Inactive Error Stating Validation Required

oldmanjim · 2012/11/21

http://www.uploadmb.com/dw.php?id=1353527439

here is the link.

broni · 2012/11/21

Yeah, that file is infected.

1. Please open Notepad (Start>All Programs>Accessories>Notepad).

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\ntvdm.exe | C:\WINDOWS\LastGood\System32\ntvdm.exe
C:\WINDOWS\$hf_mig$\KB840987\SP1QFE\ntvdm.exe | C:\WINDOWS\$NtUninstallKB840987$\ntvdm.exe
C:\WINDOWS\SoftwareDistribution\Download\0f8b18aa20fa96676204a1511bfe7d2b\xmlprov.dll | c:\windows\System32\xmlprov.dll
C:\WINDOWS\SoftwareDistribution\Download\0f8b18aa20fa96676204a1511bfe7d2b\wscntfy.exe | c:\windows\System32\wscntfy.exe

ClearJavaCache::
3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

oldmanjim · 2012/11/21

ComboFix 12-11-21.01 - Jim 04/16/2002 7:59.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.479.239 [GMT -7:00]
Running from: c:\documents and settings\Jim\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Jim\Desktop\cfscript.txt
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
C:\LOG2E.tmp
.
Infected copy of c:\windows\system32\msgsvc.dll was found and disinfected
Restored copy from - c:\windows\erdnt\cache\msgsvc.dll
.
.
--------------- FCopy ---------------
.
c:\windows\$hf_mig$\KB840987\SP1QFE\ntvdm.exe --> c:\windows\LastGood\System32\ntvdm.exe
c:\windows\$hf_mig$\KB840987\SP1QFE\ntvdm.exe --> c:\windows\$NtUninstallKB840987$\ntvdm.exe
c:\windows\SoftwareDistribution\Download\0f8b18aa20fa96676204a1511bfe7d2b\xmlprov.dll --> c:\windows\System32\xmlprov.dll
c:\windows\SoftwareDistribution\Download\0f8b18aa20fa96676204a1511bfe7d2b\wscntfy.exe --> c:\windows\System32\wscntfy.exe
.
((((((((((((((((((((((((( Files Created from 2002-03-16 to 2002-04-16 )))))))))))))))))))))))))))))))
.
.
2008-01-09 04:31 . 2008-11-09 19:00 -------- d-----r- C:\$VAULT$.AVG
2007-07-09 00:12 . 2007-07-09 00:35 -------- d-----w- C:\Software
2005-12-01 01:40 . 2005-12-01 01:40 11817800 ----a-w- C:\GoogleEarth.exe
2005-10-09 13:48 . 2005-10-09 13:48 2080964 ----a-w- C:\Imation Disk Manager IV.exe
2005-02-07 02:36 . 2007-07-08 14:18 -------- d-----w- C:\Garmin
2004-12-24 17:57 . 2004-12-24 18:05 20798256 ----a-w- C:\AdbeRdr70_enu_full.exe
2004-12-24 17:54 . 2004-12-24 17:57 6811904 ----a-w- C:\psa2011se_us.exe
2004-12-24 17:54 . 2004-12-24 17:54 494704 ----a-w- C:\ytb01_efgsip.exe
2002-12-21 17:30 . 2003-06-06 03:17 -------- d-----w- C:\WUTemp
2002-12-01 15:20 . 2002-12-04 03:24 -------- d-----w- C:\My Music
2002-09-28 15:14 . 2002-09-28 15:14 -------- d-----w- C:\SIERRA
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-07 03:24 . 2001-08-23 12:00 96480 ----a-w- c:\windows\system32\cdm.dll
2005-05-03 20:58 . 2001-08-23 12:00 884736 ----a-w- c:\windows\system32\msimsg.dll
2005-05-03 20:58 . 2001-08-23 12:00 78848 ----a-w- c:\windows\system32\msiexec.exe
2005-05-03 20:58 . 2001-08-23 12:00 2890240 ----a-w- c:\windows\system32\msi.dll
2005-05-03 20:58 . 2001-08-23 12:00 271360 ----a-w- c:\windows\system32\msihnd.dll
2005-05-03 20:58 . 2001-08-23 12:00 15360 ----a-w- c:\windows\system32\msisip.dll
2004-08-04 00:54 . 2001-08-23 12:00 1648384 ----a-w- c:\windows\system32\win32k.sys
2004-07-01 22:08 . 2002-01-22 21:51 361984 ----a-w- c:\windows\system32\qmgr.dll
2004-06-17 17:55 . 2001-08-23 12:00 528896 ----a-w- c:\windows\system32\user32.dll
2004-06-17 17:55 . 2001-08-23 12:00 48128 ----a-w- c:\windows\system32\basesrv.dll
2004-06-17 17:55 . 2001-08-23 12:00 272896 ----a-w- c:\windows\system32\winsrv.dll
2004-06-17 17:55 . 2001-08-23 12:00 241664 ----a-w- c:\windows\system32\gdi32.dll
2004-06-17 17:00 . 2001-08-17 13:48 1903872 ----a-w- c:\windows\system32\ntkrnlpa.exe
2004-06-17 17:00 . 2001-08-23 12:00 1881856 ----a-w- c:\windows\system32\ntoskrnl.exe
2004-06-14 18:27 . 2001-08-23 12:00 395264 ----a-w- c:\windows\system32\ntvdm.exe
2004-05-12 22:15 . 2001-08-23 12:00 430592 ----a-w- c:\windows\system32\winlogon.exe
2004-04-09 19:56 . 2004-04-09 19:56 726528 ----a-w- c:\windows\pchealth\HELPCTR\Binaries\helpctr.exe
2004-03-30 01:25 . 2001-08-23 12:00 136704 ----a-w- c:\windows\system32\schannel.dll
2004-03-30 01:25 . 2001-08-23 12:00 969216 ----a-w- c:\windows\system32\msgina.dll
2004-03-30 01:25 . 2001-08-23 12:00 51712 ----a-w- c:\windows\system32\msasn1.dll
2004-03-30 00:25 . 2001-08-23 12:00 648192 ----a-w- c:\windows\system32\lsasrv.dll
2004-02-27 04:30 . 2004-02-27 04:30 16896 ------w- c:\windows\pchealth\HELPCTR\Binaries\hscupd.exe
2003-10-21 22:42 . 2001-08-23 12:00 119808 ----a-w- c:\windows\system32\wkssvc.dll
2003-07-23 19:15 . 2001-08-23 12:00 149120 ----a-w- c:\windows\system32\drivers\netbt.sys
2003-05-02 19:03 . 2001-08-23 12:00 651264 ----a-w- c:\windows\system32\ntdll.dll
2003-03-28 23:02 . 2001-08-23 12:00 322304 ----a-w- c:\windows\system32\drivers\srv.sys
2002-11-18 19:17 . 2001-08-23 12:00 391936 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2002-10-02 02:43 . 2001-08-23 12:00 46208 ----a-w- c:\windows\system32\drivers\raspptp.sys
2002-09-30 20:25 . 2002-09-30 20:25 94208 ----a-w- c:\windows\pchealth\HELPCTR\Binaries\pchshell.dll
2002-09-30 20:25 . 2002-09-30 20:25 33280 ----a-w- c:\windows\pchealth\HELPCTR\Binaries\pchsvc.dll
2002-09-24 02:03 . 2002-09-24 02:03 145408 ----a-w- c:\windows\pchealth\HELPCTR\Binaries\msconfig.exe
2002-09-24 02:02 . 2002-09-24 02:02 696832 ----a-w- c:\windows\pchealth\HELPCTR\Binaries\helpsvc.exe
2002-07-17 17:09 . 2001-08-23 12:00 172664 ----a-w- c:\windows\system32\xenroll.dll
2002-03-25 21:01 . 2002-03-25 21:01 1801216 ----a-w- c:\windows\apppatch\AcGenral.dll
2002-03-25 21:01 . 2002-03-25 21:01 107520 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2002-03-25 21:01 . 2002-03-25 21:01 207360 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2002-03-25 21:01 . 2002-03-25 21:01 382976 ----a-w- c:\windows\apppatch\AcLayers.dll
2002-03-05 03:09 . 2002-03-05 03:09 548864 ----a-w- c:\windows\system32\shdoclc.dll
2002-02-26 21:58 . 2002-02-26 21:58 462906 ----a-w- c:\windows\system32\vbscript.dll
2002-02-15 23:59 . 2002-02-15 23:59 1120768 ----a-w- c:\windows\system32\msxml3.dll
2002-02-13 05:03 . 2002-02-13 05:03 16896 ----a-w- c:\windows\system32\snmpapi.dll
2002-02-13 05:02 . 2002-02-13 05:02 39424 ----a-w- c:\windows\system32\wsnmp32.dll
2002-02-13 01:14 . 2002-02-13 01:14 630784 ----a-w- c:\windows\system32\rasdlg.dll
2002-02-13 01:14 . 2002-02-13 01:14 13824 ----a-w- c:\windows\system32\rassapi.dll
2002-02-13 01:14 . 2002-02-13 01:14 218112 ----a-w- c:\windows\system32\rasapi32.dll
2002-01-30 21:58 . 2001-08-23 12:00 516480 ----a-w- c:\windows\system32\drivers\ntfs.sys
2001-08-23 12:00 94784 --sh--w- c:\windows\twain.dll
2001-08-23 12:00 46592 --sh--w- c:\windows\twain_32.dll
2001-08-23 12:00 995383 --sh--w- c:\windows\system32\mfc42.dll
2001-08-23 12:00 50688 --sh--w- c:\windows\system32\msvcirt.dll
2001-08-23 12:00 401462 --sh--w- c:\windows\system32\msvcp60.dll
2001-08-23 12:00 569344 --sh--w- c:\windows\system32\oleaut32.dll
2001-08-23 12:00 9728 --sh--w- c:\windows\system32\regsvr32.exe
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\0f8b18aa20fa96676204a1511bfe7d2b\d3d9.dll
[7] 2004-08-04 . D67BDBBDA86CC9AEEBBAF3217C1717D8 . 1689088 . . [5.03.2600.2180] . . c:\windows\SoftwareDistribution\Download\6ca7b3a8efd5a9b6f87fff395a2eb989\d3d9.dll
[-] 2004-07-09 12:27 . 0E51BD586D186F61A9E4453DB8AEC774 . 1703936 . . [5.3.0000001.0904 built by: private/Lab06_dev(DXBLD00)] . . c:\windows\system32\d3d9.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware "= "c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2011-01-13 2424560]
"swg "= "c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2012-11-05 39408]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiS7012Utility "= "c:\windows\System32\SiSAudUt.exe" [2002-01-22 290816]
"SiS Tray "= "c:\windows\System32\sistray.EXE" [2001-12-24 327680]
"SiS KHooker "= "c:\windows\System32\khooker.exe" [2002-01-25 290816]
"Adobe Photo Downloader "= "c:\program files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe" [2005-06-07 57344]
"avast "= "c:\program files\AVAST Software\Avast\avastUI.exe" [2012-10-30 4297136]
.
c:\documents and settings\Jim\Start Menu\Programs\Startup\
Reboot.exe [2002-3-20 382464]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} "= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
R1 aswSP;aswSP;c:\windows\system32\drivers\aswSP.sys [11/4/2012 8:58 PM 361032]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2/17/2010 11:25 AM 12872]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/10/2010 11:41 AM 67656]
R2 ousbehci;%OWC_USBEHCD.DeviceDesc%;c:\windows\system32\drivers\ousbehci.sys [4/12/2002 4:25 PM 29568]
R3 EnEDev;EnE Device Service;c:\windows\system32\drivers\EnEDev.sys [4/12/2002 5:32 PM 6101]
R3 ousb2hub;OrangeWare USB 2.0 Root Hub Support;c:\windows\system32\drivers\ousb2hub.sys [4/12/2002 4:25 PM 42752]
R3 SiS7012;Service for AC'97 Sample Driver (WDM);c:\windows\system32\drivers\sis7012.sys [4/12/2002 5:41 PM 166656]
R3 WBFIRDMA;Winbond Infrared Device Driver;c:\windows\system32\drivers\wbfirdma.sys [4/12/2002 10:10 AM 35871]
.
Contents of the 'Scheduled Tasks' folder
.
2002-04-16 c:\windows\Tasks\avast! Emergency Update.job
- c:\program files\AVAST Software\Avast\AvastEmUpdate.exe [2012-11-05 22:50]
.
2002-04-16 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 03:58]
.
2012-11-13 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2012-11-05 03:58]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://yahoo.com/
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
TCP: DhcpNameServer = 192.168.1.254
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2002-04-16 08:16
Windows 5.1.2600 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(628)
c:\windows\system32\ODBC32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
- - - - - - - > 'lsass.exe'(684)
c:\windows\system32\RASAPI32.dll
c:\windows\System32\dssenh.dll
.
- - - - - - - > 'explorer.exe'(2700)
c:\windows\system32\RASAPI32.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\AVAST Software\Avast\AvastSvc.exe
c:\program files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
c:\windows\system32\UStorSrv.exe
c:\windows\System32\WgaTray.exe
.
**************************************************************************
.
Completion time: 2002-04-16 08:24:26 - machine was rebooted
ComboFix-quarantined-files.txt 2002-04-16 15:24
ComboFix2.txt 2002-04-11 09:00
.
Pre-Run: 20,909,006,848 bytes free
Post-Run: 21,024,354,304 bytes free
.
- - End Of File - - 390B24EC8F229E158921C43C1EF4213A

