2011/01/18 20:58:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\.minecraft
[2011/01/25 23:09:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Nitro PDF
[2011/02/03 16:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\GetRightToGo
[2011/02/18 00:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\IObit
[2006/11/02 16:47:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Gaijin Ent
[2006/11/19 22:58:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\101 Software
[2006/12/10 12:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Registry Booster
[2006/12/24 20:13:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\BitTorrent
[2007/08/04 11:58:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Netscape
[2007/11/24 10:46:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\SystemRequirementsLab
[2007/12/22 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Grisoft
[2008/07/27 13:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\IrfanView
[2005/05/05 22:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VCOM
[2011/02/19 11:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/02/21 10:57:02 | 000,000,362 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Checkpoint.job

========== Purity Check ==========

wisserd · 2011/02/21

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/19 00:09:54 | 000,297,385 | -H-- | M] () -- C:\treeinfo.wc
[2010/02/13 14:46:48 | 000,002,223 | ---- | M] () -- C:\bdlog.txt
[2004/09/08 15:50:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2004/09/08 15:50:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2004/09/08 15:50:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2006/09/04 19:14:24 | 000,001,416 | ---- | M] () -- C:\smitfiles.txt
[2007/02/19 17:36:28 | 000,000,206 | ---- | M] () -- C:\Defence.dat
[2008/08/29 16:50:22 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2004/09/10 15:37:32 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2011/02/20 13:29:24 | 000,000,328 | RHS- | M] () -- C:\boot.ini
[2011/02/19 09:58:44 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2004/10/11 23:16:56 | 000,000,053 | -HS- | M] () -- C:\ntldp
[2004/10/11 23:16:56 | 000,000,053 | -HS- | M] () -- C:\ntdetect.col
[2004/10/11 23:16:56 | 000,000,053 | -HS- | M] () -- C:\boot.inh
[2009/09/04 21:56:32 | 000,000,279 | ---- | M] () -- C:\RCINFO.TXT
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2004/11/06 21:43:36 | 000,000,583 | -H-- | M] () -- C:\IPH.PH
[2011/01/25 22:40:52 | 000,006,112 | ---- | M] () -- C:\scramble.log
[2006/11/09 14:35:14 | 000,000,856 | ---- | M] () -- C:\flashplayer.xpt
[2011/02/20 21:02:32 | 000,435,284 | ---- | M] () -- C:\winzip.log
[2005/07/04 13:20:40 | 000,000,046 | ---- | M] () -- C:\hWaitEventRetryInstall
[2010/08/25 21:12:46 | 000,000,212 | ---- | M] () -- C:\Boot.bak
[2005/12/28 00:18:46 | 000,002,239 | ---- | M] () -- C:\Alerts.txt
[2005/12/28 00:11:22 | 000,006,547 | ---- | M] () -- C:\threatalerts.txt
[2006/02/19 19:57:18 | 000,002,245 | ---- | M] () -- C:\bee.txt
[2011/02/20 21:16:48 | 000,043,792 | ---- | M] () -- C:\TDSSKiller.2.4.17.0_20.02.2011_21.03.56_log.txt

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/09/08 16:36:16 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2002/05/14 16:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll
[2002/10/14 15:37:04 | 000,079,872 | ---- | M] (Lexmark International) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBBPP5C.DLL
[2006/10/14 16:44:44 | 000,671,744 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\PrintFilterPipelineSvc.exe
[2006/10/14 16:43:18 | 000,027,648 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/09/08 16:14:52 | 002,097,152 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2004/09/08 16:14:52 | 008,388,608 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2004/09/08 16:14:52 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2004/09/08 15:54:58 | 000,262,144 | ---- | M] () -- C:\WINDOWS\system32\config\security.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2004/09/10 15:41:00 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2010/09/27 17:41:04 | 000,000,211 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Free AOL & Unlimited Internet.url