broni · 2012/11/21

Very good

How is computer doing?

==============================

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Delete.

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next...

Double click on adwcleaner.exe to run the tool.

Click on Uninstall.

Confirm with yes.

============================

Download OTL to your Desktop.
Alternate download: http://www.itxassociates.com/OT-Tools/OTL.exe

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.

Click the Scan All Users checkbox.

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

oldmanjim · 2012/11/21

# AdwCleaner v2.008 - Logfile created 04/16/2002 at 09:58:33
# Updated 17/11/2012 by Xplode
# Operating system : Microsoft Windows XP (32 bits)
# User : Jim - WINDOWSXP
# Boot Mode : Normal
# Running from : C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
# Option [Delete]

***** [Services] *****

***** [Files / Folders] *****

***** [Registry] *****

Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\New.net
Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\SaveNow

***** [Internet Browsers] *****

-\\ Internet Explorer v6.0.2600.0000

[OK] Registry is clean.

*************************

AdwCleaner[R1].txt - [823 octets] - [16/04/2002 09:57:49]
AdwCleaner[S1].txt - [759 octets] - [16/04/2002 09:58:33]

########## EOF - C:\AdwCleaner[S1].txt - [818 octets] ##########

oldmanjim · 2012/11/21

OTL logfile created on: 4/16/2002 10:05:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 174.46 Mb Available Physical Memory | 36.39% Memory free
1.10 Gb Paging File | 0.86 Gb Available in Paging File | 78.18% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 19.59 Gb Free Space | 52.59% Space Free | Partition Type: NTFS

Computer Name: WINDOWSXP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/10/30 15:50:59 | 004,297,136 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/01/13 08:41:38 | 002,424,560 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2007/12/03 19:24:58 | 001,252,232 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/12/14 05:44:06 | 000,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2004/09/20 01:29:48 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\system32\UStorSrv.exe
PRC - [2002/04/16 09:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
PRC - [2002/01/24 18:30:48 | 000,290,816 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\khooker.exe
PRC - [2002/01/22 00:18:42 | 000,290,816 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\SISAUDUT.EXE
PRC - [2001/12/24 09:31:26 | 000,327,680 | R--- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2001/08/23 05:00:00 | 001,000,960 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (No Company Name) ==========

MOD - [2012/11/21 14:10:44 | 002,032,640 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\12112101\algo.dll
MOD - [2011/01/30 19:09:44 | 000,063,488 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10006.dll
MOD - [2011/01/30 19:09:29 | 000,117,760 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
MOD - [2011/01/30 18:40:30 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10005.dll
MOD - [2007/12/03 19:24:58 | 001,252,232 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
MOD - [2007/12/03 19:24:58 | 000,362,376 | ---- | M] () -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcnet.dll
MOD - [2004/09/20 01:13:28 | 000,139,264 | ---- | M] () -- C:\WINDOWS\system32\OPDSL.DLL
MOD - [2002/04/16 10:02:57 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\SD10007.dll

========== Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- %SYSTEMROOT%\system32\wscsvc.dll -- (wscsvc)
SRV - File not found [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe /h ccCommon -- (CLTNetCnService)
SRV - [2012/10/30 15:50:59 | 000,044,808 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/12/03 19:24:58 | 001,252,232 | ---- | M] () [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe -- (Symantec Core LC)
SRV - [2004/09/20 01:29:48 | 000,139,264 | ---- | M] (OTi) [Auto | Running] -- C:\WINDOWS\System32\UStorSrv.exe -- (UStorage Server Service)
SRV - [2001/08/23 05:00:00 | 000,047,104 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\mspmspsv.dll -- (WmdmPmSp)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | System | Stopped] -- system32\drivers\srvkp.sys -- (SiSkp)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (AswRdr)
DRV - [2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2010/05/10 11:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/17 11:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2006/10/04 19:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 19:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/02/09 19:53:07 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2002/04/11 11:47:52 | 000,011,136 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ipfilter.sys -- (IPFilter)
DRV - [2002/02/28 23:22:50 | 000,042,752 | R--- | M] (OrangeWare Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ousb2hub.sys -- (ousb2hub)
DRV - [2002/02/28 23:22:50 | 000,029,568 | R--- | M] (OrangeWare Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ousbehci.sys -- (ousbehci)
DRV - [2002/02/12 20:27:30 | 000,166,419 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2002/02/12 20:26:54 | 001,171,584 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2002/02/12 20:20:46 | 000,594,032 | R--- | M] (Conexant Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2002/02/03 21:02:18 | 000,006,101 | R--- | M] (EnE Technology Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\EnEDev.sys -- (EnEDev)
DRV - [2002/01/31 21:02:48 | 000,177,152 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2002/01/17 01:18:06 | 000,166,656 | R--- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sis7012.sys -- (SiS7012)
DRV - [2001/08/17 06:28:12 | 000,488,383 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_V124.sys -- (V124)
DRV - [2001/08/17 06:28:12 | 000,050,751 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_TONE.sys -- (Tones)
DRV - [2001/08/17 06:28:10 | 000,542,879 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_MSFT.sys -- (hsf_msft)
DRV - [2001/08/17 06:28:10 | 000,057,471 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_SAMP.sys -- (Rksample)
DRV - [2001/08/17 06:28:08 | 000,391,199 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_K56K.sys -- (K56)
DRV - [2001/08/17 06:28:06 | 000,289,887 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FALL.sys -- (Fallback)
DRV - [2001/08/17 06:28:06 | 000,199,711 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FAXX.sys -- (SoftFax)
DRV - [2001/08/17 06:28:06 | 000,115,807 | ---- | M] (Conexant) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\HSF_FSKS.sys -- (Fsks)
DRV - [2001/08/17 06:28:04 | 000,067,167 | ---- | M] (Conexant) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\HSF_BSC2.sys -- (basic2)
DRV - [2001/08/17 05:12:46 | 000,031,232 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2001/08/17 05:10:30 | 000,035,871 | ---- | M] (Winbond Electronics Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wbfirdma.sys -- (WBFIRDMA)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\..\SearchScopes,DefaultScope =

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.windowsbbs.com/search.php?searchid=3380
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\SearchScopes,DefaultScope =
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.123\npGoogleUpdate3.dll (Google Inc.)

O1 HOSTS File: ([2002/04/16 08:15:48 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Companion) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\ycomp5_5_7_0.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [SiS KHooker] C:\WINDOWS\system32\khooker.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiS Tray] C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SiS7012Utility] C:\WINDOWS\System32\SiSAudUt.exe (Silicon Integrated Systems Corporation)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Reboot.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/D/0/D/D0DD87DA-994F-4334-8B55-AF2E4D98ED0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1199238910254 (MUWebControl Class)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/x86/unicode/iuctl.CAB?37611.3868981482 (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{3D5E0CD4-4DBF-4EFB-899C-5F921C40B54D}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\vnd.ms.radio {3DA2AA3B-3D96-11D2-9BD2-204C4F4F5020} - C:\WINDOWS\system32\msdxm.ocx ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O24 - Desktop WallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/04/12 17:20:11 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)