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2002/11/26 11:57:22 | 000,012,850 | ---- | M] () -- C:\WINDOWS\sndp202.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2005/12/13 22:51:14 | 000,000,440 | RHS- | M] () -- C:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/02/21 12:20:56 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\Administrator\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2005/01/28 13:44:28 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2000/12/05 13:10:32 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2001/08/01 21:58:12 | 000,016,415 | ---- | M] () -- C:\Program Files\Messenger\msmsgsin.exe
[2001/02/01 06:00:26 | 000,000,685 | ---- | M] () -- C:\Program Files\Messenger\msmsgs.exe.manifest
[2001/05/22 13:06:52 | 000,000,866 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2001/03/07 06:00:26 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2001/05/02 15:24:18 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\blogo.gif
[2004/07/17 13:41:04 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2004/07/17 13:41:08 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/07/17 13:41:08 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/07/17 13:41:08 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/07/17 13:41:08 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 02:56:14 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/04 02:56:42 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/10/13 10:24:38 | 001,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2008/05/02 09:22:02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2009/01/03 23:30:48 | 000,005,632 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1994/02/18 03:51:08 | 000,262,704 | ---- | M] (Bits Per Second Ltd) -- C:\WINDOWS\system\GSW.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

< End of report >

OTL Extras logfile created on: 2/21/2011 12:22:24 PM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Wizard\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

512.00 Mb Total Physical Memory | 353.00 Mb Available Physical Memory | 69.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 95.00% Paging File free
Paging file location(s): D:\pagefile.sys 0 0E:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 13.17 Gb Total Space | 3.23 Gb Free Space | 24.51% Space Free | Partition Type: FAT32
Drive D: | 17.58 Gb Total Space | 7.38 Gb Free Space | 41.96% Space Free | Partition Type: NTFS
Drive E: | 20.51 Gb Total Space | 6.50 Gb Free Space | 31.70% Space Free | Partition Type: NTFS
Drive F: | 23.25 Gb Total Space | 2.91 Gb Free Space | 12.50% Space Free | Partition Type: NTFS
Unable to calculate disk information.
Drive I: | 11.71 Gb Total Space | 3.13 Gb Free Space | 26.73% Space Free | Partition Type: FAT32
Drive J: | 14.98 Gb Total Space | 14.66 Gb Free Space | 97.88% Space Free | Partition Type: FAT32
Drive K: | 11.44 Gb Total Space | 11.38 Gb Free Space | 99.43% Space Free | Partition Type: FAT32

Computer Name: ZAR | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.html [@ = FirefoxHTML] -- D:\Program Files\Mozilla Firefox 4.0 Beta 4\firefox.exe (Mozilla Corporation)
.ini [@ = GetDiz.Document] -- D:\Program Files\FILE HELP\GetDiz\GetDiz.exe (Outer Technologies - http://outertech.com)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
https [open] -- "D:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [File Finder...] -- d:\Program Files\VCOM\PowerDesk\pdfind.exe /PATH:%1 (V Communications, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Renamer] -- D:\Program Files\hardisk tools\Renamer\Renamer.exe %0 (Frilans)
Directory [Winamp.Bookmark] -- "D:\Program Files\audio\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "D:\Program Files\audio\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "D:\Program Files\audio\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
"DisableMonitoring" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\open zip\Phoenix_Dynasty_Online_Client_7403.exe" = D:\open zip\Phoenix_Dynasty_Online_Client_7403.exe:*:Enabledhoenix_Dynasty_Online_Client_7403.exe -- (www.BitComet.com)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"_{4873CC58-69D8-490D-9E5C-001DC2EE202E}" = WordPerfect Lightning
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{04EC86CF-1E9B-4343-85BD-F06547586544}" = GemBox.Spreadsheet Free 2.7
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08E9C35A-A0AE-43FA-AEA1-E4F58A87FBD1}" = Arcanum
"{0A0CADCF-78DA-33C4-A350-CD51849B9702}" = Microsoft .NET Framework 4 Extended
"{0F9196C6-58B4-445B-B56E-B1200FECC151}" = Microsoft Bootvis
"{11B569C2-4BF6-4ED0-9D17-A4273943CB24}" = Adobe Photoshop Album 2.0 Starter Edition
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{1587135D-BC42-45C2-AFC5-39B14551BBB8}" = ZeroSpyware Limited Edition
"{1FCC574F-AFA2-4432-9EF1-79CA7BA73431}_is1" = Webroot Internet Security Essentials
"{1FE92762-7856-11D4-9ABB-006067325E47}" = Baldur's Gate II - Shadows of Amn Collectors CD
"{26A24AE4-039D-4CA4-87B4-2F83216024FF}" = Java(TM) 6 Update 24
"{2A9A40C7-6670-4D5F-8F41-D12E2E08B48B}" = Star Wars®: Knights of the Old Republic (TM)
"{2C0A655C-61E7-428A-8ED2-23A3D20E7DD2}" = Data Lifeguard Tools
"{2C0CD17D-0B06-4700-83FA-7344B868B0A2}" = Opera 9.63
"{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}" = Rhapsody Player Engine
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3B124151-B6A0-492C-8838-0854B800535D}" = Creative MuVo NX-TX
"{3C3901C5-3455-3E0A-A214-0B093A5070A6}" = Microsoft .NET Framework 4 Client Profile
"{3E5DA526-F420-45A6-9F27-D2B5246D6823}" = Free Natural Text to Speech Reader 2007
"{3F5B6210-0903-4DC6-8034-8F488AA3A782}" = Spy Sweeper Core
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{3FBC5FCA-F989-4D5D-93F6-B185EEE1EC76}" = IIS6 Manager
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{4873CC58-69D8-490D-9E5C-001DC2EE202E}" = WordPerfect Lightning
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4AA3D64E-9EC3-4B0F-AB91-5885AC55641F}" = Microsoft Games for Windows - LIVE
"{4F5CE18C-D97D-48FF-A510-A0D90C918294}" = iTunes
"{5809E7CF-4DCF-11D4-9875-00105ACE7734}" = Logitech MouseWare 9.79
"{587178E7-B1DF-494E-9838-FA4DD36E873C}" = ASUSUpdate
"{5A5CC136-BD96-4913-B4F5-578634305007}_is1" = Evidence-Blaster 2009
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger
"{90120000-00D1-0409-0000-0000000FF1CE}" = Microsoft Office Access database engine 2007 (English)
"{974C4B12-4D02-4879-85E0-61C95CC63E9E}" = Fallout 3
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{AF131494-F5D8-45C5-938C-D5F020CF1B0D}" = Tom Clancy's Rainbow Six 3: Raven Shield
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B43357AA-3A6D-4D94-B56E-43C44D09E548}" = Microsoft .NET Framework (English)
"{B74BF9E1-63E3-4A19-88EA-5DE77ED34748}" = VCOM SystemSuite 5
"{B8C3B479-1716-11D5-968A-0050BA84F5F7}" = Baldur's Gate(TM) II - Throne of Bhaal (TM)
"{C9E3D78F-9B6E-4103-89C6-2A355117FD04}" = Reverse Phone Search Tool
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{E85397AD-D60E-4141-82E6-FAA312A09271}" = Bushnell ImageView
"{F2ABB3D1-0792-47B6-BDD7-C7AF613F0156}_is1" = AirBlast
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F4F4F84E-804F-4E9A-84D7-C34283F0088F}" = RealUpgrade 1.0
"{F6EE49FD-B736-4888-A05A-115F3B1160FA}" = WordPerfect Lightning - MSOM
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FD052FB9-FE90-4438-B355-15EDC89D8FB1}" = Microsoft Games for Windows - LIVE Redistributable
"7-ZIP" = 7-Zip 2.30 Beta 25
"Abacast Client" = Abacast Client
"AbsolutePoker NET" = AbsolutePoker NET
"Adobe AIR" = Adobe AIR
"Adobe Atmosphere Player" = Adobe Atmosphere Player for Acrobat and Adobe Reader
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"Aluria LiteScanner" = Aluria LiteScanner
"ArcSoft Camera Studio" = ArcSoft Camera Studio
"BitLord" = BitLord 1.1
"Branding" =
"CCleaner" = CCleaner
"Clean Disk Security" = Clean Disk Security 7.81
"Corel WordPerfect Suite 8" = Corel WordPerfect Suite 8
"CT Attrib Lite" = CT Attrib Lite
"Disk Space Fan_is1" = Disk Space Fan 1.4.3.1
"DriverAgent" = DriverAgent Plugin for Netscape by TouchStone Software
"File Properties Changer" = File Properties Changer
"FreeApp v1" = FreeApps
"Game Booster_is1" = Game Booster
"GameSpy Arcade" = GameSpy Arcade
"GetDiz 3.0" = GetDiz 3.0
"Hide IP Platinum_is1" = Hide IP Platinum 2.5
"ie8" = Windows Internet Explorer 8
"InCD!UninstallKey" = InCD (Ahead Software)
"InstallShield_{9497EBAA-87AD-41E6-8ED6-E1E52995A76C}" = VIA Integrated Setup Wizard
"InstallShield_{F8FBDC28-C265-4F0D-8B91-6E92913E19F6}" = IIS 6.0 Resource Kit Tools
"IObit Security 360_is1" = IObit Security 360
"IrfanView" = IrfanView (remove only)
"Kaspersky Online Scanner" = Kaspersky Online Scanner
"Lexmark X74-X75" = Lexmark X74-X75
"Logitech Resource Center" = Logitech Resource Center
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 4 Client Profile" = Microsoft .NET Framework 4 Client Profile
"Microsoft .NET Framework 4 Extended" = Microsoft .NET Framework 4 Extended
"Microsoft .NET Framework Full v1.0.3705 (1033)" = Microsoft .NET Framework (English) v1.0.3705
"Microsoft Internet Gaming Zone" = MSN Gaming Zone
"Mozilla Firefox (3.6.13)" = Mozilla Firefox (3.6.13)
"Mozilla Firefox 4.0b6 (x86 en-US)" = Mozilla Firefox 4.0b6 (x86 en-US)
"MRW!UninstallKey" = InCD EasyWrite Reader (Ahead Software)
"MSN Music Assistant" = MSN Music Assistant
"MuVo Driver" = MuVo Driver
"Netscape Navigator (9.0.0.5)" = Netscape Navigator (9.0.0.5)
"NVIDIA Drivers" = NVIDIA Drivers
"PCHealth" =
"PowerDesk5.0" = PowerDesk 5.0
"PPTView97" = Microsoft PowerPoint Viewer 97
"RealPlayer 12.0" = RealPlayer
"Recovery Commander" = Recovery Commander
"Renamer" = Renamer (remove only)
"Revo Uninstaller" = Revo Uninstaller 1.91
"ROXIO_PRISM_V4_0" = PhotoSuite 4 (Remove Only)
"RSX2Uninst" = Intel RSX 3D
"Shockwave" =
"Sky Fight_is1" = Sky Fight
"Smart Defrag 2_is1" = Smart Defrag 2
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.5.2.20
"SpywareBlaster_is1" = SpywareBlaster 4.1
"Super Magnify v1.3_is1" = Super Magnify v1.3
"Swat It v2.1" = Swat It v2.1
"SysInfo" = Creative System Information
"SystemRequirementsLab" = System Requirements Lab
"The Off By One Web Browser" = The Off By One Web Browser
"Totalcmd" = Total Commander (Remove or Repair)
"Tracks Eraser Pro_is1" = Tracks Eraser Pro v5.7
"Unlocker" = Unlocker 1.8.5
"UOGateway" = UOGateway
"Useful File Utilities" = Useful File Utilities (remove only)
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinGimp-2.0_is1" = Gimp 2.6.2 Debug
"WinRAR archiver" = WinRAR archiver