========== Files/Folders - Created Within 30 Days ==========

[2012/11/11 20:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop\tdsskiller
[2012/11/07 22:11:18 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2012/11/04 22:09:31 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Videos
[2012/11/04 22:09:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Administrative Tools
[2012/11/04 21:24:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SIW
[2012/11/04 21:24:08 | 000,000,000 | ---D | C] -- C:\Program Files\SIW 2011 Home Edition
[2012/11/04 21:00:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google
[2012/11/04 20:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2012/11/04 20:58:13 | 000,361,032 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/11/04 20:58:06 | 000,035,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/11/04 20:58:03 | 000,054,232 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/11/04 20:57:56 | 000,097,608 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/11/04 20:57:56 | 000,089,752 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/11/04 20:57:53 | 000,025,256 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/11/04 20:51:35 | 000,041,224 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/11/04 20:51:27 | 000,227,648 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/11/04 20:48:14 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2012/11/04 20:48:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2012/11/04 20:26:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Malwarebytes
[2012/11/04 20:25:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2012/11/04 20:25:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2012/11/04 20:25:50 | 000,020,552 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2012/11/04 20:25:50 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2012/11/04 20:23:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Downloads
[2011/01/30 18:39:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/01/30 18:39:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\SUPERAntiSpyware.com
[2011/01/30 18:39:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/01/30 18:39:43 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2008/11/09 13:14:30 | 000,139,264 | ---- | C] (OTi) -- C:\WINDOWS\System32\UStorSrv.exe
[2008/04/05 21:41:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IOSUBSYS
[2008/04/05 21:22:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\My Google Gadgets
[2008/04/05 21:19:46 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2008/01/08 21:31:11 | 000,000,000 | R--D | C] -- C:\$VAULT$.AVG
[2008/01/08 20:36:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AVG7
[2008/01/08 20:35:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2008/01/08 20:35:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\avg7
[2008/01/08 20:01:01 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2
[2008/01/01 18:59:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2007/12/18 19:26:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\U3
[2007/12/03 19:18:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\LogFiles
[2007/12/03 19:18:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\Minidump
[2007/10/02 18:03:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2007/10/02 17:52:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\InstallShield
[2007/10/02 17:49:48 | 000,000,000 | ---D | C] -- C:\Program Files\epson
[2007/08/04 08:03:32 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2007/08/04 07:46:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Apple
[2007/07/08 17:12:32 | 000,000,000 | ---D | C] -- C:\Software
[2007/03/31 17:37:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Apple Computer
[2007/03/31 17:37:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Apple Computer
[2007/03/31 16:57:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2006/06/16 19:45:36 | 008,771,968 | ---- | C] (Webroot Software, Inc. ) -- C:\Documents and Settings\Jim\My Documents\sspsetup1_1873063522.exe
[2006/04/14 16:43:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Lavasoft
[2006/04/14 16:43:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Lavasoft Ad-Aware SE Personal
[2006/04/14 16:43:38 | 000,000,000 | ---D | C] -- C:\Program Files\Lavasoft
[2006/02/27 19:07:28 | 008,771,968 | ---- | C] (Webroot Software, Inc. ) -- C:\Documents and Settings\Jim\My Documents\sspsetup1_1852577876.exe
[2006/02/26 21:03:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\My Received Files
[2006/02/26 08:18:19 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2006/02/26 07:59:35 | 008,771,968 | ---- | C] (Webroot Software, Inc. ) -- C:\Documents and Settings\Jim\My Documents\sspsetup1_1852139014.exe
[2006/02/09 20:32:29 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[2006/02/09 20:31:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Acrobat 4.0
[2006/02/09 20:31:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\Profiles
[2006/02/09 20:02:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Symantec
[2006/02/09 19:53:07 | 000,010,344 | ---- | C] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2006/02/09 19:44:16 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$MSI31Uninstall_KB893803v2$
[2006/01/01 19:29:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\RegisteredPackages
[2005/12/29 19:22:59 | 000,271,936 | ---- | C] (Webroot Software, Inc.) -- C:\WINDOWS\WRUninstall.dll
[2005/12/21 21:07:46 | 000,765,952 | ---- | C] (Gracenote) -- C:\WINDOWS\System32\CDDBUI.dll
[2005/12/21 21:04:26 | 000,651,264 | ---- | C] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControl.dll
[2005/11/30 18:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Google
[2005/11/30 18:42:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Google
[2005/11/30 18:41:33 | 000,000,000 | ---D | C] -- C:\Program Files\Google
[2005/10/11 18:48:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Leadertech
[2005/10/09 07:20:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AdobeAUM
[2005/06/26 20:05:11 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\SoftwareDistribution
[2005/05/04 18:22:16 | 000,000,000 | ---D | C] -- C:\Program Files\UPD
[2005/04/24 08:07:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\cdmweb
[2005/02/06 19:36:23 | 000,000,000 | ---D | C] -- C:\Garmin
[2005/02/06 19:36:22 | 001,089,536 | ---- | C] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2005/02/06 19:36:22 | 000,049,152 | ---- | C] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2005/02/05 20:43:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\AdobeUM
[2004/12/24 11:20:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Adobe
[2004/12/24 11:09:31 | 000,000,000 | ---D | C] -- C:\Program Files\Adobe
[2004/12/24 11:09:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2004/12/24 11:09:07 | 000,000,000 | ---D | C] -- C:\WINDOWS\Downloaded Installations
[2004/12/24 11:08:56 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2004/12/24 10:57:31 | 020,798,256 | ---- | C] (Netopsystems AG ) -- C:\AdbeRdr70_enu_full.exe
[2004/12/24 10:54:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Adobe
[2004/12/24 10:54:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe
[2004/12/24 10:54:31 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe
[2004/10/30 06:54:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Macromedia
[2004/10/13 19:57:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$hf_mig$
[2004/09/13 19:58:17 | 000,000,000 | ---D | C] -- C:\Program Files\KOptimizer
[2004/09/03 19:28:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\bits
[2004/08/28 12:25:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\SoftwareDistribution
[2003/11/24 12:42:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\Katie's ****
[2003/04/27 11:46:11 | 000,000,000 | ---D | C] -- C:\Program Files\AWS
[2003/01/17 21:15:12 | 000,022,139 | R--- | C] (Hewlett Packard) -- C:\WINDOWS\System32\hpocoi08.dll
[2003/01/17 21:15:12 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2003/01/12 19:54:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2003/01/12 19:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Learn Microsoft® Windows XP
[2003/01/12 19:53:56 | 000,000,000 | ---D | C] -- C:\Program Files\winxp
[2003/01/11 20:12:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Share-to-Web Upload Folder
[2003/01/11 20:11:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Readiris
[2003/01/11 20:09:37 | 000,000,000 | ---D | C] -- C:\Program Files\Hewlett-Packard
[2003/01/11 20:08:29 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2002/12/21 10:30:10 | 000,000,000 | ---D | C] -- C:\WUTemp
[2002/12/20 19:37:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\interMute
[2002/12/03 20:26:37 | 000,045,056 | ---- | C] (Roxio) -- C:\WINDOWS\System32\cdrtc.dll
[2002/12/03 20:26:37 | 000,045,056 | ---- | C] (Roxio) -- C:\WINDOWS\System32\cdral.dll
[2002/12/03 20:26:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Adaptec Shared
[2002/12/03 20:26:32 | 002,855,926 | ---- | C] (Roxio) -- C:\WINDOWS\System32\enginst1.exe
[2002/12/01 08:21:09 | 000,000,000 | ---D | C] -- C:\Program Files\MoodLogic
[2002/12/01 08:20:26 | 000,000,000 | ---D | C] -- C:\My Music
[2002/12/01 08:19:36 | 000,000,000 | ---D | C] -- C:\Program Files\Real
[2002/12/01 08:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Real
[2002/12/01 08:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Real
[2002/10/24 18:47:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\My Documents\My Albums
[2002/10/19 07:56:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\My Picture Slideshow
[2002/10/18 19:27:41 | 000,140,800 | ---- | C] (The Duck Corporation) -- C:\WINDOWS\System32\tm20dec.ax
[2002/10/18 19:27:07 | 000,212,480 | ---- | C] (Eastman Kodak) -- C:\WINDOWS\System32\pcdlib32.dll
[2002/10/18 19:26:03 | 000,000,000 | ---D | C] -- C:\Program Files\ArcSoft
[2002/10/18 19:19:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2002/10/18 19:14:33 | 000,000,000 | ---D | C] -- C:\Program Files\Canon
[2002/10/07 19:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Help
[2002/10/07 19:07:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Help
[2002/10/07 18:45:15 | 000,000,000 | --SD | C] -- C:\WINDOWS\System32\Microsoft
[2002/10/07 18:44:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Symantec
[2002/10/07 18:44:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2002/10/07 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Symantec Shared
[2002/10/07 18:44:28 | 000,000,000 | ---D | C] -- C:\Program Files\Norton AntiVirus
[2002/10/02 19:23:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$xpsp1hfm$
[2002/09/29 08:03:07 | 000,086,016 | ---- | C] (MindVision Software) -- C:\WINDOWS\unvise32.exe
[2002/09/29 08:02:32 | 000,000,000 | ---D | C] -- C:\Program Files\Kazaa
[2002/09/28 08:14:57 | 000,000,000 | ---D | C] -- C:\SIERRA
[2002/09/28 07:49:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Identities
[2002/09/26 18:54:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\ahead Nero
[2002/09/26 18:53:14 | 000,000,000 | ---D | C] -- C:\Program Files\ahead
[2002/09/26 18:50:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt
[2002/08/18 14:41:31 | 000,000,000 | ---D | C] -- C:\Program Files\Cosmi
[2002/08/18 14:41:16 | 000,299,520 | ---- | C] (InstallShield Corporation, Inc.) -- C:\WINDOWS\uninst.exe
[2002/08/17 16:35:32 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Hardware
[2002/08/08 18:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\InterVideo
[2002/08/08 18:17:38 | 000,000,000 | ---D | C] -- C:\Program Files\InterVideo
[2002/08/08 18:17:35 | 000,000,000 | -H-D | C] -- C:\Program Files\InstallShield Installation Information
[2002/08/06 06:29:13 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\My Documents\My Videos
[2002/04/16 08:10:28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2002/04/12 17:43:56 | 000,000,000 | ---D | C] -- C:\Program Files\CONEXANT
[2002/04/12 17:41:28 | 000,078,948 | R--- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\a3d.dll
[2002/04/12 17:41:28 | 000,078,948 | ---- | C] (Aureal Semiconductor) -- C:\WINDOWS\System32\dllcache\a3d.dll
[2002/04/12 17:41:28 | 000,000,000 | ---D | C] -- C:\Program Files\SiS7012
[2002/04/12 17:36:35 | 000,000,000 | ---D | C] -- C:\Program Files\directx
[2002/04/12 17:36:17 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ReinstallBackups
[2002/04/12 17:36:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\SiSAGP
[2002/04/12 17:35:31 | 000,000,000 | ---D | C] -- C:\WINDOWS\SiS
[2002/04/12 17:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SiS 650
[2002/04/12 17:35:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\trayres
[2002/04/12 17:34:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\SiSInf
[2002/04/12 17:34:59 | 000,000,000 | ---D | C] -- C:\Program Files\SiS Compatible VGA V2.06
[2002/04/12 17:32:59 | 000,006,101 | R--- | C] (EnE Technology Inc.) -- C:\WINDOWS\System32\drivers\EnEDev.sys
[2002/04/12 17:32:30 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Tools
[2002/04/12 17:32:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield
[2002/04/12 17:28:34 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jim\UserData
[2002/04/12 17:25:58 | 000,000,000 | -HSD | C] -- C:\WINDOWS\Installer
[2002/04/12 17:25:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Application Data\Identities
[2002/04/12 17:25:41 | 000,000,000 | -H-D | C] -- C:\Program Files\Uninstall Information
[2002/04/12 17:25:40 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\My Documents\My Music
[2002/04/12 17:25:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\My Documents\My Pictures
[2002/04/12 17:25:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Local Settings\Application Data\Microsoft
[2002/04/12 17:25:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jim\Application Data\Microsoft
[2002/04/12 17:25:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Jim\Cookies
[2002/04/12 17:25:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\SendTo
[2002/04/12 17:25:36 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Jim\Recent
[2002/04/12 17:25:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup
[2002/04/12 17:25:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\My Documents
[2002/04/12 17:25:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\Favorites
[2002/04/12 17:25:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Jim\Start Menu\Programs\Accessories
[2002/04/12 17:25:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Templates
[2002/04/12 17:25:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\PrintHood
[2002/04/12 17:25:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\NetHood
[2002/04/12 17:25:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Local Settings
[2002/04/12 17:25:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Jim\Application Data
[2002/04/12 17:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Start Menu
[2002/04/12 17:25:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Jim\Desktop
[2002/04/12 17:24:37 | 000,000,000 | -HSD | C] -- C:\System Volume Information
[2002/04/12 17:24:34 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2002/04/12 17:24:32 | 000,000,000 | --SD | C] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2002/04/12 17:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2002/04/12 17:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2002/04/12 17:24:31 | 000,000,000 | --SD | C] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2002/04/12 17:22:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2002/04/12 17:22:43 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2002/04/12 17:22:43 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw330ext.dll
[2002/04/12 17:21:15 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2002/04/12 17:20:41 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\xircom
[2002/04/12 17:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\xerox
[2002/04/12 17:20:41 | 000,000,000 | ---D | C] -- C:\Program Files\microsoft frontpage
[2002/04/12 17:18:51 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\DRM
[2002/04/12 17:18:37 | 000,000,000 | --SD | C] -- C:\WINDOWS\Downloaded Program Files
[2002/04/12 17:18:37 | 000,000,000 | R--D | C] -- C:\WINDOWS\Offline Web Pages
[2002/04/12 17:18:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\srchasst
[2002/04/12 17:17:58 | 000,405,504 | ---- | C] (Macromedia, Inc.) -- C:\WINDOWS\System32\dllcache\swflash.ocx
[2002/04/12 17:17:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Macromed
[2002/04/12 17:17:58 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\DirectX
[2002/04/12 17:17:44 | 000,000,000 | ---D | C] -- C:\Program Files\Movie Maker
[2002/04/12 17:17:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Restore
[2002/04/12 17:17:15 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Media Player
[2002/04/12 17:17:11 | 000,000,000 | ---D | C] -- C:\Program Files\NetMeeting
[2002/04/12 17:17:10 | 000,000,000 | ---D | C] -- C:\WINDOWS\PCHEALTH
[2002/04/12 17:17:09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Services
[2002/04/12 17:17:04 | 000,000,000 | --SD | C] -- C:\WINDOWS\Tasks
[2002/04/12 17:17:04 | 000,000,000 | ---D | C] -- C:\Program Files\Outlook Express
[2002/04/12 17:17:00 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\MSSoap
[2002/04/12 17:16:56 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\System
[2002/04/12 17:16:51 | 000,000,000 | ---D | C] -- C:\Program Files\Internet Explorer
[2002/04/12 17:16:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Pictures
[2002/04/12 17:16:49 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents\My Music
[2002/04/12 17:16:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2002/04/12 17:16:04 | 000,000,000 | ---D | C] -- C:\Program Files\ComPlus Applications
[2002/04/12 17:15:54 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2002/04/12 17:15:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\Registration
[2002/04/12 17:15:43 | 000,000,000 | -H-D | C] -- C:\Program Files\WindowsUpdate
[2002/04/12 17:15:43 | 000,000,000 | ---D | C] -- C:\Program Files\Online Services
[2002/04/12 17:15:35 | 000,000,000 | ---D | C] -- C:\Program Files\Messenger
[2002/04/12 17:15:28 | 000,000,000 | ---D | C] -- C:\Program Files\MSN
[2002/04/12 17:15:24 | 000,000,000 | ---D | C] -- C:\Program Files\MSN Gaming Zone
[2002/04/12 17:15:21 | 000,272,896 | ---- | C] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2002/04/12 17:15:13 | 000,000,000 | ---D | C] -- C:\Program Files\Windows NT
[2002/04/12 17:15:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MsDtc
[2002/04/12 17:14:57 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Com
[2002/04/12 17:12:23 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2002/04/12 16:26:59 | 000,042,752 | R--- | C] (OrangeWare Corporation) -- C:\WINDOWS\System32\ousb2hub.sys
[2002/04/12 16:25:55 | 000,042,752 | R--- | C] (OrangeWare Corporation) -- C:\WINDOWS\System32\drivers\ousb2hub.sys
[2002/04/12 16:25:55 | 000,029,568 | R--- | C] (OrangeWare Corporation) -- C:\WINDOWS\System32\drivers\ousbehci.sys
[2002/04/12 10:10:27 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\drivers\wbfirdma.sys
[2002/04/12 10:10:10 | 000,031,232 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\drivers\sisnic.sys
[2002/04/12 10:08:30 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2002/04/12 10:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\SpeechEngines
[2002/04/12 10:08:26 | 000,000,000 | ---D | C] -- C:\Program Files
[2002/04/12 10:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Microsoft Shared
[2002/04/12 10:08:26 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files
[2002/04/12 10:07:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2002/04/12 10:07:57 | 000,000,000 | R--D | C] -- C:\Documents and Settings\All Users\Documents
[2002/04/12 10:07:57 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Templates
[2002/04/12 10:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu
[2002/04/12 10:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Favorites
[2002/04/12 10:07:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Desktop
[2002/04/12 10:07:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot2
[2002/04/12 10:07:44 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\CatRoot
[2002/04/12 10:07:38 | 000,000,000 | --SD | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2002/04/12 10:07:38 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data
[2002/04/12 10:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings
[2002/04/12 10:02:43 | 000,000,000 | R-SD | C] -- C:\WINDOWS\Fonts
[2002/04/12 10:02:43 | 000,000,000 | RHSD | C] -- C:\WINDOWS\System32\dllcache
[2002/04/12 10:02:43 | 000,000,000 | R--D | C] -- C:\WINDOWS\Web
[2002/04/12 10:02:43 | 000,000,000 | -H-D | C] -- C:\WINDOWS\inf
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\WinSxS
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wins
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\wbem
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\usmt
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\twain_32
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\system32
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\system
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\spool
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ShellExt
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Setup
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\security
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Resources
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\repair
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ras
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\oobe
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\npp
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\mui
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\mui
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\msapps
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\msagent
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Media
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\java
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\inetsrv
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\IME
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\ime
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\icsxml
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\ias
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Help
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\export
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\etc
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Driver Cache
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\disdn
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\dhcp
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Debug
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Cursors
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Connection Wizard
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\config
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\Config
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\AppPatch
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\addins
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3com_dmi
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\3076
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\2052
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1054
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1042
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1041
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1037
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1033
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1031
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1028
[2002/04/12 10:02:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\1025
[2002/04/11 03:10:12 | 004,732,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2002/04/11 01:22:15 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2002/04/11 01:18:28 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2002/04/11 01:18:28 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2002/04/11 01:18:28 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2002/04/11 01:18:28 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2002/04/11 01:18:09 | 000,000,000 | ---D | C] -- C:\Qoobox
[2002/04/11 01:17:36 | 000,000,000 | ---D | C] -- C:\WINDOWS\erdnt
[2002/04/11 01:16:12 | 005,004,435 | R--- | C] (Swearware) -- C:\Documents and Settings\Jim\Desktop\ComboFix.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