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/21/2011 2:00:21 AM | Computer Name = ZAR | Source = nview_info | ID = 11141121
Description =

Error - 2/21/2011 2:00:21 AM | Computer Name = ZAR | Source = nview_info | ID = 11141121
Description =

Error - 2/21/2011 2:00:21 AM | Computer Name = ZAR | Source = nview_info | ID = 11141121
Description =

Error - 2/21/2011 2:00:21 AM | Computer Name = ZAR | Source = nview_info | ID = 11141121
Description =

Error - 2/21/2011 2:10:17 AM | Computer Name = ZAR | Source = UserInit | ID = 1000
Description = Could not execute the following script (. The system cannot find the
file specified. .

Error - 2/21/2011 4:21:16 AM | Computer Name = ZAR | Source = UserInit | ID = 1000
Description = Could not execute the following script (. The system cannot find the
file specified. .

Error - 2/21/2011 1:55:14 PM | Computer Name = ZAR | Source = UserInit | ID = 1000
Description = Could not execute the following script (. The system cannot find the
file specified. .

Error - 2/21/2011 2:03:34 PM | Computer Name = ZAR | Source = UserInit | ID = 1000
Description = Could not execute the following script (. The system cannot find the
file specified. .

Error - 2/21/2011 2:15:22 PM | Computer Name = ZAR | Source = nview_info | ID = 11141121
Description =

Error - 2/21/2011 2:18:47 PM | Computer Name = ZAR | Source = UserInit | ID = 1000
Description = Could not execute the following script (. The system cannot find the
file specified. .

[ System Events ]
Error - 2/21/2011 2:13:52 PM | Computer Name = ZAR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AVG Anti-Spyware Driver IKFileSec SASKUTIL

Error - 2/21/2011 2:21:14 PM | Computer Name = ZAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 2/21/2011 2:21:17 PM | Computer Name = ZAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 2/21/2011 2:21:37 PM | Computer Name = ZAR | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service StiSvc with
arguments " " in order to run the server: {A1F4E726-8CF1-11D1-BF92-0060081ED811}

Error - 2/21/2011 2:21:59 PM | Computer Name = ZAR | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31

Error - 2/21/2011 2:21:59 PM | Computer Name = ZAR | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 2/21/2011 2:21:59 PM | Computer Name = ZAR | Source = Service Control Manager | ID = 7001
Description = The TCP/IP NetBIOS Helper service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 2/21/2011 2:21:59 PM | Computer Name = ZAR | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 2/21/2011 2:21:59 PM | Computer Name = ZAR | Source = Service Control Manager | ID = 7001
Description = The Simple TCP/IP Services service depends on the AFD Networking Support
Environment service which failed to start because of the following error: %%31

Error - 2/21/2011 2:21:59 PM | Computer Name = ZAR | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AFD AmdK7 AVG Anti-Spyware Driver Fips IKFileSec IPSec MRxSmb NetBIOS NetBT pwipf6 RasAcd
Rdbss
SASDIFSV
SASKUTIL
Tcpip

< End of report >

broni · 2011/02/21

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
SRV - File not found [Disabled | Stopped] -- -- (AVG Anti-Spyware Guard)
SRV - File not found [On_Demand | Stopped] -- -- (aawservice)
DRV - [2007/05/30 06:10:42 | 000,010,872 | ---- | M] (GRISOFT, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AvgAsCln.sys -- (AvgAsCln)
O3 - HKLM\..\Toolbar: (no name) - {D4027C7F-154A-4066-A1AD-4243D8127440} - No CLSID value found.
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O16 - DPF: {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31} http://forms.real.com/real/player/do...e_Inst_Win.cab (Reg Error: Value error.)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...22/wmv9VCM.CAB (Reg Error: Value error.)
O16 - DPF: {556DDE35-E955-11D0-A707-000000521957} http://www.xblock.com/download/xclean_micro.exe (Reg Error: Value error.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O28 - HKLM ShellExecuteHooks: {57B86673-276A-48B2-BAE7-C6DBB3020EB8} - Reg Error: Key error. File not found
O29 - HKLM SecurityProviders - (zwebauth.dll) - C:\WINDOWS\System32\ZWebAuth.dll ()
[2011/02/16 19:14:16 | 000,002,236 | ---- | C] () -- C:\WINDOWS\System32\askcom.xml
[2008/02/03 13:51:46 | 000,000,008 | RHS- | C] () -- C:\WINDOWS\System32\9BA75D0DC1.sys
[2004/09/25 22:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/12/22 15:14:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2010/09/21 18:55:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Uniblue
[2006/12/10 12:26:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Registry Booster
[2007/12/22 15:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Wizard\Application Data\Grisoft


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

wisserd · 2011/02/21

All processes killed
========== OTL ==========
Service AVG Anti-Spyware Guard stopped successfully!
Service AVG Anti-Spyware Guard deleted successfully!
Service aawservice stopped successfully!
Service aawservice deleted successfully!
Service AvgAsCln stopped successfully!
Service AvgAsCln deleted successfully!
C:\WINDOWS\system32\drivers\AvgAsCln.sys moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{D4027C7F-154A-4066-A1AD-4243D8127440} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D4027C7F-154A-4066-A1AD-4243D8127440}\ not found.
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Starting removal of ActiveX control {2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2DFF31F9-7893-4922-AF66-C9A1EB4EBB31}\ not found.
Starting removal of ActiveX control {33564D57-0000-0010-8000-00AA00389B71}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-0000-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {556DDE35-E955-11D0-A707-000000521957}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{556DDE35-E955-11D0-A707-000000521957}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{556DDE35-E955-11D0-A707-000000521957}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{556DDE35-E955-11D0-A707-000000521957}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{556DDE35-E955-11D0-A707-000000521957}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{556DDE35-E955-11D0-A707-000000521957}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\!SASWinLogon\ deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks\\{57B86673-276A-48B2-BAE7-C6DBB3020EB8} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{57B86673-276A-48B2-BAE7-C6DBB3020EB8}\ not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SecurityProviders\\SecurityProviders:zwebauth.dll deleted successfully.
C:\WINDOWS\system32\ZWebAuth.dll moved successfully.
C:\WINDOWS\system32\askcom.xml moved successfully.
C:\WINDOWS\system32\9BA75D0DC1.sys moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5\Downloads folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft\AVG Anti-Spyware 7.5 folder moved successfully.
C:\Documents and Settings\All Users\Application Data\Grisoft folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue\RegistryBooster\backup folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue\RegistryBooster\_temp folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue\RegistryBooster\history folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue\RegistryBooster folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue\DriverScanner\_temp folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue\DriverScanner\drivers folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue\DriverScanner folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Uniblue folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Registry Booster folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Grisoft\AVG Antispyware 7.5\Reports folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Grisoft\AVG Antispyware 7.5\quarantine folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Grisoft\AVG Antispyware 7.5 folder moved successfully.
C:\Documents and Settings\Wizard\Application Data\Grisoft folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 56502 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Wizard
->Temp folder emptied: 2916 bytes
->Temporary Internet Files folder emptied: 43585 bytes
->Java cache emptied: 51302 bytes
->FireFox cache emptied: 63727212 bytes
->Flash cache emptied: 1892 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->FireFox cache emptied: 3631862 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 770937 bytes