oldmanjim · 2012/11/21

========== Files - Modified Within 30 Days ==========

[2012/11/12 23:09:14 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/11 20:49:59 | 002,195,061 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\tdsskiller.zip
[2012/11/11 20:49:22 | 000,673,280 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\RogueKiller.exe
[2012/11/04 23:40:23 | 000,012,800 | ---- | M] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/11/04 21:24:27 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\SIW.lnk
[2012/11/04 20:58:16 | 000,001,689 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/04 20:57:58 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2012/11/04 20:47:07 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\61rlkzbc.exe
[2012/10/30 15:51:58 | 000,361,032 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2012/10/30 15:51:58 | 000,054,232 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2012/10/30 15:51:58 | 000,035,928 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2012/10/30 15:51:57 | 000,097,608 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2012/10/30 15:51:57 | 000,089,752 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2012/10/30 15:51:56 | 000,025,256 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2012/10/30 15:51:07 | 000,041,224 | ---- | M] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2012/10/30 15:50:59 | 000,227,648 | ---- | M] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2012/09/29 20:54:26 | 000,020,552 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/06/25 23:45:56 | 000,256,000 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2011/04/16 15:01:57 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Nero - Burning Rom.lnk
[2011/01/30 21:19:29 | 000,000,142 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/01/30 18:39:50 | 000,001,678 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2011/01/30 18:33:23 | 000,000,799 | ---- | M] () -- C:\WINDOWS\photoimpression.ini
[2011/01/30 18:33:23 | 000,000,029 | ---- | M] () -- C:\WINDOWS\videoimp.ini
[2010/11/07 10:20:24 | 000,208,896 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2009/04/19 21:56:28 | 000,060,416 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2008/01/21 20:02:32 | 000,000,164 | ---- | M] () -- C:\install.dat
[2007/10/04 17:55:23 | 000,000,003 | ---- | M] () -- C:\WINDOWS\Twain001.Mtx
[2007/10/04 17:54:53 | 000,000,156 | ---- | M] () -- C:\WINDOWS\Twunk001.MTX
[2007/10/03 17:17:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\usb
[2007/10/02 17:53:33 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Twunk002.MTX
[2007/10/02 17:49:13 | 000,000,058 | ---- | M] () -- C:\WINDOWS\EPSPRX595.ini
[2007/07/14 18:59:48 | 000,000,000 | ---- | M] () -- C:\WINDOWS\khooker.INI
[2007/07/12 16:28:39 | 000,000,194 | ---- | M] () -- C:\Boot.bak
[2007/04/07 09:21:23 | 000,000,202 | ---- | M] () -- C:\WINDOWS\ScrAntic.ini
[2007/03/01 19:55:44 | 000,271,936 | ---- | M] (Webroot Software, Inc.) -- C:\WINDOWS\WRUninstall.dll
[2006/12/15 10:00:18 | 000,782,538 | ---- | M] () -- C:\IMG_1587.JPG
[2006/10/31 00:10:00 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/09/19 08:25:18 | 000,006,148 | -H-- | M] () -- C:\.DS_Store
[2006/06/16 19:45:36 | 008,771,968 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\Jim\My Documents\sspsetup1_1873063522.exe
[2006/04/14 16:56:34 | 000,000,945 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2006/04/14 16:43:40 | 000,000,841 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk
[2006/02/27 19:07:28 | 008,771,968 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\Jim\My Documents\sspsetup1_1852577876.exe
[2006/02/26 07:59:35 | 008,771,968 | ---- | M] (Webroot Software, Inc. ) -- C:\Documents and Settings\Jim\My Documents\sspsetup1_1852139014.exe
[2006/02/09 19:53:07 | 000,010,344 | ---- | M] (Symantec Corporation) -- C:\WINDOWS\System32\drivers\symlcbrd.sys
[2006/02/09 19:40:41 | 000,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2005/12/21 21:07:46 | 000,765,952 | ---- | M] (Gracenote) -- C:\WINDOWS\System32\CDDBUI.dll
[2005/12/21 21:04:26 | 000,651,264 | ---- | M] (Gracenote, Inc.) -- C:\WINDOWS\System32\CDDBControl.dll
[2005/10/11 21:08:37 | 000,000,000 | ---- | M] () -- C:\winamp.ini
[2005/10/11 20:59:33 | 000,193,776 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/10/09 06:48:18 | 002,080,964 | ---- | M] () -- C:\Imation Disk Manager IV.exe
[2005/09/10 06:06:56 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\Internet.lnk
[2004/12/24 11:11:45 | 000,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2004/12/24 11:09:56 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\dm.ini
[2004/12/24 11:05:25 | 020,798,256 | ---- | M] (Netopsystems AG ) -- C:\AdbeRdr70_enu_full.exe
[2004/12/24 10:54:47 | 000,494,704 | ---- | M] () -- C:\ytb01_efgsip.exe
[2004/10/22 19:21:13 | 000,032,770 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\iCard.jpg
[2004/09/20 01:29:48 | 000,139,264 | ---- | M] (OTi) -- C:\WINDOWS\System32\UStorSrv.exe
[2004/09/20 01:13:28 | 000,139,264 | ---- | M] () -- C:\WINDOWS\System32\OPDSL.DLL
[2004/07/09 05:27:28 | 000,470,528 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2004/07/09 05:27:28 | 000,316,928 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2004/07/09 05:26:40 | 000,354,816 | ---- | M] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/07/09 05:26:40 | 000,354,816 | ---- | M] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2004/07/09 05:26:40 | 000,030,208 | ---- | M] () -- C:\WINDOWS\System32\psisrndr.ax
[2004/07/09 05:26:40 | 000,030,208 | ---- | M] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2004/07/09 05:26:38 | 000,057,856 | ---- | M] () -- C:\WINDOWS\System32\mpeg2data.ax
[2004/07/09 05:26:38 | 000,052,224 | ---- | M] () -- C:\WINDOWS\System32\msdvbnp.ax
[2004/07/09 05:26:38 | 000,052,224 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2004/06/27 04:13:04 | 001,797,319 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\IG3D7279.JPG
[2004/05/12 09:49:24 | 001,089,536 | ---- | M] (eHelp Corporation.) -- C:\WINDOWS\System32\ROBOEX32.DLL
[2004/05/12 09:48:48 | 000,049,152 | ---- | M] (Blue Sky Software Corporation.) -- C:\WINDOWS\System32\INETWH32.dll
[2004/03/03 06:10:00 | 000,073,220 | ---- | M] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2004/03/03 06:10:00 | 000,031,053 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2004/03/03 06:10:00 | 000,029,114 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2004/03/03 06:10:00 | 000,027,417 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2004/03/03 06:10:00 | 000,021,021 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2004/03/03 06:10:00 | 000,015,670 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2004/03/03 06:10:00 | 000,013,280 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2004/03/03 06:10:00 | 000,012,669 | ---- | M] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2004/03/03 06:10:00 | 000,010,673 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2004/03/03 06:10:00 | 000,006,478 | ---- | M] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2004/03/03 06:10:00 | 000,006,478 | ---- | M] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2004/03/03 06:10:00 | 000,006,366 | ---- | M] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2004/03/03 06:10:00 | 000,006,366 | ---- | M] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2004/03/03 06:10:00 | 000,006,226 | ---- | M] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2004/03/03 06:10:00 | 000,004,943 | ---- | M] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2004/03/03 06:10:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2004/03/03 06:10:00 | 000,001,140 | ---- | M] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2004/03/03 06:10:00 | 000,001,137 | ---- | M] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2004/03/03 06:10:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2004/03/03 06:10:00 | 000,001,130 | ---- | M] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2004/03/03 06:10:00 | 000,001,104 | ---- | M] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2003/09/17 13:01:28 | 000,844,048 | ---- | M] () -- C:\WINDOWS\System32\msdxm.ocx
[2003/09/17 13:01:28 | 000,844,048 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2003/08/29 07:36:42 | 000,001,024 | ---- | M] () -- C:\Desktop DB
[2003/08/29 07:36:42 | 000,000,002 | ---- | M] () -- C:\Desktop DF
[2003/05/30 10:00:02 | 001,962,496 | ---- | M] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2003/05/30 10:00:02 | 000,132,608 | ---- | M] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2003/03/13 16:03:42 | 000,005,130 | ---- | M] () -- C:\WINDOWS\System32\dllcache\Q330994.inf
[2003/01/12 15:26:42 | 000,000,020 | ---- | M] () -- C:\WINDOWS\Hposcv07.INI
[2002/12/20 19:32:57 | 000,430,440 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\Q329390_WXP_SP2_ia64_ENU.exe
[2002/12/20 19:32:25 | 000,289,128 | ---- | M] () -- C:\Documents and Settings\Jim\My Documents\Q329390_WXP_SP2_x86_ENU.exe
[2002/12/12 01:14:32 | 001,798,144 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2002/12/12 01:14:32 | 000,733,184 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2002/12/12 01:14:32 | 000,257,024 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2002/12/12 01:14:32 | 000,173,056 | ---- | M] () -- C:\WINDOWS\System32\qasf.dll
[2002/12/12 01:14:32 | 000,173,056 | ---- | M] () -- C:\WINDOWS\System32\dllcache\qasf.dll
[2002/12/12 01:14:32 | 000,136,192 | ---- | M] () -- C:\WINDOWS\System32\mpg2splt.ax
[2002/12/12 01:14:32 | 000,136,192 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2002/12/12 01:14:32 | 000,064,512 | ---- | M] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2002/12/12 01:14:32 | 000,034,304 | ---- | M] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2002/12/12 01:14:32 | 000,013,312 | ---- | M] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2002/12/03 20:26:38 | 000,040,960 | ---- | M] () -- C:\WINDOWS\uneng.exe
[2002/12/03 20:26:37 | 000,045,056 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdrtc.dll
[2002/12/03 20:26:37 | 000,045,056 | ---- | M] (Roxio) -- C:\WINDOWS\System32\cdral.dll
[2002/12/03 20:26:34 | 002,855,926 | ---- | M] (Roxio) -- C:\WINDOWS\System32\enginst1.exe
[2002/10/18 19:27:35 | 000,000,804 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2002/10/18 19:27:34 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2002/10/18 19:27:34 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2002/10/18 19:19:12 | 000,000,388 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2002/10/18 19:16:36 | 000,000,000 | ---- | M] () -- C:\WINDOWS\OPPRIN~1.INI
[2002/09/29 19:10:35 | 000,000,195 | ---- | M] () -- C:\UnInstall.dat
[2002/09/28 08:31:35 | 000,025,065 | ---- | M] () -- C:\WINDOWS\System32\wmpscheme.xml
[2002/09/28 07:58:15 | 000,016,896 | ---- | M] () -- C:\WINDOWS\System32\grwinsthlp.exe
[2002/09/26 18:53:10 | 000,299,552 | ---- | M] () -- C:\WINDOWS\WMSysPrx.prx
[2002/09/23 18:49:24 | 000,070,111 | ---- | M] () -- C:\WINDOWS\System32\dllcache\HSCXPSP1.cab
[2002/08/13 07:10:10 | 000,155,648 | ---- | M] () -- C:\WINDOWS\System32\ssleay32.dll
[2002/08/13 07:09:50 | 000,684,032 | ---- | M] () -- C:\WINDOWS\System32\libeay32.dll
[2002/08/13 06:10:10 | 000,155,648 | ---- | M] () -- C:\WINDOWS\ssleay32.dll
[2002/08/13 06:09:50 | 000,684,032 | ---- | M] () -- C:\WINDOWS\libeay32.dll
[2002/07/16 13:26:09 | 000,310,954 | ---- | M] () -- C:\WINDOWS\ml-cleanup.exe
[2002/04/16 10:01:41 | 000,000,310 | -H-- | M] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2002/04/16 10:01:37 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2002/04/16 10:00:47 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2002/04/16 09:56:52 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Jim\Desktop\OTL.exe
[2002/04/16 09:56:13 | 000,543,531 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
[2002/04/16 08:15:48 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2002/04/16 07:36:46 | 005,004,435 | R--- | M] (Swearware) -- C:\Documents and Settings\Jim\Desktop\ComboFix.exe
[2002/04/15 12:53:51 | 000,002,184 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2002/04/12 17:36:37 | 000,001,235 | ---- | M] () -- C:\SiSUnist.ini
[2002/04/12 17:36:36 | 000,008,887 | ---- | M] () -- C:\SiSSetup1.ini
[2002/04/12 17:26:06 | 000,000,737 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2002/04/12 17:26:05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2002/04/12 17:24:18 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2002/04/12 17:23:24 | 000,000,261 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2002/04/12 17:20:11 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2002/04/12 17:20:11 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2002/04/12 17:20:11 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2002/04/12 17:20:11 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2002/04/12 17:19:55 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2002/04/12 17:16:20 | 000,021,640 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/04/11 11:47:52 | 000,049,152 | ---- | M] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/11 03:41:19 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Jim\Desktop\SystemLook.exe
[2002/04/11 03:10:12 | 004,732,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Jim\Desktop\aswMBR.exe
[2002/04/11 01:50:12 | 000,311,934 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2002/04/11 01:50:12 | 000,040,196 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2002/04/11 01:22:26 | 000,000,310 | RHS- | M] () -- C:\boot.ini
[2002/04/09 18:56:22 | 000,022,139 | R--- | M] (Hewlett Packard) -- C:\WINDOWS\System32\hpocoi08.dll
[2002/03/25 14:02:38 | 000,189,718 | ---- | M] () -- C:\WINDOWS\System32\dllcache\AppHelp.sdb
[2002/03/25 14:02:38 | 000,139,274 | ---- | M] () -- C:\WINDOWS\System32\dllcache\MsiMain.sdb
[2002/03/25 14:02:38 | 000,008,140 | ---- | M] () -- C:\WINDOWS\System32\dllcache\drvmain.sdb
[2002/03/20 21:40:42 | 000,382,464 | ---- | M] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Reboot.exe
[3 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/11/11 20:49:59 | 002,195,061 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\tdsskiller.zip
[2012/11/11 20:49:16 | 000,673,280 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\RogueKiller.exe
[2012/11/04 21:24:27 | 000,000,742 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\SIW.lnk
[2012/11/04 20:58:57 | 000,000,880 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/11/04 20:58:56 | 000,000,876 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/11/04 20:58:16 | 000,001,689 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Free Antivirus.lnk
[2012/11/04 20:58:00 | 000,000,310 | -H-- | C] () -- C:\WINDOWS\tasks\avast! Emergency Update.job
[2012/11/04 20:46:53 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\61rlkzbc.exe
[2011/01/30 21:19:29 | 000,000,142 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/01/30 18:39:50 | 000,001,678 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\SUPERAntiSpyware Free Edition.lnk
[2008/11/09 13:14:31 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\OPDSL.DLL
[2007/10/02 17:53:33 | 000,000,156 | ---- | C] () -- C:\WINDOWS\Twunk001.MTX
[2007/10/02 17:53:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Twunk002.MTX
[2007/10/02 17:53:32 | 000,000,003 | ---- | C] () -- C:\WINDOWS\Twain001.Mtx
[2007/10/02 17:52:36 | 000,073,220 | ---- | C] () -- C:\WINDOWS\System32\EPPICPrinterDB.dat
[2007/10/02 17:52:36 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/10/02 17:52:35 | 000,031,053 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern131.dat
[2007/10/02 17:52:35 | 000,029,114 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern1.dat
[2007/10/02 17:52:35 | 000,027,417 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern121.dat
[2007/10/02 17:52:35 | 000,021,021 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern3.dat
[2007/10/02 17:52:35 | 000,015,670 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern5.dat
[2007/10/02 17:52:35 | 000,013,280 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern2.dat
[2007/10/02 17:52:35 | 000,012,669 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_EN.cfg
[2007/10/02 17:52:35 | 000,010,673 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern4.dat
[2007/10/02 17:52:35 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_FR.cfg
[2007/10/02 17:52:35 | 000,006,366 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_CF.cfg
[2007/10/02 17:52:35 | 000,006,226 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_ES.cfg
[2007/10/02 17:52:35 | 000,004,943 | ---- | C] () -- C:\WINDOWS\System32\EPPICPattern6.dat
[2007/10/02 17:52:35 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_PT.dat
[2007/10/02 17:52:35 | 000,001,140 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_BP.dat
[2007/10/02 17:52:35 | 000,001,137 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_ES.dat
[2007/10/02 17:52:35 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_FR.dat
[2007/10/02 17:52:35 | 000,001,130 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_CF.dat
[2007/10/02 17:52:35 | 000,001,104 | ---- | C] () -- C:\WINDOWS\System32\EPPICPresetData_EN.dat
[2007/10/02 17:52:34 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_PT.cfg
[2007/10/02 17:52:34 | 000,006,478 | ---- | C] () -- C:\WINDOWS\System32\EPPICLocal_BP.cfg
[2007/10/02 17:49:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\EPSPRX595.ini
[2007/07/14 18:59:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\khooker.INI
[2007/07/12 16:28:35 | 000,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2007/07/12 16:28:34 | 000,382,464 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Startup\Reboot.exe
[2007/07/08 17:14:26 | 000,000,002 | ---- | C] () -- C:\Desktop DF
[2007/07/08 17:14:07 | 000,001,024 | ---- | C] () -- C:\Desktop DB
[2007/07/08 17:13:17 | 000,006,148 | -H-- | C] () -- C:\.DS_Store
[2007/04/01 08:17:24 | 000,000,164 | ---- | C] () -- C:\install.dat
[2006/12/29 18:53:38 | 000,684,032 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll
[2006/12/29 18:53:38 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2006/12/16 11:22:40 | 000,782,538 | ---- | C] () -- C:\IMG_1587.JPG
[2006/12/13 18:41:27 | 000,012,800 | ---- | C] () -- C:\Documents and Settings\Jim\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/04/14 16:43:40 | 000,000,841 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Ad-Aware SE Personal.lnk
[2006/01/08 08:12:48 | 000,013,312 | ---- | C] () -- C:\Install Read Me.wri
[2006/01/01 19:27:37 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2006/01/01 19:27:37 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisdecd.dll
[2006/01/01 19:27:37 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\mpeg2data.ax
[2006/01/01 19:27:37 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\msdvbnp.ax
[2006/01/01 19:27:37 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdvbnp.ax
[2006/01/01 19:27:37 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\psisrndr.ax
[2006/01/01 19:27:37 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\psisrndr.ax
[2006/01/01 19:27:33 | 001,798,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedit.dll
[2006/01/01 19:27:33 | 000,733,184 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qedwipes.dll
[2006/01/01 19:27:33 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\qasf.dll
[2006/01/01 19:27:33 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qasf.dll
[2006/01/01 19:27:32 | 001,962,496 | ---- | C] () -- C:\WINDOWS\System32\dllcache\quartz.dll
[2006/01/01 19:27:32 | 000,013,312 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdmo.dll
[2006/01/01 19:27:31 | 000,470,528 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdvd.dll
[2006/01/01 19:27:31 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qdv.dll
[2006/01/01 19:27:31 | 000,257,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\qcap.dll
[2006/01/01 19:27:31 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\mpg2splt.ax
[2006/01/01 19:27:31 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mpg2splt.ax
[2006/01/01 19:27:31 | 000,132,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\devenum.dll
[2006/01/01 19:27:31 | 000,034,304 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mciqtz32.dll
[2006/01/01 19:27:30 | 000,064,512 | ---- | C] () -- C:\WINDOWS\System32\dllcache\amstream.dll
[2005/12/29 19:22:59 | 000,684,032 | ---- | C] () -- C:\WINDOWS\libeay32.dll
[2005/12/29 19:22:59 | 000,155,648 | ---- | C] () -- C:\WINDOWS\ssleay32.dll
[2005/10/11 21:08:37 | 000,000,000 | ---- | C] () -- C:\winamp.ini
[2005/10/11 18:53:30 | 000,002,073 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Photoshop Album Starter Edition 3.0.lnk
[2005/10/09 06:48:18 | 002,080,964 | ---- | C] () -- C:\Imation Disk Manager IV.exe
[2005/09/11 06:23:37 | 000,002,333 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Nero - Burning Rom.lnk
[2005/09/10 06:06:56 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\Internet.lnk
[2004/12/24 11:11:45 | 000,001,810 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Adobe Reader 7.0.lnk
[2004/12/24 10:54:34 | 000,494,704 | ---- | C] () -- C:\ytb01_efgsip.exe
[2004/12/24 10:54:33 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\dm.ini
[2004/10/22 19:21:18 | 000,032,770 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\iCard.jpg
[2004/06/27 18:51:21 | 001,797,319 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\IG3D7279.JPG
[2003/09/17 13:01:28 | 000,844,048 | ---- | C] () -- C:\WINDOWS\System32\msdxm.ocx
[2003/09/17 13:01:28 | 000,844,048 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msdxm.ocx
[2003/03/13 16:03:42 | 000,005,130 | ---- | C] () -- C:\WINDOWS\System32\dllcache\Q330994.inf
[2003/01/17 21:13:52 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5500a.aio
[2003/01/17 21:13:52 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5400a.aio
[2003/01/17 21:13:52 | 000,018,411 | ---- | C] () -- C:\WINDOWS\System32\hpo5300a.aio
[2003/01/11 22:37:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\usb
[2003/01/11 21:57:59 | 000,003,144 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srgb.icm
[2003/01/11 20:12:00 | 000,000,020 | ---- | C] () -- C:\WINDOWS\Hposcv07.INI
[2002/12/20 19:32:54 | 000,430,440 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\Q329390_WXP_SP2_ia64_ENU.exe
[2002/12/20 19:32:24 | 000,289,128 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\Q329390_WXP_SP2_x86_ENU.exe
[2002/12/03 20:26:38 | 000,040,960 | ---- | C] () -- C:\WINDOWS\uneng.exe
[2002/10/23 19:10:39 | 000,000,785 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Windows Messenger.lnk
[2002/10/19 08:00:54 | 001,072,707 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\RESOURCE.00$
[2002/10/19 08:00:54 | 000,102,948 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\INSTALL.EX$
[2002/10/19 08:00:54 | 000,047,616 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\SETUP.EXE
[2002/10/19 08:00:54 | 000,002,910 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\INSTALL.INS
[2002/10/19 08:00:54 | 000,001,461 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\RESOURCE.MAP
[2002/10/19 08:00:54 | 000,000,035 | ---- | C] () -- C:\Documents and Settings\Jim\My Documents\RESOURCE.001
[2002/10/18 19:27:42 | 000,000,799 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2002/10/18 19:27:42 | 000,000,029 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2002/10/18 19:27:29 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2002/10/18 19:27:29 | 000,005,672 | ---- | C] () -- C:\WINDOWS\System32\quartz.vxd
[2002/10/18 19:19:10 | 000,000,388 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2002/10/18 19:16:36 | 000,000,000 | ---- | C] () -- C:\WINDOWS\OPPRIN~1.INI
[2002/09/29 19:10:35 | 000,000,195 | ---- | C] () -- C:\UnInstall.dat
[2002/09/29 19:10:33 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\grwinsthlp.exe
[2002/09/28 08:14:57 | 000,295,952 | ---- | C] () -- C:\WINDOWS\SCRANTIC.SCR
[2002/09/28 08:14:57 | 000,000,202 | ---- | C] () -- C:\WINDOWS\ScrAntic.ini
[2002/09/23 18:49:24 | 000,070,111 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HSCXPSP1.cab
[2002/08/17 16:35:46 | 000,001,990 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mouse Healthy Computing Guide.lnk
[2002/08/17 16:35:46 | 000,001,958 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Mouse.lnk
[2002/04/16 09:56:01 | 000,543,531 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\adwcleaner.exe
[2002/04/12 17:43:56 | 000,146,917 | R--- | C] () -- C:\WINDOWS\System32\drivers\ecs2003.cty
[2002/04/12 17:36:36 | 000,008,887 | ---- | C] () -- C:\SiSSetup1.ini
[2002/04/12 17:36:36 | 000,001,235 | ---- | C] () -- C:\SiSUnist.ini
[2002/04/12 17:34:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis740.bin
[2002/04/12 17:34:59 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\sis650.bin
[2002/04/12 17:34:51 | 000,086,275 | ---- | C] () -- C:\WINDOWS\System32\waitwnd.exe
[2002/04/12 17:34:50 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\setuplib.dll
[2002/04/12 17:26:06 | 000,000,809 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Internet Explorer.lnk
[2002/04/12 17:26:06 | 000,000,737 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2002/04/12 17:26:05 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2002/04/12 17:25:54 | 000,000,780 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Outlook Express.lnk
[2002/04/12 17:25:52 | 000,000,804 | ---- | C] () -- C:\Documents and Settings\Jim\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Media Player.lnk
[2002/04/12 17:25:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Jim\Start Menu\Programs\Remote Assistance.lnk
[2002/04/12 17:24:18 | 000,008,192 | ---- | C] () -- C:\WINDOWS\REGLOCS.OLD
[2002/04/12 17:23:24 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2002/04/12 17:22:35 | 000,294,975 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2002/04/12 17:22:08 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2002/04/12 17:21:59 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2002/04/12 17:21:58 | 000,196,662 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2002/04/12 17:21:56 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2002/04/12 17:21:45 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2002/04/12 17:21:38 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2002/04/12 17:21:33 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\dllcache\fpencode.dll
[2002/04/12 17:21:17 | 000,299,069 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2002/04/12 17:20:11 | 000,002,625 | ---- | C] () --
C:\WINDOWS\System32\CONFIG.NT
[2002/04/12 17:20:11 | 000,000,000 | RHS- | C] () -- C:\MSDOS.SYS
[2002/04/12 17:20:11 | 000,000,000 | RHS- | C] () -- C:\IO.SYS
[2002/04/12 17:20:11 | 000,000,000 | ---- | C] () -- C:\CONFIG.SYS
[2002/04/12 17:20:11 | 000,000,000 | ---- | C] () -- C:\AUTOEXEC.BAT
[2002/04/12 17:20:09 | 000,025,065 | ---- | C] () -- C:\WINDOWS\System32\wmpscheme.xml
[2002/04/12 17:20:08 | 000,023,392 | ---- | C] () -- C:\WINDOWS\System32\nscompat.tlb
[2002/04/12 17:20:08 | 000,016,832 | ---- | C] () -- C:\WINDOWS\System32\amcompat.tlb
[2002/04/12 17:20:07 | 000,299,552 | ---- | C] () -- C:\WINDOWS\WMSysPrx.prx
[2002/04/12 17:18:06 | 004,399,505 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nls302en.lex
[2002/04/12 17:17:26 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\dllcache\msinfo.dll
[2002/04/12 17:17:23 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt256.bmp
[2002/04/12 17:17:23 | 000,048,680 | -HS- | C] () -- C:\WINDOWS\winnt.bmp
[2002/04/12 17:17:16 | 000,000,984 | ---- | C] () -- C:\WINDOWS\System32\dllcache\srframe.mmf
[2002/04/12 17:17:15 | 000,004,639 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.exe
[2002/04/12 17:16:21 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/04/12 17:15:43 | 000,001,844 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\MSN Explorer.lnk
[2002/04/12 17:15:43 | 000,000,829 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Messenger.lnk
[2002/04/12 17:15:08 | 000,065,978 | ---- | C] () -- C:\WINDOWS\Soap Bubbles.bmp
[2002/04/12 17:15:08 | 000,065,954 | ---- | C] () -- C:\WINDOWS\Prairie Wind.bmp
[2002/04/12 17:15:08 | 000,065,832 | ---- | C] () -- C:\WINDOWS\Santa Fe Stucco.bmp
[2002/04/12 17:15:08 | 000,026,680 | ---- | C] () -- C:\WINDOWS\River Sumida.bmp
[2002/04/12 17:15:08 | 000,026,582 | ---- | C] () -- C:\WINDOWS\Greenstone.bmp
[2002/04/12 17:15:08 | 000,017,362 | ---- | C] () -- C:\WINDOWS\Rhododendron.bmp
[2002/04/12 17:15:08 | 000,017,336 | ---- | C] () -- C:\WINDOWS\Gone Fishing.bmp
[2002/04/12 17:15:08 | 000,017,062 | ---- | C] () -- C:\WINDOWS\Coffee Bean.bmp
[2002/04/12 17:15:08 | 000,016,730 | ---- | C] () -- C:\WINDOWS\FeatherTexture.bmp
[2002/04/12 17:15:08 | 000,009,522 | ---- | C] () -- C:\WINDOWS\Zapotec.bmp
[2002/04/12 17:15:08 | 000,001,272 | ---- | C] () -- C:\WINDOWS\Blue Lace 16.bmp
[2002/04/12 17:15:02 | 000,003,286 | ---- | C] () -- C:\WINDOWS\System32\tslabels.h
[2002/04/12 17:15:02 | 000,001,161 | ---- | C] () -- C:\WINDOWS\System32\usrlogon.cmd
[2002/04/12 17:14:59 | 000,000,768 | ---- | C] () -- C:\WINDOWS\System32\msdtcprf.h
[2002/04/12 17:14:44 | 000,063,488 | ---- | C] () -- C:\WINDOWS\System32\wmimgmt.msc
[2002/04/12 10:08:37 | 000,001,355 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2002/04/12 10:08:30 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/04/12 10:08:27 | 001,685,606 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.spd
[2002/04/12 10:08:27 | 000,605,050 | ---- | C] () -- C:\WINDOWS\System32\dllcache\r1033tts.lxa
[2002/04/12 10:08:27 | 000,000,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sam.sdf
[2002/04/12 10:08:26 | 000,643,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ltts1033.lxa
[2002/04/12 10:08:09 | 000,001,688 | ---- | C] () -- C:\WINDOWS\System32\AUTOEXEC.NT
[2002/04/12 10:07:57 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2002/04/12 10:07:57 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2002/04/12 10:07:57 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2002/04/12 10:07:57 | 000,031,136 | ---- | C] () -- C:\WINDOWS\System32\dllcache\FP4.CAT
[2002/04/12 10:07:57 | 000,013,608 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IMS.CAT
[2002/04/12 10:07:57 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2002/04/12 10:07:57 | 000,010,024 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSMSGS.CAT
[2002/04/12 10:07:57 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2002/04/12 10:07:57 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2002/04/12 10:07:57 | 000,007,100 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MSTSWEB.CAT
[2002/04/12 10:07:56 | 001,761,253 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5.CAT
[2002/04/12 10:07:56 | 000,470,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5INF.CAT
[2002/04/12 10:07:15 | 000,193,776 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/04/12 10:06:29 | 000,000,310 | RHS- | C] () -- C:\boot.ini
[2002/04/12 10:06:24 | 000,000,261 | ---- | C] () -- C:\WINDOWS\System32\$winnt$.inf
[2002/04/11 11:47:52 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\msmscoin.dll
[2002/04/11 03:41:15 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Jim\Desktop\SystemLook.exe
[2002/04/11 01:22:25 | 000,000,194 | ---- | C] () -- C:\Boot.bak
[2002/04/11 01:22:21 | 000,237,728 | RHS- | C] () -- C:\cmldr
[2002/04/11 01:18:28 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2002/04/11 01:18:28 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2002/04/11 01:18:28 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2002/04/11 01:18:28 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2002/04/11 01:18:28 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2002/04/02 18:08:34 | 000,310,954 | ---- | C] () -- C:\WINDOWS\ml-cleanup.exe
[2002/03/25 14:02:38 | 000,189,718 | ---- | C] () -- C:\WINDOWS\System32\dllcache\AppHelp.sdb
[2002/03/25 14:02:38 | 000,139,274 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MsiMain.sdb
[2001/08/23 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2001/08/23 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2001/08/23 05:00:00 | 000,311,934 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2001/08/23 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2001/08/23 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2001/08/23 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2001/08/23 05:00:00 | 000,040,196 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2001/08/23 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2001/08/23 05:00:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2001/08/23 05:00:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2001/08/23 05:00:00 | 000,001,420 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2001/08/23 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== ZeroAccess Check ==========

[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]

[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
" " = %SystemRoot%\system32\shdocvw.dll -- [2004/08/27 12:57:18 | 001,332,224 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
" " = %systemroot%\system32\wbem\fastprox.dll -- [2001/08/23 05:00:00 | 000,585,216 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free

[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
" " = %systemroot%\system32\wbem\wbemess.dll -- [2001/08/23 05:00:00 | 000,259,072 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both

========== LOP Check ==========

[2012/11/04 20:48:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/01/30 18:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2003/01/12 19:54:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2007/10/09 17:01:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2002/12/20 19:37:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\interMute
[2011/01/30 18:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AVG7
[2002/08/08 18:19:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\InterVideo
[2005/10/11 18:48:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\Leadertech

========== Purity Check ==========

========== Files - Unicode (All) ==========
[2005/12/04 08:10:58 | 000,000,008 | ---- | M] ()(C:\WINDOWS\System32\?????????????????) -- C:\WINDOWS\System32\䖫矔ﶌ̳츒矖倀翽ﶌ̳츲矖ﵘ̳췘矖삵
[2005/12/04 08:10:58 | 000,000,008 | ---- | C] ()(C:\WINDOWS\System32\?????????????????) -- C:\WINDOWS\System32\䖫矔ﶌ̳츒矖倀翽ﶌ̳츲矖ﵘ̳췘矖삵

< End of report >

oldmanjim · 2012/11/21

OTL Extras logfile created on: 4/16/2002 10:05:05 AM - Run 1
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Jim\Desktop
Windows XP Professional Edition (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2600.0000)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

479.48 Mb Total Physical Memory | 174.46 Mb Available Physical Memory | 36.39% Memory free
1.10 Gb Paging File | 0.86 Gb Available in Paging File | 78.18% Paging File free
Paging file location(s): C:\pagefile.sys 720 1440 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 19.59 Gb Free Space | 52.59% Space Free | Partition Type: NTFS

Computer Name: WINDOWSXP | User Name: Jim | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1 ",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirewallDisableNotify" = 0
"AntiVirusDisableNotify" = 0
"UpdatesDisableNotify" = 0

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{1FD0C5C1-B01B-4B4C-9607-E5D3B3D1318F}" = Microsoft IntelliPoint 4.1
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AB67580-257C-45FF-B8F4-C8C30682091A}_is1" = SIW 2011 Home Edition
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Acrobat 4.0" = Adobe Acrobat 4.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"AdobeESD" = Adobe Download Manager 2.0 (Remove Only)
"avast" = avast! Free Antivirus
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F00&SUBSYS_200314F1" = Conexant 56K Modem
"Learn Microsoft® Windows XP" = Learn Microsoft® Windows XP
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.65.1.1000
"oeupdate" = Outlook Express Q837009
"Q309521" = Windows XP Hotfix (SP1) [See Q309521 for more information]
"Q311889" = Windows XP Hotfix (SP1) [See Q311889 for more information]
"Q311967" = Windows XP Hotfix (SP1) [See Q311967 for more information]
"Q313450" = Windows XP Hotfix (SP1) [See Q313450 for more information]
"Q314147" = Windows XP Hotfix (SP1) [See Q314147 for more information]
"Q314862" = Windows XP Hotfix (SP1) [See Q314862 for more information]
"Q315000" = Windows XP Hotfix (SP1) [See Q315000 for more information]
"Q315403" = Windows XP Hotfix (SP1) [See Q315403 for more information]
"Q317277" = Windows XP Hotfix (SP1) [See Q317277 for more information]
"Q318138" = Windows XP Hotfix (SP1) [See Q318138 for more information]
"Q319580" = Windows XP Application Compatibility Update[Q319580]
"Q323172" = Windows XP Hotfix (SP1) [See Q323172 for more information]
"Q324096" = Windows XP Hotfix (SP1) [See Q324096 for more information]
"Q324380" = Windows XP Hotfix (SP1) [See Q324380 for more information]
"Q326830" = Windows XP Hotfix (SP1) [See Q326830 for more information]
"Q328310" = Windows XP Hotfix (SP1) Q328310
"Q328940" = Windows XP Hotfix (SP1) [See Q328940 for more information]
"Q329048" = Windows XP Hotfix (SP1) [See Q329048 for more information]
"Q329115" = Windows XP Hotfix (SP2) [See Q329115 for more information]
"Q329170" = Windows XP Hotfix (SP1) Q329170
"Q329390" = Windows XP Hotfix (SP1) [See Q329390 for more information]
"Q329441" = Windows XP Hotfix (SP1) [See Q329441 for more information]
"Q329834" = Windows XP Hotfix (SP1) [See Q329834 for more information]
"Q331953" = Windows XP Hotfix (SP1) Q331953
"Q810577" = Windows XP Hotfix (SP1) Q810577
"Q810833" = Windows XP Hotfix (SP1) Q810833
"Q811493" = Windows XP Hotfix (SP1) Q811493
"Q815021" = Windows XP Hotfix (SP1) Q815021
"Q817606" = Windows XP Hotfix (SP1) Q817606
"Q819696" = Windows XP Hotfix (SP1) Q819696
"Q828026" = Windows Media Player Hotfix [See wm828026 for more information]
"SiS 650" = SiS 650
"SiS7012" = SiS Audio Driver
"Yahoo! Companion" = Yahoo! Toolbar

========== Last 20 Event Log Errors ==========

[ Application Events ]
Error - 11/8/2012 1:01:11 AM | Computer Name = WINDOWSXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2600.0, faulting module
mshtml.dll, version 6.0.2745.2800, fault address 0x00062839.

Error - 11/8/2012 1:07:33 AM | Computer Name = WINDOWSXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2600.0, faulting module
shdocvw.dll, version 6.0.2750.167, fault address 0x0008078b.

Error - 11/8/2012 1:27:15 AM | Computer Name = WINDOWSXP | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/8/2012 2:43:48 AM | Computer Name = WINDOWSXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2600.0, faulting module
unknown, version 0.0.0.0, fault address 0x64206568.

Error - 11/11/2012 11:55:34 PM | Computer Name = WINDOWSXP | Source = Application Hang | ID = 1002
Description = Hanging application Explorer.EXE, version 6.0.2600.0, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 11/12/2012 12:27:13 AM | Computer Name = WINDOWSXP | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2600.0, faulting module
shdocvw.dll, version 6.0.2750.167, fault address 0x0008078b.

Error - 11/13/2012 2:01:38 AM | Computer Name = WINDOWSXP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/13/2012 2:01:38 AM | Computer Name = WINDOWSXP | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 11/13/2012 2:12:33 AM | Computer Name = WINDOWSXP | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 8007043C from line 44 of d:\nt_qxp\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 11/13/2012 2:12:33 AM | Computer Name = WINDOWSXP | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 11/13/2012 2:03:16 AM | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/13/2012 2:09:27 AM | Computer Name = WINDOWSXP | Source = irevents | ID = 16719885
Description = The infrared file transfer service encountered an error while checking
for configuration changes. Changes made from the Wireless Link control panel will
not take effect until the next logon session. The error reported was 6.

Error - 11/13/2012 2:12:32 AM | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/13/2012 2:13:14 AM | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service netman with
arguments " " in order to run the server: {BA126AE5-2166-11D1-B1D0-00805FC1270E}

Error - 11/13/2012 2:13:17 AM | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 11/13/2012 2:13:59 AM | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7001
Description = The DHCP Client service depends on the NetBT service which failed
to start because of the following error: %%31

Error - 11/13/2012 2:13:59 AM | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 11/13/2012 2:13:59 AM | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7001
Description = The IPSEC Services service depends on the IPSEC driver service which
failed to start because of the following error: %%31

Error - 11/13/2012 2:13:59 AM | Computer Name = WINDOWSXP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AswRdr aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss SASDIFSV
SASKUTIL
Tcpip

Error - 11/13/2012 2:14:59 AM | Computer Name = WINDOWSXP | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

< End of report >

broni · 2012/11/21

You didn't say:

How is computer doing?
Click to expand...

==============================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {00000075-9980-0010-8000-00AA00389B71} http://codecs.microsoft.com/codecs/i386/voxacm.CAB (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...0C/wmv9dmo.cab (Reg Error: Key error.)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.co...611.3868981482 (Reg Error: Key error.)
[2011/01/30 18:22:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg7
[2011/01/30 18:18:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Jim\Application Data\AVG7

:Commands
[purity]
[emptytemp]
[emptyjava]
[emptyflash]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.
NOTE. If for any reason OTL stalls (most likely at "killing processes..." step) run the fix from safe mode.

==============================

You have some Norton's leftovers.
Run this tool to remove them: http://www.majorgeeks.com/Norton_Removal_Tool_d4749.html

==============================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe

Follow the onscreen instructions inside of the black box.

A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.

Make sure the following options are checked:

Internet Services

Windows Firewall

System Restore

Security Center

Windows Update

Windows Defender

Press "Scan ".

It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.

3. Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

Double click on TFC.exe to run the program.

Click on Start button to begin cleaning process.

TFC will close all running programs, and it may ask you to restart computer.

4. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, click on List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

NOTE. If Eset won't find any threats, it won't produce any log.

oldmanjim · 2012/11/24

sorry i meant to post that i keep getting a certificate error... everytime i open IE

All processes killed
Error: Unable to interpret <Code: > in the current context!
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{C4069E3A-68F1-403E-B40E-20066696354B} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{C4069E3A-68F1-403E-B40E-20066696354B}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
Starting removal of ActiveX control {00000075-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\voxacm.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{00000075-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{00000075-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {33564D57-9980-0010-8000-00AA00389B71}
C:\WINDOWS\Downloaded Program Files\wmv9dmo.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{33564D57-9980-0010-8000-00AA00389B71}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{33564D57-9980-0010-8000-00AA00389B71}\ not found.
Starting removal of ActiveX control {9F1C11AA-197B-4942-BA54-47A8489BB47F}
C:\WINDOWS\Downloaded Program Files\iuctl.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9F1C11AA-197B-4942-BA54-47A8489BB47F}\ not found.
C:\Documents and Settings\All Users\Application Data\avg7\QUEUE\TEMP folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg7\QUEUE\OUT folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg7\QUEUE\ACTIVE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg7\QUEUE folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg7\Log folder moved successfully.
C:\Documents and Settings\All Users\Application Data\avg7 folder moved successfully.
C:\Documents and Settings\Jim\Application Data\AVG7 folder moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Jim
->Temp folder emptied: 1734061 bytes
->Temporary Internet Files folder emptied: 21161946 bytes
->Flash cache emptied: 5580 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 402 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 1928049 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 439 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3029185 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 27.00 mb

[EMPTYJAVA]

User: Administrator

User: All Users

User: Default User

User: Jim

User: LocalService

User: NetworkService

Total Java Files Cleaned = 0.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: Jim
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.69.0 log created on 04192002_135559

Files\Folders moved on Reboot...
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\W9I3CXI3\104022-active-error-stating-validation-required-2[1].html moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\SCN7XKGC\Norton_Removal_Tool[1].exe moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\OCKAHSUB\bg_thead[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\KLI305QB\bg_box1[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\D2XWXCE9\bg_tcat[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\CPIRS9Q3\tcat_left[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\9KTPFD13\bg_box_code[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\9KTPFD13\nav_bg[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\85MBKP6Z\bg_alt1[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\4HWBOVKR\tcat_right[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\41U3SHYB\bg_box_quote[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\2BY7SZIH\bg_alt2[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\13WLDVDP\bg_navbar[1].gif moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\098TM7SP\downloadget[1].php moved successfully.
C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\098TM7SP\tcat_mid[1].gif moved successfully.
File move failed. C:\WINDOWS\temp\_avast_\Webshlock.txt scheduled to be moved on reboot.

PendingFileRenameOperations files...

Registry entries deleted on Reboot...

oldmanjim · 2012/11/24

the tool major geeks says "the procedure entry point EncodePointer could not be located in the dynamic link library KERNEL32.dll

oldmanjim · 2012/11/24

Results of screen317's Security Check version 0.99.56
Windows XP x86
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````Antivirus/Firewall Check:``````````````
Windows Security Center service is not running! This report may not be accurate!
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
SUPERAntiSpyware
Malwarebytes Anti-Malware version 1.65.1.1000
Adobe Flash Player 10 Flash Player out of Date!
Adobe Reader 7 Adobe Reader out of Date!
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast avastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C:: 3%
````````````````````End of Log``````````````````````

oldmanjim · 2012/11/24

Farbar Service Scanner Version: 09-11-2012
Ran by Jim (administrator) on 19-04-2002 at 14:21:03
Running from "C:\Documents and Settings\Jim\Local Settings\Temporary Internet Files\Content.IE5\FG8012LD "
Microsoft Windows XP (X86)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo IP is accessible.
Yahoo.com is accessible.

Windows Firewall:
=============

Firewall Disabled Policy:
==================

System Restore:
============

System Restore Disabled Policy:
========================

Security Center:
============
wscsvc Service is not running. Checking service configuration:
The start type of wscsvc service is OK.
The ImagePath of wscsvc service is OK.
The ServiceDll of wscsvc service is OK.

Windows Update:
============

Windows Autoupdate Disabled Policy:
============================

File Check:
========
C:\WINDOWS\System32\dhcpcsvc.dll
[2001-08-23 05:00] - [2001-08-23 05:00] - 0098816 ____A (Microsoft Corporation) 4F18692BFB7181EA948D5A4D3BFDDCE5

C:\WINDOWS\System32\Drivers\afd.sys
[2001-08-23 05:00] - [2001-08-23 05:00] - 0130688 ____A (Microsoft Corporation) 560DCE566000FED5BBFCBCA321DBB84B

C:\WINDOWS\System32\Drivers\netbt.sys
[2001-08-23 05:00] - [2003-07-23 12:15] - 0149120 ____A (Microsoft Corporation) 26891E42CDA5A9EDE7003229BBEB7EA2

C:\WINDOWS\System32\Drivers\tcpip.sys
[2001-08-23 05:00] - [2001-08-23 05:00] - 0327168 ____A (Microsoft Corporation) E7774698BB0D14B0710A9A31E209F9B6

C:\WINDOWS\System32\Drivers\ipsec.sys
[2001-08-23 05:00] - [2001-08-23 05:00] - 0056064 ____A (Microsoft Corporation) 87AD207BC4437F215508024559D72F30

C:\WINDOWS\System32\dnsrslvr.dll
[2001-08-23 05:00] - [2001-08-23 05:00] - 0044032 ____A (Microsoft Corporation) 56EBC522D52FC5E526E8860A5A810D98

C:\WINDOWS\System32\ipnathlp.dll
[2004-06-10 21:36] - [2004-03-29 18:25] - 0454656 ____A (Microsoft Corporation) 3CCDC9DD301FD162FA2E833F35F257A2

C:\WINDOWS\System32\netman.dll
[2001-08-23 05:00] - [2001-08-23 05:00] - 0147968 ____A (Microsoft Corporation) 2B150D3A00137588EB4D68BB30C25214

C:\WINDOWS\System32\wbem\WMIsvc.dll
[2002-04-12 17:14] - [2001-08-23 05:00] - 0100864 ____A (Microsoft Corporation) A582DABA8A7FB0D7C15E34B5A21BDBFB

C:\WINDOWS\System32\srsvc.dll
[2002-04-12 17:17] - [2001-08-23 05:00] - 0155136 ____A (Microsoft Corporation) E305E78536FA6649299F71FD8EA9A84D

C:\WINDOWS\System32\Drivers\sr.sys
[2002-04-12 17:17] - [2001-08-23 05:00] - 0070400 ____A (Microsoft Corporation) F899A5D353DCBBA12EACB379E7ABFEEE

ATTENTION!=====> C:\WINDOWS\System32\wscsvc.dll FILE IS MISSING AND SHOULD BE RESTORED.

C:\WINDOWS\System32\wbem\WMIsvc.dll
[2002-04-12 17:14] - [2001-08-23 05:00] - 0100864 ____A (Microsoft Corporation) A582DABA8A7FB0D7C15E34B5A21BDBFB

C:\WINDOWS\System32\wuauserv.dll
[2002-04-12 17:15] - [2001-08-23 05:00] - 0004096 ____A (Microsoft Corporation) 8417CA7287BF45DEF45B389C8C028AE4

C:\WINDOWS\System32\qmgr.dll
[2002-01-22 14:51] - [2004-07-01 15:08] - 0361984 ____A (Microsoft Corporation) 696AC82FB290A03F205901442E0E9589

C:\WINDOWS\System32\es.dll
[2004-06-10 21:35] - [2004-03-05 19:05] - 0226816 ____A (Microsoft Corporation) 08A859AA98E5991E05E92C3893FD3439

C:\WINDOWS\System32\cryptsvc.dll
[2001-08-23 05:00] - [2001-08-23 05:00] - 0051200 ____A (Microsoft Corporation) C1B26CE5483DD20D59BCF608331413E6

C:\WINDOWS\System32\svchost.exe
[2001-08-23 05:00] - [2001-08-23 05:00] - 0012800 ____A (Microsoft Corporation) 0F7D9C87B0CE1FA520473119752C6F79

C:\WINDOWS\System32\rpcss.dll
[2004-06-10 21:35] - [2004-03-05 19:05] - 0214528 ____A (Microsoft Corporation) A8ECCC0674E43497E0A425A03A12F654

C:\WINDOWS\System32\services.exe
[2001-08-23 05:00] - [2001-08-23 05:00] - 0101376 ____A (Microsoft Corporation) E3DF4A0252D287C44606EE55355E1623

Extra List:
=======
aswTdi(9) Gpc(4) IPSec(6) irda(3) NetBT(7) PSched(8) Tcpip(5)
0x09000000060000000100000002000000030000000400000005000000090000000700000008000000
IpSec Tag value is correct.

**** End of log ****

oldmanjim · 2012/11/25

Eset found no threat

broni · 2012/11/25

OK, we still have couple of issues there which we'll have to address.

From the list below run only steps 1-3
Let me know when you're done with "step 3 ".
You have a lot of updates to install including Service Packs 1-3

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:
Code:
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[emptyjava]
[CLEARALLRESTOREPOINTS]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.

Close all other programs apart from OTL as this step will require a reboot

On the OTL main screen, press the CLEANUP button

Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Launch a quick scan now" link)

6. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

7. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

8. Run Temporary File Cleaner (TFC) weekly.

9. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

10. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

11. (Windows XP only) Run defrag at your convenience.

12. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

13. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

14. Please, let me know, how your computer is doing.

oldmanjim · 2012/11/25

broni i go to windows update and it takes me here. Should I install service pack 3 or to i need to install service pack 2 before 3?

broni · 2012/11/25

You have to start with SP2.

oldmanjim · 2012/11/25

so where should i got to do that because everytime i select windows update i get sent to the page linked in my last post.

broni · 2012/11/25

http://www.microsoft.com/en-us/download/details.aspx?id=28

oldmanjim · 2012/11/25

Ok broni it won't let me update it says that the product key may not be valid and to visit how to tell.com

Log in or Sign up

Inactive Error Stating Validation Required

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

Share This Page

Log in or Sign up

Inactive Error Stating Validation Required

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

broni Moderator Malware Analyst

oldmanjim Inactive Thread Starter

Share This Page

Useful Searches