Total Files Cleaned = 65.00 mb

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Wizard
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02212011_131710

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

wisserd · 2011/02/21

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Out of date Spybot installed!
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.1.102.64
Adobe Atmosphere Player for Acrobat and Adobe Reader
Adobe Reader X (10.0.1)
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

broni · 2011/02/21

We'll need to install Service Pack 3, but I want to see Eset scan first.

You seem to have some outdated Firefox installed.
Update it, or uninstall it, if you don't use it.

wisserd · 2011/02/21

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip Win32/Bagle.gen.zip worm
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip Win32/Bagle.gen.zip worm
D:\open zip\install_player.exe probably a variant of Win32/Chepdu.AG trojan
E:\drive D\PROGRAMS (J)\Program Files\Swat It v2.1\SwatIt.exe probably unknown NewHeur_PE virus
I:\WINDOWS\system32\drivers\etc\hosts.20041125-223315.backup Win32/Qhost trojan
I:\downloads\registrybooster.exe multiple threats

I only use firefox. I won't do any thing till I hear from you. I checked firefox and it said I was current.

broni · 2011/02/21

Make sure, it's at 3.6.13 version.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL

:Services

:Reg

:Files
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip 
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip 
D:\open zip\install_player.exe 
E:\drive D\PROGRAMS (J)\Program Files\Swat It v2.1\SwatIt.exe 
I:\WINDOWS\system32\drivers\etc\hosts.20041125-223315.backup Win32/Qhost trojan
I:\downloads\registrybooster.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
==============================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

wisserd · 2011/02/21

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch3.zip moved successfully.
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\MyWayMyWebSearch5.zip moved successfully.
D:\open zip\install_player.exe moved successfully.
E:\drive D\PROGRAMS (J)\Program Files\Swat It v2.1\SwatIt.exe moved successfully.
Invalid Switch: Qhost trojan
I:\downloads\registrybooster.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wizard
->Temp folder emptied: 399 bytes
->Temporary Internet Files folder emptied: 4800776 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 46535338 bytes
->Flash cache emptied: 456 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 49.00 mb

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Wizard
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.20.6 log created on 02212011_191704

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

wisserd · 2011/02/21

reset system restore

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Wizard
->Temp folder emptied: 397 bytes
->Temporary Internet Files folder emptied: 41712 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 20011077 bytes
->Flash cache emptied: 456 bytes

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 40960 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 19.00 mb

[EMPTYFLASH]

User: Default User
->Flash cache emptied: 0 bytes

User: All Users

User: NetworkService

User: LocalService

User: Wizard
->Flash cache emptied: 0 bytes

User: Administrator
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.20.6 log created on 02212011_193022

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

broni · 2011/02/21

12. Please, let me know, how your computer is doing.
Click to expand...

Whenever ready....

wisserd · 2011/02/21

Everything is working great. Boots faster and shuts down faster. Thank for the patience. Can't thank you enough broni Put all your recommendations on, all work well. All that is left is to do is my Subscription and donation and find the Mark this thread as solved. Not in the Thread Tools.

broni · 2011/02/21

Good news

In this forum only I can mark it resolved, which I gladly will.

Good luck and stay safe

Log in or Sign up

Solved Desktop Hijacked, blue background stating system infected

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Desktop Hijacked, blue background stating system infected

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

wisserd Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches