Solved iexplore.exe problem

bartdude59 · 2010/07/02

[Resolved] iexplore.exe problem

Hello. As I was searching for a solution to my iexplore.exe problem through Google, I found Windows BBS to have resolved some iexplore.exe problems before.

So here I am, with the iexplore.exe problem of my own. I have ran MBAM in safe mode earlier but that didn't work. I will post the log if needed.

I read the READ THIS BEFORE POSTING IN THIS FORUM, but I'm stuck in the very beginning. I have downloaded DDS, but when I open it I have an error. CScript Error: Windows Script Host access is disabled on this machine. Contact your administrator for details.

Can anybody help me with this?

broni · 2010/07/02

What is your actual problem with iexplore.exe?

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

* Rkill.com
* Rkill.scr
* Rkill.pif
* Rkill.exe

* Double-click on the Rkill desktop icon to run the tool.
* If using Vista or Windows 7 right-click on it and choose Run As Administrator.
* A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
* If not, delete the file, then download and use the one provided in Link 2.
* If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
* Do not reboot until instructed.
* If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run then try to immediately run the following.

Now download and run exeHelper.

* Please download exeHelper from Raktor to your desktop.
* Double-click on exeHelper.com to run the fix.
* A black window should pop up, press any key to close once the fix is completed.
* A log file named log.txt will be created in the directory where you ran exeHelper.com
* Attach the log.txt file to your next message.[/LIST]

Note: If the window shows a message that says "Error deleting file ", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

=============================================================

Please download ComboFix from [color= "Red"]Here[/color] or [color= "#FF0000"]Here[/color] to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.

Close any open browsers.

Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results ".

Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

NOTE. If Combofix asks you to install Recovery Console, please allow it.

Close any open browsers.

WARNING: Combofix will disconnect your machine from the Internet as soon as it starts

Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.

If there is no internet connection after running Combofix, then restart your computer to restore back your connection.

Double click on combofix.exe & follow the prompts.

When finished, it will produce a report for you.

Please post the "C:\ComboFix.txt"

**Note: Do not mouseclick combofix's window while it's running. That may cause it to stall**

Make sure, you re-enable your security programs, when you're done with Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bartdude59 · 2010/07/03

Sorry for not being clear with what my problem was in my first post. My problem is that iexplore.exe keeps popping up. Because I don't use Internet Explorer as my default browser it asks if I want to set it as my default browser. In Windows Task Manager, I keep ending iexplore.exe but it keeps on coming back. Also, my computer is a lot slower starting up and with iexplore.exe popping up every time, my computer is slower overall.

Here is my exeHelper.com log:

exeHelper by Raktor
Build 20100414
Run at 22:23:38 on 07/02/10
Now searching...
Checking for numerical processes...
Checking for sysguard processes...
Checking for bad processes...
Checking for bad files...
Checking for bad registry entries...
Resetting filetype association for .exe
Resetting filetype association for .com
Resetting userinit and shell values...
Resetting policies...
--Finished--

Here is my ComboFix log:

ComboFix 10-07-01.02 - Administrator 07/02/2010 22:39:20.1.1 - x86
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\flg32.dll
c:\windows\system32\msconfig.exe

c:\windows\system32\srsvc.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-01 23:39 . 2010-07-01 23:39 -------- d-----w- c:\program files\Comic Maker 3
2010-06-11 20:09 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-06-10 20:09 . 2010-04-27 21:29 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{01f5f98c-2a8f-4a1b-b41a-86cd610235d2}\components\Engine.dll
2010-06-05 23:42 . 2010-07-02 15:09 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-02 19:03 . 2009-09-12 11:04 -------- d-----w- c:\program files\Final Fantasy VII
2010-07-02 05:26 . 2009-09-05 13:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-06-12 15:09 . 2009-10-10 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 21:03 . 2009-10-10 08:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-01 03:17 . 2010-06-01 03:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-06-01 03:15 . 2010-06-01 03:13 -------- d-----w- c:\program files\QuickTime
2010-06-01 03:13 . 2009-08-19 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-31 00:11 . 2009-08-19 10:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 00:09 . 2009-08-31 08:11 -------- d-----w- c:\program files\Defraggler
2010-05-30 21:54 . 2009-08-20 02:27 -------- d-----w- c:\program files\CCleaner
2010-05-24 01:45 . 2010-05-24 01:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-05-24 01:27 . 2009-08-20 13:41 -------- d-----w- c:\program files\Winamp
2010-05-24 01:25 . 2010-05-24 01:25 -------- d-----w- c:\program files\Winamp Detect
2010-05-04 17:20 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-04 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-08-19 10:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-08-19 10:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 19:10 . 2010-04-29 01:29 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\FFExternalAlert.dll
2010-04-21 19:10 . 2010-04-29 01:29 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\RadioWMPCore.dll
2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-15 22:29 . 2008-03-30 18:40 28136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll

c:\windows\System32\srsvc.dll ... is missing !!
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache "= 1 (0x1)
"ForceStartMenuLogOff "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache "= 1 (0x1)
"ForceStartMenuLogOff "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2008-06-11 18:38 34672 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 01:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 01:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 01:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2007-10-25 02:04 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 08:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2007-10-16 12:50 111952 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-27 18:06 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
2009-12-18 13:43 149280 ----a-w- c:\program files\Java\jre6\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-19 14:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)
"Bonjour Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall "= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\Program Files\\Steam\\steamapps\\289045\\counter-strike\\hl.exe "=
"c:\\Documents and Settings\\Administrator\\Desktop\\adobe indesign cs3 portable\\Thinstall\\InDesign CS3 Data\\4000005800003i\\mDNSResponder.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56657:TCP "= 56657:TCPando Media Booster
"56657:UDP "= 56657:UDPando Media Booster

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/19/2009 6:43 PM 24652]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/9/2009 7:28 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-07-02 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-27 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.114la.com/index.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?sid=61293&cuid=&userid=35923043&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{01f5f98c-2a8f-4a1b-b41a-86cd610235d2}\components\Engine.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-iTunesHelper - c:\program files\iTunes\iTunesHelper.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-02 22:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@DACL=(02 0000)
.
Completion time: 2010-07-02 22:52:52
ComboFix-quarantined-files.txt 2010-07-03 05:52

Pre-Run: 10,948,038,656 bytes free
Post-Run: 11,030,732,800 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT= "Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS= "Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - 9D896C7629D9AFC1EC6C820474713326

Edit: When I turned on my computer this morning, I noticed there were some processes in Windows Task Manager that did not look familiar to me. HotFixInstaller.exe, (it was there, but disappeared), mscorsvw.exe (two of them), msiexec.exe, and there were another two but seemed to have gone away for now. iexplore.exe also was there, but is no longer there.

Edit 2: iexplore.exe is back and mscorsvw.exe is still here, but jsut one. Everything else listed earlier is no longer running. I did not end the processes, they just seemed to disappear.

broni · 2010/07/03

Download Security Check from HERE, and save it to your Desktop.

* Double-click SecurityCheck.exe
* Follow the onscreen instructions inside of the black box.
* A Notepad document should open automatically called checkup.txt; please post the contents of that document.

================================================================

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
Double-click SystemLook.exe to run it.

Vista users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
:filefind
srsvc.dll
msconfig.exe
Click the Look button to start the scan.

When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

bartdude59 · 2010/07/03

Here is the checkup.txt:

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 7 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
McAfee VirusScan Enterprise
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 17
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader 9
Out of date Adobe Reader installed!
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
McAfee VirusScan Enterprise Mcshield.exe
McAfee VirusScan Enterprise VsTskMgr.exe
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

And SystemLook.txt:

SystemLook v1.0 by jpshortstuff (11.01.10)
Log created at 09:21 on 03/07/2010 by Administrator (Administrator - Elevation successful)

========== filefind ==========

Searching for "srsvc.dll "
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll --a--c 171008 bytes [00:12 14/04/2008] [00:12 14/04/2008] 3805DF0AC4296A34BA4BF93B346CC378

Searching for "msconfig.exe "
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msconfig.exe --a--c 169984 bytes [00:12 14/04/2008] [00:12 14/04/2008] A81135541C9D4EBCE43EFA8AD31395B4

-=End Of File=-

broni · 2010/07/03

Update your Java version here: http://www.java.com/en/download/installed.jsp
Uninstall all previous Java versions, through Add\Remove (Programs & Features in Vista/7).

Update your Adobe Reader as well.

=============================================================

1. Please open Notepad

Click Start , then Run

Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:
Code:
FCopy::
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll | c:\windows\system32\srsvc.dll
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msconfig.exe | c:\windows\system32\msconfig.exe 
3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:

Combofix.txt

bartdude59 · 2010/07/03

Java and Adobe Reader both updated.

Here's the ComboFix.txt:

ComboFix 10-07-01.02 - Administrator 07/03/2010 11:03:02.2.1 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.510.272 [GMT -7:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Administrator\Desktop\CFScript.txt
AV: McAfee VirusScan Enterprise *On-access scanning enabled* (Updated) {918A2B0B-2C60-4016-A4AB-E868DEABF7F0}
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\msconfig.exe

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll --> c:\windows\system32\srsvc.dll
c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\msconfig.exe --> c:\windows\system32\msconfig.exe
.
((((((((((((((((((((((((( Files Created from 2010-06-03 to 2010-07-03 )))))))))))))))))))))))))))))))
.

2010-07-03 18:03 . 2008-04-14 00:12 171008 ----a-w- c:\windows\system32\srsvc.dll
2010-07-03 17:35 . 2010-07-03 17:35 -------- d-----w- c:\program files\Common Files\Java
2010-07-03 17:35 . 2010-07-03 17:35 503808 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-75185e3e-n\msvcp71.dll
2010-07-03 17:35 . 2010-07-03 17:35 499712 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-75185e3e-n\jmc.dll
2010-07-03 17:35 . 2010-07-03 17:35 348160 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\46\f84c6ae-75185e3e-n\msvcr71.dll
2010-07-03 17:35 . 2010-07-03 17:35 61440 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f44ac6d-n\decora-sse.dll
2010-07-03 17:35 . 2010-07-03 17:35 12800 ----a-w- c:\documents and settings\Administrator\Application Data\Sun\Java\Deployment\SystemCache\6.0\50\5535ab32-2f44ac6d-n\decora-d3d.dll
2010-07-03 17:34 . 2010-07-03 17:34 411368 ----a-w- c:\windows\system32\deployJava1.dll
2010-07-03 15:28 . 2010-07-03 15:45 -------- d-----w- C:\bd6722133f59f635255ec2c4abd3
2010-07-01 23:39 . 2010-07-01 23:39 -------- d-----w- c:\program files\Comic Maker 3
2010-06-11 20:09 . 1998-06-17 23:00 89360 ----a-w- c:\windows\system32\VB5DB.DLL
2010-06-10 20:09 . 2010-04-27 21:29 65536 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{01f5f98c-2a8f-4a1b-b41a-86cd610235d2}\components\Engine.dll
2010-06-05 23:42 . 2010-07-02 15:09 1324 ----a-w- c:\windows\system32\d3d9caps.dat

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-07-03 17:51 . 2009-08-19 10:55 -------- d-----w- c:\program files\Common Files\Adobe
2010-07-02 19:03 . 2009-09-12 11:04 -------- d-----w- c:\program files\Final Fantasy VII
2010-07-02 05:26 . 2009-09-05 13:03 -------- d-----w- c:\documents and settings\Administrator\Application Data\Media Player Classic
2010-06-12 15:09 . 2009-10-10 08:24 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-06-11 21:03 . 2009-10-10 08:16 -------- d-----w- c:\program files\Common Files\InstallShield
2010-06-01 03:17 . 2010-06-01 03:17 -------- d-----w- c:\documents and settings\Administrator\Application Data\Apple Computer
2010-06-01 03:15 . 2010-06-01 03:13 -------- d-----w- c:\program files\QuickTime
2010-06-01 03:13 . 2009-08-19 10:52 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2010-05-31 00:11 . 2009-08-19 10:51 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-05-31 00:09 . 2009-08-31 08:11 -------- d-----w- c:\program files\Defraggler
2010-05-30 21:54 . 2009-08-20 02:27 -------- d-----w- c:\program files\CCleaner
2010-05-24 01:45 . 2010-05-24 01:22 -------- d-----w- c:\documents and settings\Administrator\Application Data\Winamp
2010-05-24 01:27 . 2009-08-20 13:41 -------- d-----w- c:\program files\Winamp
2010-05-24 01:25 . 2010-05-24 01:25 -------- d-----w- c:\program files\Winamp Detect
2010-05-04 17:20 . 2004-08-04 12:00 832512 ----a-w- c:\windows\system32\wininet.dll
2010-05-04 17:20 . 2004-08-04 12:00 78336 ------w- c:\windows\system32\ieencode.dll
2010-05-04 17:20 . 2004-08-04 12:00 17408 ------w- c:\windows\system32\corpol.dll
2010-05-02 05:56 . 2004-08-04 12:00 1850880 ----a-w- c:\windows\system32\win32k.sys
2010-04-29 22:39 . 2009-08-19 10:51 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-04-29 22:39 . 2009-08-19 10:51 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-04-21 19:10 . 2010-04-29 01:29 52224 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\FFExternalAlert.dll
2010-04-21 19:10 . 2010-04-29 01:29 101376 ----a-w- c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}\components\RadioWMPCore.dll
2010-04-20 05:51 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll
2010-04-15 22:29 . 2008-03-30 18:40 28136 ----a-w- c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
.

------- Sigcheck -------

[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\srsvc.dll
[-] 2008-04-14 . 3805DF0AC4296A34BA4BF93B346CC378 . 171008 . . [5.1.2600.5512] . . c:\windows\system32\srsvc.dll
.
((((((((((((((((((((((((((((( SnapShot@2010-07-03_05.49.44 )))))))))))))))))))))))))))))))))))))))))
.
+ 2010-07-03 17:59 . 2010-07-03 17:59 16384 c:\windows\temp\Perflib_Perfdata_780.dat
+ 2004-08-04 12:00 . 2010-07-03 15:45 68156 c:\windows\system32\perfc009.dat
- 2004-08-04 12:00 . 2010-06-24 15:46 68156 c:\windows\system32\perfc009.dat
- 2010-07-01 13:19 . 2010-07-03 05:30 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2010-07-01 13:19 . 2010-07-03 18:00 65536 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-08-19 09:49 . 2010-07-03 18:00 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2009-08-19 09:49 . 2010-07-03 05:30 49152 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2010-07-03 17:07 . 2010-07-03 17:07 94208 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ComponentMod#\5d535ecadf77ac2d9278a1661beb2855\System.ComponentModel.DataAnnotations.ni.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 77824 c:\windows\assembly\GAC_MSIL\System.Web.RegularExpressions\2.0.0.0__b03f5f7f11d50a3a\System.Web.RegularExpressions.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
+ 2010-07-03 15:40 . 2010-07-03 15:40 81920 c:\windows\assembly\GAC_MSIL\System.Drawing.Design\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.Design.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 81920 c:\windows\assembly\GAC_MSIL\System.Configuration.Install\2.0.0.0__b03f5f7f11d50a3a\System.Configuration.Install.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 32768 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 12800 c:\windows\assembly\GAC_MSIL\Microsoft.Vsa.Vb.CodeDOMProcessor\8.0.0.0__b03f5f7f11d50a3a\Microsoft.Vsa.Vb.CodeDOMProcessor.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 28672 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Vsa\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Vsa.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 77824 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Utilities\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Utilities.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 36864 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Framework\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Framework.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 77824 c:\windows\assembly\GAC_MSIL\IEHost\2.0.0.0__b03f5f7f11d50a3a\IEHost.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 13312 c:\windows\assembly\GAC_MSIL\cscompmgd\8.0.0.0__b03f5f7f11d50a3a\cscompmgd.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 10752 c:\windows\assembly\GAC_MSIL\Accessibility\2.0.0.0__b03f5f7f11d50a3a\Accessibility.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 72192 c:\windows\assembly\GAC_32\ISymWrapper\2.0.0.0__b03f5f7f11d50a3a\ISymWrapper.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 69120 c:\windows\assembly\GAC_32\CustomMarshalers\2.0.0.0__b03f5f7f11d50a3a\CustomMarshalers.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 8192 c:\windows\WinSxS\MSIL_IEExecRemote_b03f5f7f11d50a3a_2.0.0.0_x-ww_6e57c34e\IEExecRemote.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 7168 c:\windows\assembly\GAC_MSIL\Microsoft_VsaVb\8.0.0.0__b03f5f7f11d50a3a\Microsoft_VsaVb.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-23 15:31 . 2010-06-23 15:31 5632 c:\windows\assembly\GAC_MSIL\Microsoft.VisualC\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualC.Dll
- 2010-06-23 15:31 . 2010-06-23 15:31 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 6656 c:\windows\assembly\GAC_MSIL\IIEHost\2.0.0.0__b03f5f7f11d50a3a\IIEHost.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 8192 c:\windows\assembly\GAC_MSIL\IEExecRemote\2.0.0.0__b03f5f7f11d50a3a\IEExecRemote.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 113664 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 258048 c:\windows\WinSxS\x86_System.EnterpriseServices_b03f5f7f11d50a3a_2.0.0.0_x-ww_7d5f3790\System.EnterpriseServices.dll
- 2004-08-04 12:00 . 2010-06-24 15:46 435260 c:\windows\system32\perfh009.dat
+ 2004-08-04 12:00 . 2010-07-03 15:45 435260 c:\windows\system32\perfh009.dat
+ 2010-07-03 17:34 . 2010-07-03 17:34 153376 c:\windows\system32\javaws.exe
+ 2010-07-03 17:34 . 2010-07-03 17:34 145184 c:\windows\system32\javaw.exe
- 2009-12-18 13:43 . 2009-12-18 13:43 145184 c:\windows\system32\javaw.exe
+ 2010-07-03 17:34 . 2010-07-03 17:34 145184 c:\windows\system32\java.exe
- 2009-12-18 13:43 . 2009-12-18 13:43 145184 c:\windows\system32\java.exe
+ 2010-02-09 19:22 . 2010-02-09 19:22 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
- 2008-07-25 03:17 . 2008-07-25 03:17 258048 c:\windows\Microsoft.NET\Framework\v2.0.50727\System.Security.dll
+ 2010-07-03 17:35 . 2010-07-03 17:35 180224 c:\windows\Installer\74619b.msi
+ 2010-07-03 17:34 . 2010-07-03 17:34 576000 c:\windows\Installer\746196.msi
+ 2010-02-25 07:14 . 2010-02-25 07:14 543232 c:\windows\Installer\43965.msp
+ 2010-07-03 17:10 . 2010-07-03 17:10 400896 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Xml.Linq\747e84d81d1de2041661f0f71b04734a\System.Xml.Linq.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 129536 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Routing\d51dfbd8d5431eb89181baaa24863e15\System.Web.Routing.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 328704 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity\ce3b446b7bee5c47949c994ec89b1649\System.Web.Entity.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 301056 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Entity.D#\ad04fe1182e55e7c01066b62a4bee6b5\System.Web.Entity.Design.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 547328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.DynamicD#\20ba0d4d182a1a9c1f54c00d3bc29a68\System.Web.DynamicData.ni.dll
+ 2010-07-03 17:07 . 2010-07-03 17:07 679936 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Security\42b2ffb594dbd5652a576a0dce28722c\System.Security.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 330752 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Management.I#\e6bd59fec415e273c173170c6508180a\System.Management.Instrumentation.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 939008 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\90b67e13866b176ae6cbdb23144f724d\System.Data.Services.Client.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 354816 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Service#\131a477d41a8669b15696128b94c2636\System.Data.Services.Design.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 756736 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity.#\d4990681ce373d81a52b231ee4c4afea\System.Data.Entity.Design.ni.dll
+ 2010-07-03 17:07 . 2010-07-03 17:07 135680 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.DataSet#\9e9d66a3a0e16fceead505c25af569eb\System.Data.DataSetExtensions.ni.dll
+ 2010-07-03 17:07 . 2010-07-03 17:07 971264 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Configuration\631b3eba1ba5bd3c3f027f34011cadeb\System.Configuration.ni.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 839680 c:\windows\assembly\GAC_MSIL\System.Web.Services\2.0.0.0__b03f5f7f11d50a3a\System.Web.Services.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 835584 c:\windows\assembly\GAC_MSIL\System.Web.Mobile\2.0.0.0__b03f5f7f11d50a3a\System.Web.Mobile.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 114688 c:\windows\assembly\GAC_MSIL\System.ServiceProcess\2.0.0.0__b03f5f7f11d50a3a\System.ServiceProcess.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 258048 c:\windows\assembly\GAC_MSIL\System.Security\2.0.0.0__b03f5f7f11d50a3a\System.Security.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 131072 c:\windows\assembly\GAC_MSIL\System.Runtime.Serialization.Formatters.Soap\2.0.0.0__b03f5f7f11d50a3a\System.Runtime.Serialization.Formatters.Soap.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 303104 c:\windows\assembly\GAC_MSIL\System.Runtime.Remoting\2.0.0.0__b77a5c561934e089\System.Runtime.Remoting.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 258048 c:\windows\assembly\GAC_MSIL\System.Messaging\2.0.0.0__b03f5f7f11d50a3a\System.Messaging.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 372736 c:\windows\assembly\GAC_MSIL\System.Management\2.0.0.0__b03f5f7f11d50a3a\System.Management.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 626688 c:\windows\assembly\GAC_MSIL\System.Drawing\2.0.0.0__b03f5f7f11d50a3a\System.Drawing.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 401408 c:\windows\assembly\GAC_MSIL\System.DirectoryServices\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 188416 c:\windows\assembly\GAC_MSIL\System.DirectoryServices.Protocols\2.0.0.0__b03f5f7f11d50a3a\System.DirectoryServices.Protocols.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-07-03 15:43 . 2010-07-03 15:43 970752 c:\windows\assembly\GAC_MSIL\System.Deployment\2.0.0.0__b03f5f7f11d50a3a\System.Deployment.dll
+ 2010-07-03 15:43 . 2010-07-03 15:43 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 745472 c:\windows\assembly\GAC_MSIL\System.Data.SqlXml\2.0.0.0__b77a5c561934e089\System.Data.SqlXml.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 425984 c:\windows\assembly\GAC_MSIL\System.Configuration\2.0.0.0__b03f5f7f11d50a3a\System.configuration.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 110592 c:\windows\assembly\GAC_MSIL\sysglobl\2.0.0.0__b03f5f7f11d50a3a\sysglobl.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 659456 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 372736 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 110592 c:\windows\assembly\GAC_MSIL\Microsoft.VisualBasic.Compatibility.Data\8.0.0.0__b03f5f7f11d50a3a\Microsoft.VisualBasic.Compatibility.Data.dll
+ 2010-07-03 15:41 . 2010-07-03 15:41 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 749568 c:\windows\assembly\GAC_MSIL\Microsoft.JScript\8.0.0.0__b03f5f7f11d50a3a\Microsoft.JScript.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 655360 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Tasks\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Tasks.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 348160 c:\windows\assembly\GAC_MSIL\Microsoft.Build.Engine\2.0.0.0__b03f5f7f11d50a3a\Microsoft.Build.Engine.dll
+ 2010-07-03 15:40 . 2010-07-03 15:40 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 507904 c:\windows\assembly\GAC_MSIL\AspNetMMCExt\2.0.0.0__b03f5f7f11d50a3a\AspNetMMCExt.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 261632 c:\windows\assembly\GAC_32\System.Transactions\2.0.0.0__b77a5c561934e089\System.Transactions.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 113664 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.Wrapper.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 258048 c:\windows\assembly\GAC_32\System.EnterpriseServices\2.0.0.0__b03f5f7f11d50a3a\System.EnterpriseServices.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 486400 c:\windows\assembly\GAC_32\System.Data.OracleClient\2.0.0.0__b77a5c561934e089\System.Data.OracleClient.dll
+ 2010-07-01 13:19 . 2010-07-03 18:00 4227072 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2010-07-03 17:51 . 2010-07-03 17:51 3940352 c:\windows\Installer\746298.msi
+ 2010-07-03 15:50 . 2010-07-03 15:50 3325440 c:\windows\assembly\NativeImages_v2.0.50727_32\WindowsBase\d63164ac4ed5adabc6a1b0fdf07eee05\WindowsBase.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 2403328 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Web.Extensio#\f08b3b8cdf548e3dfe61f342536175eb\System.Web.Extensions.ni.dll
+ 2010-07-03 17:06 . 2010-07-03 17:06 1070080 c:\windows\assembly\NativeImages_v2.0.50727_32\System.IdentityModel\ad4fb86064d7a1ebcb9ee997e7208ac1\System.IdentityModel.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 1801216 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Deployment\b81efadfee7702624b713c6d86f7e369\System.Deployment.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 1328128 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Services\5e6311aff5ada83d0f854922fa62faf6\System.Data.Services.ni.dll
+ 2010-07-03 15:55 . 2010-07-03 15:55 2516480 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Linq\c3ba3367d03779ad6e76c5d4cdfe572a\System.Data.Linq.ni.dll
+ 2010-07-03 17:09 . 2010-07-03 17:09 9924096 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Data.Entity\6abf820d8ec57a0561c3367727d274df\System.Data.Entity.ni.dll
+ 2010-07-03 15:54 . 2010-07-03 15:54 2295296 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Core\e98726349766935ec0e9b980f19a046a\System.Core.ni.dll
+ 2010-07-03 15:54 . 2010-07-03 15:54 2128896 c:\windows\assembly\NativeImages_v2.0.50727_32\ReachFramework\57abb757c1f38586390dcc63bf056322\ReachFramework.ni.dll
+ 2010-07-03 15:54 . 2010-07-03 15:54 1657856 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationUI\0095ba60255d4addaf5b8ebee697a027\PresentationUI.ni.dll
+ 2010-07-03 17:07 . 2010-07-03 17:07 1966080 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\c96be82d6cb00367db4e3553272165ef\Microsoft.Build.Tasks.v3.5.ni.dll
+ 2010-07-03 17:07 . 2010-07-03 17:07 1620992 c:\windows\assembly\NativeImages_v2.0.50727_32\Microsoft.Build.Tas#\3815de5b052187b5d9375681a6784255\Microsoft.Build.Tasks.ni.dll
+ 2010-07-03 15:43 . 2010-07-03 15:43 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 3182592 c:\windows\assembly\GAC_MSIL\System\2.0.0.0__b77a5c561934e089\System.dll
+ 2010-07-03 15:43 . 2010-07-03 15:43 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 2048000 c:\windows\assembly\GAC_MSIL\System.Xml\2.0.0.0__b77a5c561934e089\System.XML.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
+ 2010-07-03 15:40 . 2010-07-03 15:40 5025792 c:\windows\assembly\GAC_MSIL\System.Windows.Forms\2.0.0.0__b77a5c561934e089\System.Windows.Forms.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
+ 2010-07-03 15:40 . 2010-07-03 15:41 5062656 c:\windows\assembly\GAC_MSIL\System.Design\2.0.0.0__b03f5f7f11d50a3a\System.Design.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
+ 2010-07-03 15:39 . 2010-07-03 15:40 5242880 c:\windows\assembly\GAC_32\System.Web\2.0.0.0__b03f5f7f11d50a3a\System.Web.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-07-03 15:43 . 2010-07-03 15:43 2933248 c:\windows\assembly\GAC_32\System.Data\2.0.0.0__b77a5c561934e089\System.Data.dll
+ 2010-07-03 15:42 . 2010-07-03 15:42 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
- 2010-06-23 15:31 . 2010-06-23 15:31 4546560 c:\windows\assembly\GAC_32\mscorlib\2.0.0.0__b77a5c561934e089\mscorlib.dll
+ 2010-07-03 15:55 . 2010-07-03 15:55 12430848 c:\windows\assembly\NativeImages_v2.0.50727_32\System.Windows.Forms\2dfe045e4b1577fdea9a2f456db0afc2\System.Windows.Forms.ni.dll
+ 2010-07-03 17:07 . 2010-07-03 17:07 17403904 c:\windows\assembly\NativeImages_v2.0.50727_32\System.ServiceModel\8b74f2fe3f3632f95ff4ddb8c4839a1e\System.ServiceModel.ni.dll
+ 2010-07-03 15:54 . 2010-07-03 15:54 14328320 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationFramewo#\560662ada034afb6ec78a152bd9a47b5\PresentationFramework.ni.dll
+ 2010-07-03 15:51 . 2010-07-03 15:51 12215808 c:\windows\assembly\NativeImages_v2.0.50727_32\PresentationCore\9f5dff344ac6ac923b5ade8ba1ab9382\PresentationCore.ni.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched "= "c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-02-18 248040]
"Adobe Reader Speed Launcher "= "c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-12-22 35760]
"Adobe ARM "= "c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2009-12-11 948672]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache "= 1 (0x1)
"ForceStartMenuLogOff "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoThumbnailCache "= 1 (0x1)
"ForceStartMenuLogOff "= 1 (0x1)
"NoResolveTrack "= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
2009-12-22 08:57 35760 ----a-w- c:\program files\Adobe\Reader 9.0\Reader\reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Aim6]
2009-07-09 20:07 49968 ----a-w- c:\program files\AIM6\aim6.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ctfmon.exe]
2004-08-04 12:00 15360 ----a-w- c:\windows\system32\ctfmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DAEMON Tools Lite]
2009-04-23 13:51 691656 ----a-w- c:\program files\DAEMON Tools Lite\daemon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2010-03-05 15:32 1135912 ----a-w- c:\program files\DivX\DivX Update\DivXUpdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxhkcmd]
2005-09-20 01:32 77824 ----a-w- c:\windows\system32\hkcmd.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxpers]
2005-09-20 01:36 114688 ----a-w- c:\windows\system32\igfxpers.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\igfxtray]
2005-09-20 01:35 94208 ----a-w- c:\windows\system32\igfxtray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\McAfeeUpdaterUI]
2007-10-25 02:04 136512 ----a-w- c:\program files\McAfee\Common Framework\UdaterUI.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
2009-07-26 08:44 3883856 ----a-w- c:\program files\Windows Live\Messenger\msnmsgr.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
2010-03-18 04:53 421888 ----a-w- c:\program files\QuickTime\QTTask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ShStatEXE]
2007-10-16 12:50 111952 ----a-w- c:\program files\McAfee\VirusScan Enterprise\shstat.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Steam]
2010-02-27 18:06 1217872 ----a-w- c:\program files\Steam\Steam.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2010-05-19 14:37 37888 ----a-w- c:\program files\Winamp\winampa.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"iPod Service "=3 (0x3)
"Bonjour Service "=2 (0x2)
"Apple Mobile Device "=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe "=
"c:\\Program Files\\McAfee\\Common Framework\\FrameworkService.exe "=
"%windir%\\Network Diagnostic\\xpnetdiag.exe "=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe "=
"c:\\Program Files\\AIM6\\aim6.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe "=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe "=
"c:\\Program Files\\Steam\\Steam.exe "=
"c:\\Program Files\\Steam\\steamapps\\289045\\counter-strike\\hl.exe "=
"c:\\Documents and Settings\\Administrator\\Desktop\\adobe indesign cs3 portable\\Thinstall\\InDesign CS3 Data\\4000005800003i\\mDNSResponder.exe "=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"56657:TCP "= 56657:TCPando Media Booster
"56657:UDP "= 56657:UDPando Media Booster

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [8/19/2009 6:43 PM 24652]
S4 sptd;sptd;c:\windows\system32\drivers\sptd.sys [10/9/2009 7:28 PM 721904]
.
Contents of the 'Scheduled Tasks' folder

2010-07-03 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-08-27 05:18]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.114la.com/index.htm
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
IE: Save YouTube Video as MP3 - c:\program files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll/scriptY2MP3.htm
FF - ProfilePath - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\
FF - prefs.js: browser.search.selectedEngine - Search the Web
FF - prefs.js: keyword.URL - hxxp://serp.freecause.com/?sid=61293&cuid=&userid=35923043&q=
FF - component: c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{01f5f98c-2a8f-4a1b-b41a-86cd610235d2}\components\Engine.dll
FF - component: c:\program files\Common Files\DVDVideoSoft\Dll\FFContextMenuY\components\FFContextMenu.dll
FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll
FF - plugin: c:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npPandoWebInst.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npwachk.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "ui.use_native_colors ", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "network.auth.force-generic-ntlm ", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref( "svg.smil.enabled ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref ", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.renego_unrestricted_hosts ", " ");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.treat_unsafe_negotiation_as_broken ", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref( "security.ssl.require_safe_negotiation ", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description ", "chrome://browser/locale/browser.properties ");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref( "plugins.update.notifyUser ", false);
.
- - - - ORPHANS REMOVED - - - -

MSConfigStartUp-SunJavaUpdateSched - c:\program files\Java\jre6\bin\jusched.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-07-03 11:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\.Default\Software\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2]
@DACL=(02 0000)
.
Completion time: 2010-07-03 11:15:26
ComboFix-quarantined-files.txt 2010-07-03 18:15
ComboFix2.txt 2010-07-03 05:52

Pre-Run: 10,974,375,936 bytes free
Post-Run: 11,007,320,064 bytes free

- - End Of File - - 56FFE9CF9B53FF73D7B87259A1E79A4A

broni · 2010/07/03

How is iexplore.exe issue?

Uninstall Combofix:
Go Start > Run [Vista users, go Start> "Start search"]
Type in:
Combofix /Uninstall
Note the space between the "Combofix" and the "/Uninstall "
Click OK (Vista users - press Enter).
Restart computer.

=============================================================

Download OTL to your Desktop.

* Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
* Under the Custom Scan box paste this in:

netsvcs
drivers32 /all
%SYSTEMDRIVE%\*.*
%systemroot%\system32\Spool\prtprocs\w32x86\*.dll
%systemroot%\system32\*.wt
%systemroot%\system32\*.ruy
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\system32\spool\prtprocs\w32x86\*.tmp
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\system32\*.dll /lockedfiles
%systemroot%\Tasks\*.job /lockedfiles
%systemroot%\System32\config\*.sav
%systemroot%\system32\user32.dll /md5
%systemroot%\system32\ws2_32.dll /md5
%systemroot%\system32\ws2help.dll /md5
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs

* Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.

Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

bartdude59 · 2010/07/03

iexplore.exe is an issue because it keeps popping up asking me to make Internet Explorer my default browser, even though I don't use it. When I end iexplore.exe on Windows Task Manager, it comes up again and asks me to make Internet Explorer my default browser. If I leave it alone for a while, it gives me a popup to websites that I have never been to before. Also, I noticed that whenever it gives me the option to set Internet Explorer as my default browser the Wave volume slide is all the way to the bottom in Volume Control.

Here is OTL.Txt:

OTL logfile created on: 7/3/2010 5:43:22 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.26 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WWW-9D00882762B
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/03 17:42:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2009/07/09 13:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/10/24 19:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/24 19:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/10/16 05:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 05:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe

========== Modules (SafeList) ==========

MOD - [2010/07/03 17:42:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (mnmsrvc)
SRV - [2007/10/24 19:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/16 05:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/10/16 05:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)

========== Driver Services (SafeList) ==========

DRV - [2009/10/09 19:28:41 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/10/16 05:50:00 | 000,171,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/10/16 05:50:00 | 000,072,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/10/16 05:50:00 | 000,064,168 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2007/10/16 05:50:00 | 000,051,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/10/16 05:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/08/08 22:19:24 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/04 05:00:00 | 000,003,799 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\wbem\sr.mof -- (sr)
DRV - [2004/08/03 16:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.114la.com/index.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web "
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {01f5f98c-2a8f-4a1b-b41a-86cd610235d2}:1.300.306
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://serp.freecause.com/?sid=61293&cuid=&userid=35923043&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 00:04:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 10:51:17 | 000,000,000 | ---D | M]

[2009/08/20 02:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/08/20 02:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/03 11:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions
[2010/06/10 13:09:53 | 000,000,000 | ---D | M] (vDream Racing) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{01f5f98c-2a8f-4a1b-b41a-86cd610235d2}
[2010/03/21 09:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/04/28 18:29:25 | 000,000,000 | ---D | M] (Lockerz Wave Updater Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}
[2009/08/20 18:05:55 | 000,000,000 | ---D | M] (RulerDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{6ce6f000-9b3c-11dd-ad8b-0800200c9a66}
[2010/04/15 15:16:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 19:58:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/06 17:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\autofillForms@blueimp.net
[2010/06/13 13:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\FasterFox_Lite@BigRedBrent
[2010/03/21 09:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\info@djzig.com
[2010/04/15 15:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\personas@christopher.beard
[2010/06/10 13:10:24 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\searchplugins\search-the-web.xml
[2010/07/03 10:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 10:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/03 10:34:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/19 19:24:01 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2010/05/19 07:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/07/03 11:12:39 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetopenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/10 10:57:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2008/01/10 10:57:07 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: midi - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: midimapper - C:\WINDOWS\System32\midimap.dll (Microsoft Corporation)
Drivers32: mixer - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\System32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imaadpcm - C:\WINDOWS\System32\imaadp32.acm (Microsoft Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.msadpcm - C:\WINDOWS\System32\msadp32.acm (Microsoft Corporation)
Drivers32: msacm.msaudio1 - C:\WINDOWS\System32\msaud32.acm (Microsoft Corporation)
Drivers32: msacm.msg711 - C:\WINDOWS\System32\msg711.acm (Microsoft Corporation)
Drivers32: msacm.msgsm610 - C:\WINDOWS\System32\msgsm32.acm (Microsoft Corporation)
Drivers32: msacm.siren - C:\WINDOWS\System32\sirenacm.dll (Microsoft Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.FLV4 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.I420 - msh263.drv File not found
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.iyuv - C:\WINDOWS\System32\iyuv_32.dll (Microsoft Corporation)
Drivers32: vidc.mrle - C:\WINDOWS\System32\msrle32.dll (Microsoft Corporation)
Drivers32: vidc.msvc - C:\WINDOWS\System32\msvidc32.dll (Microsoft Corporation)
Drivers32: vidc.uyvy - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.VP60 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP61 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP62 - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP6F - C:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.vp70 - C:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: vidc.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yuy2 - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvu9 - C:\WINDOWS\System32\tsbyuv.dll (Microsoft Corporation)
Drivers32: vidc.yvyu - C:\WINDOWS\System32\msyuv.dll (Microsoft Corporation)
Drivers32: wave - C:\WINDOWS\System32\wdmaud.drv (Microsoft Corporation)
Drivers32: wavemapper - C:\WINDOWS\System32\msacm32.drv (Microsoft Corporation)
SystemRestore not available.

========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 17:42:24 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/03 17:30:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/03 11:16:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/03 10:44:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/03 10:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/03 10:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/03 08:28:25 | 000,000,000 | ---D | C] -- C:\bd6722133f59f635255ec2c4abd3
[2010/07/02 22:37:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/02 22:29:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/01 22:28:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/01 16:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Comic Maker 3
[2010/07/01 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\wangan midnight
[2010/07/01 11:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PntHJan08
[2010/07/01 09:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ROP projects
[2010/06/30 19:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\240sx
[2010/06/20 15:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bleach
[2010/06/15 12:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LRC
[2010/06/11 14:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\cps3
[2010/05/31 21:35:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/31 20:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/05/31 20:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/25 16:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder1
[2010/05/25 16:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/05/23 18:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/05/23 18:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2010/05/02 18:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\phone
[2010/04/30 07:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\VBA-M
[2010/04/30 06:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\VBA
[2010/04/23 22:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AIMLogger
[2010/04/19 20:04:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/07/03 17:42:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/03 17:36:44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 17:33:40 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/03 17:33:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/03 11:12:55 | 000,000,356 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/03 11:12:39 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/07/03 10:57:59 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/03 09:19:29 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/07/03 09:18:44 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/07/03 08:52:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/07/03 08:45:38 | 000,492,072 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 08:45:38 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 08:45:38 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 22:37:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/02 22:05:19 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/02 11:11:56 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/07/02 09:35:52 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/02 09:00:58 | 000,000,444 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/02 09:00:58 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/07/02 08:09:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 07:04:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 21:11:47 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 09:09:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/10 12:31:04 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/02 16:53:53 | 002,119,228 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1271702011_BMWM3E92.rar
[2010/05/31 19:40:00 | 000,190,757 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GTA-SA-GarageEdit-v1.zip
[2010/05/30 17:10:02 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defraggler.lnk
[2010/05/30 14:54:05 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/05/30 00:17:30 | 000,469,886 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1266846040_VeichleSpawner.rar
[2010/05/23 18:26:00 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/05/23 17:30:04 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/05/16 21:51:39 | 000,000,175 | ---- | M] () -- C:\WINDOWS\GSdx9.INI
[2010/05/08 16:46:16 | 000,044,494 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 15:29:53 | 000,028,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/07/03 09:19:27 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/07/03 09:18:43 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/07/02 22:37:14 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/07/02 22:37:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/02 22:05:18 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/02 11:11:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/07/02 09:35:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/05 16:42:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/02 16:53:42 | 002,119,228 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1271702011_BMWM3E92.rar
[2010/05/31 19:39:53 | 000,190,757 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GTA-SA-GarageEdit-v1.zip
[2010/05/30 00:17:21 | 000,469,886 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1266846040_VeichleSpawner.rar
[2010/05/23 18:26:00 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/05/16 21:51:25 | 000,000,175 | ---- | C] () -- C:\WINDOWS\GSdx9.INI
[2010/05/08 16:46:15 | 000,044,494 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2009/08/27 05:40:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL
[2009/08/19 03:21:04 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/10 09:25:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/30 14:28:06 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2008/03/30 12:22:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 23:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/31 23:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/05/26 06:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/03 05:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2003/05/14 23:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== LOP Check ==========

[2009/08/19 18:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2009/08/19 19:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CopyTrans
[2009/11/26 08:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/11/27 00:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/04/30 07:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VBA-M
[2009/10/22 07:07:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Viewpoint
[2009/08/19 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2009/08/19 18:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/08/27 05:50:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/16 22:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/19 22:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2009/08/24 00:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/08/19 18:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/19 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/10/27 00:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/19 19:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/03 08:52:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/01/10 10:57:37 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/07/02 09:00:58 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/07/02 22:37:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2010/07/03 11:15:27 | 000,038,753 | ---- | M] () -- C:\ComboFix.txt
[2008/01/10 10:57:37 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2008/01/10 10:57:37 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/08/19 18:43:22 | 000,000,365 | -H-- | M] () -- C:\IPH.PH
[2009/08/19 21:45:57 | 000,246,796 | ---- | M] () -- C:\ituneslib.itl
[2008/01/10 10:57:37 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/07/03 17:36:35 | 805,306,368 | -HS- | M] () -- C:\pagefile.sys
[2010/07/02 22:12:54 | 000,000,996 | ---- | M] () -- C:\rkill.log
[2009/08/19 03:52:07 | 000,001,645 | ---- | M] () -- C:\Storm Codec.lnk

< %systemroot%\system32\Spool\prtprocs\w32x86\*.dll >
[2003/02/27 22:00:00 | 000,016,384 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPD50.DLL
[2003/02/27 22:00:00 | 000,046,080 | ---- | M] (CANON INC.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\CNMPP50.DLL

< %systemroot%\system32\*.wt >

< %systemroot%\system32\*.ruy >

< %systemroot%\Fonts\*.com >
[2006/04/18 00:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/28 23:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 00:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/28 23:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\system32\spool\prtprocs\w32x86\*.tmp >

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2004/08/04 05:00:00 | 000,033,280 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\cryptdll.dll
[2006/05/19 05:59:41 | 000,094,720 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\iphlpapi.dll
[2004/08/04 05:00:00 | 000,071,680 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msacm32.dll
[2007/04/18 09:12:23 | 002,854,400 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msi.dll
[2007/08/13 03:54:10 | 000,156,160 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msls31.dll
[2004/08/04 05:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\msvcrt40.dll
[2004/08/04 05:00:00 | 000,236,544 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasapi32.dll
[2004/08/04 05:00:00 | 000,061,440 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rasman.dll
[2004/08/04 05:00:00 | 000,044,032 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\rtutils.dll
[2004/08/04 05:00:00 | 000,006,656 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sensapi.dll
[2006/10/19 06:56:32 | 000,713,216 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\sxs.dll
[2004/08/04 05:00:00 | 000,181,760 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\tapi32.dll
[2004/08/04 05:00:00 | 002,897,920 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\xpsp2res.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2008/01/10 02:47:39 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2008/01/10 02:47:39 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2008/01/10 02:47:39 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\user32.dll /md5 >
[2007/03/08 08:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\user32.dll

< %systemroot%\system32\ws2_32.dll /md5 >
[2004/08/04 05:00:00 | 000,082,944 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2_32.dll

< %systemroot%\system32\ws2help.dll /md5 >
[2004/08/04 05:00:00 | 000,019,968 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\ws2help.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Here's Extra.Txt:

OTL Extras logfile created on: 7/3/2010 5:43:22 PM - Run 1
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 300.00 Mb Available Physical Memory | 59.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 81.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.26 Gb Free Space | 13.77% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WWW-9D00882762B
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"56657:TCP" = 56657:TCP:*:Enabledando Media Booster
"56657:UDP" = 56657:UDP:*:Enabledando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002
"56657:TCP" = 56657:TCP:*:Enabledando Media Booster
"56657:UDP" = 56657:UDP:*:Enabledando Media Booster

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabledando Media Booster -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\McAfee\Common Framework\FrameworkService.exe" = C:\Program Files\McAfee\Common Framework\FrameworkService.exe:*:Enabled:McAfee Framework Service -- (McAfee, Inc.)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Steam\Steam.exe" = C:\Program Files\Steam\Steam.exe:*:Enabled:Steam -- (Valve Corporation)
"C:\Program Files\Steam\steamapps\289045\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\289045\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)
"C:\Documents and Settings\Administrator\Desktop\adobe indesign cs3 portable\Thinstall\InDesign CS3 Data\4000005800003i\mDNSResponder.exe" = C:\Documents and Settings\Administrator\Desktop\adobe indesign cs3 portable\Thinstall\InDesign CS3 Data\4000005800003i\mDNSResponder.exe:*:Enabled:mDNSResponder -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35C03C04-3F1F-42C2-A989-A757EE691F65}" = McAfee VirusScan Enterprise
"{3B4E636E-9D65-4D67-BA61-189800823F52}" = Windows Live Communications Platform
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Extreme Graphics 2 Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A8B94669-8654-4126-BD28-D0D2412CDED6}" = TI Connect 1.6
"{AC76BA86-7AD7-1033-7B44-A93000000001}" = Adobe Reader 9.3
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D642E38E-0D24-486C-9A2D-E316DD696F4B}" = Microsoft XML Parser
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"7-Zip" = 7-Zip 4.65
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"AIM_6" = AIM 6
"CCleaner" = CCleaner
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"ComicMaker3" = Æ’RÆ’~Æ’bÆ’NÆ’[Æ’J[â€šRÆ’â€°Æ’â€œÆ’^Æ’CÆ’â‚¬
"Defraggler" = Defraggler
"DivX Setup.divx.com" = DivX Setup
"FLV Player" = FLV Player 2.0 (build 25)
"Free Audio CD Burner_is1" = Free Audio CD Burner version 1.2
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LHTTSENG" = L&H TTS3000 British English
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel(R) Network Connections Drivers
"Shockwave" = Shockwave
"Steam App 10" = Counter-Strike
"Storm Codec 5" = Storm Codec
"SystemRequirementsLab" = System Requirements Lab
"Uninstall_is1" = Uninstall 1.0.0.1
"ViewpointMediaPlayer" = Viewpoint Media Player
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinRAR archiver" = WinRAR archiver

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ System Events ]
Error - 7/3/2010 1:59:33 PM | Computer Name = WWW-9D00882762B | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126

Error - 7/3/2010 2:00:04 PM | Computer Name = WWW-9D00882762B | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%126

Error - 7/3/2010 8:29:57 PM | Computer Name = WWW-9D00882762B | Source = Service Control Manager | ID = 7000
Description = The System Restore Filter Driver service failed to start due to the
following error: %%2

Error - 7/3/2010 8:29:57 PM | Computer Name = WWW-9D00882762B | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/3/2010 8:29:57 PM | Computer Name = WWW-9D00882762B | Source = Service Control Manager | ID = 7000
Description = The System Restore Filter Driver service failed to start due to the
following error: %%2

Error - 7/3/2010 8:29:57 PM | Computer Name = WWW-9D00882762B | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/3/2010 8:37:42 PM | Computer Name = WWW-9D00882762B | Source = SRService | ID = 104
Description = The System Restore initialization process failed.

Error - 7/3/2010 8:38:48 PM | Computer Name = WWW-9D00882762B | Source = Service Control Manager | ID = 7023
Description = The Help and Support service terminated with the following error:
%%126

Error - 7/3/2010 8:38:48 PM | Computer Name = WWW-9D00882762B | Source = Service Control Manager | ID = 7023
Description = The System Restore Service service terminated with the following error:
%%2

Error - 7/3/2010 8:42:59 PM | Computer Name = WWW-9D00882762B | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

< End of report >

broni · 2010/07/03

Unless you installed Viewpoint Manager knowledgeably...
Go Start>Control Panel>Add\Remove (Programs and Features in Vista), and...
Uninstall any of the following programs associated with Viewpoint:
* Viewpoint Manager
* Viewpoint Media Player
* Viewpoint Toolbar
This program does not do anything bad such as deliver ads or spy on you, but it is considered foistware ( "drive-by-install ") as it is installed without your consent through programs like AOl, AIM, Compuserve, etc.

==============================================================

Are you familiar with this site?
http://www.114la.com/index.htm
It's set as your IE home page.

=============================================================

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.


:Services

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
 "139:TCP" =-
 "445:TCP" =-
 "137:UDP" =-
 "138:UDP" =-

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

bartdude59 · 2010/07/03

I've uninstalled Viewpoint Manager.
I am not familiar with that site you posted.

Note: When I rebooted my computer, as the login screen was about to load, I came to an error. I had to hold the power button to restart in the last best known configuration.

lsass.exe - Application Error
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.

Here's the log after the reboot:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameter s\FirewallPolicy\StandardProfile\GloballyOpenPorts\List not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 3584189 bytes
->Temporary Internet Files folder emptied: 142043 bytes
->Java cache emptied: 2027 bytes
->FireFox cache emptied: 51354320 bytes
->Google Chrome cache emptied: 104375765 bytes
->Flash cache emptied: 78592 bytes

User: All Users

User: Asdf
->Temp folder emptied: 6075759 bytes
->Temporary Internet Files folder emptied: 6241797 bytes
->FireFox cache emptied: 54788449 bytes
->Flash cache emptied: 1668 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 405 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 34030506 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64245768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 24445449 bytes
RecycleBin emptied: 1830 bytes

Total Files Cleaned = 333.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Asdf
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 07032010_185010

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PS33HEAJ\pixel[2].gif moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PQGHQ6LN\1[timestamp]@x90[2].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PQGHQ6LN\FHTUNXCA75QZNXCANSZL9VCAHT9PYVCAX3AE8KCA0PRGI8CAMP2QEFCAPCHK6ICA7R50UJCADYL78WCAO4QDKSCA1GCMQTCACJJ4ODCACE0816CA2BDCUUCAWJ52SECAS2UBCNCA9XYCENCA46U3UM.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PQGHQ6LN\PSCAIF4VGWCA4J7HNZCAAT55L9CA0WHGNMCA7DVXWTCAM2N3WFCAW727DMCA4OXLQXCAGCRHCPCA35V5SECAUJJY1GCAACQXVYCAARTFHSCA15MTQACAA41TKECA6PRKS6CAO88KZ8CARJHRUDCAPFH9LZ moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\PQGHQ6LN\RLG7I9CA0TL2QRCADM8NJ0CAD8VXC5CAVOXFY0CAIEE39LCAX5X2YACAQF3DT8CAM6IIDUCAGY3CIDCA6BYOWBCAKQ7NSSCADBAL77CA6WXLZFCA20ETFXCAOXMECGCALGJCZRCAO6NA8ECACI1OI2.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\4YA0K7CAHJ9GCWCARWC45FCAJGF906CA48WMJHCA4T9TYKCAL5AYQCCAZXXUOECA33A9QMCAW3TWSZCAFIE9PMCAN1YPXBCACQBC4CCAAL0L7KCAUH9CVVCAP6LDF5CAWGPE3ACADJE64NCA8WG9WN.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\64CAKLLJO9CAVH1NAYCAPE26X6CASRRMO7CA7W67NRCAL2I7JJCAHIVJP7CA01GV2ACAY0OX2QCA1GPF3YCAXFDJ0ACAJOBIITCADA9F1WCAP8YTSFCAJWGNWSCAEAX7OHCAWQR9J9CA7BHSVDCAO42GCQ moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\6VV4XACAUHQ5ELCAI3NKMLCA1Q71A6CAOGROZHCAKF9581CAGR3EV1CA49HPWSCAR0PWOACAWVFN69CA4N10YRCAM1C77KCA9DK9G6CAJZ2NPBCAIH9Y81CATBGU7NCADPFQLPCA34X08PCAH535C1.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\7FLMKACANB4U3DCAELZ4P3CAYZU4XTCAOVM746CARII6ZVCA4PE39UCAU8DW01CAYT3A34CAEXU3SICA2E0NTFCA981DVVCAT1TU2RCAHZ6HWGCA5BUBNHCAY14390CAMG07NWCA0EURGZCAZCUWLQ.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\CTCA7QUCWDCA37NWUHCAY28TUZCACK0VQ8CAHBDUAGCAOXB3EHCAALDJ7DCAAFO24HCA3D3JZ2CAHW7ARHCASWV74RCAECQLBVCALC1E0ZCAMTR2PQCA39MZKYCAR5UZEUCAIC1920CAPMM9N8CA5EXGRO moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\E8UY5MCAB0XUOJCAUZNJTLCAEW2TLGCATKCZUXCAVM6S8LCAI7SO14CA3AI1FXCANNIH36CAXX5Z6QCAA3QP26CA831K6FCA1RR9ZVCAN25J74CAT11CVRCANH3LGWCAD5O2FQCAF629KXCAODDRAZ.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\G3CA5Q1UEKCAT2NKONCAXFB32CCADSMDIDCATR78R3CAMPI4QZCADBSWQRCAWMXZ0OCAUGKTXBCAF9MCT0CAFMWRKTCA5OTXQYCA9O04LHCAWBHXGCCA8PGFGKCA796NXVCANU6ZS3CADG2B9SCAPZ5YG0 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\G7CAW5UG3GCAPFJNJHCAKEXG08CAZY45HDCAJTLIAECA7P14VJCATFUK5RCA1W1TBLCANKBD62CAB7OQ63CA14P0Z1CAQWC3A2CA4ZVDGMCAWCT5UZCALU0RB4CAAXUBM8CA7PI5CECA2HIL42CAH7C0SH moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\JGCAVSVBJ3CAPRP8ODCAWSEKWNCAH92SDHCA03T3A4CADDLHHYCATDB511CASSY8V1CABLX6CACAF9UOU0CATRSOLRCAMJZS4ACAH6TDFICAA4R9SECA123VK3CAQWSSW8CAUKFZKPCAG4LWW2CA34GVCS moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\QJCAWPPUW9CAW539D5CARU4EW8CATBV5R3CAX96L80CASRLEKMCA4GRVB2CAD5ACJPCAB940DKCAPCLO65CAXNWUBLCA356SGSCAL25HQCCAHM8GRBCAUUKIZNCAWTFF00CAD2ATPNCAUFXXX9CAGX7ETN moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\st[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\VVBML6CATY4UU8CAG2N7AZCAWE8G0ECA21U9U8CAX2P6JUCAHBKM1BCAH3H5S6CAR2WRWTCAZVGO5YCA0MU8EDCAYX1HPNCAJU603WCADVSVDWCAKY1I3QCA04MDIXCAY1MKHZCAFAI916CAC7H7FK.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BR117HVJ\W9BVKGCA529LOYCAGCBO1HCA1CJT0WCA21VZTTCAJDB33MCAXYBOKLCAP9ISP0CA5VCYIRCAUAQB8NCAYVPHC3CAD83KUZCAY3E7M6CANDN1MICAERWS67CA032SZYCARUINLTCANE4L48CAIO3E3Z.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\385OKXCA1JC9H6CAUWQ0KKCA5IJODACA037WWYCALJS9LHCAVPO604CAH64MNJCA5VV9QVCAI2MI0GCALYNUR6CAAUTN1UCAYYTJ27CAUBQZW7CAS0BGESCAI7TERZCAJNM9U8CAVLH9UGCANWNSNJ.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\4A0D6LCAERRW26CACJNFDKCA4GCTNRCALUGB12CAK0GJN7CA2DONMDCAH5Z45TCA9QAXZ7CAHRDGAYCABMC2EECA1ZUS82CAA069R3CAK0C2NOCA2G9JR0CAE9D71NCAX96A92CAUIE1W9CAGXYBEH.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\afr[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\afr[2].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\GWCAPZEZ3QCAUZXZ73CAZFYHA4CAZBVXYMCAD0AZ2JCAGY5HBNCAV2RX0WCA29INWACA8RK5CACA8KGQ0RCA1OKGMMCADFT8FPCAC2VJZNCASQFPBVCA6J15HICAES83DACAPOTZUFCANDSLHXCABSO9VQ moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\MECAPP0ONECA4E2P9ICAHNXB8SCA94TL5DCA3H6PQUCAEXWBNICAIRHZ9ICAQEK8M0CA2K223KCAZ3Q6N6CAS3SXO5CAD9A1YSCA21L9KECANNAN3PCAFFFVA8CA8QD7LTCA7VCZD9CAE1J9UXCAQY7O8R moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\prep_ct[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\st moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\st[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\st[2].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\st[3].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\TXCAFX9E52CAN4JLK9CA7N30HBCA5XMYJFCANLXX7KCA3DR6CFCAOS6EW9CAMMLNTNCAZ6NNI5CAZ1HC6XCAX1D4AMCAI5URFVCAF9Z6RUCAU5C7PNCAKUVZ2HCATQV2DHCAVE849YCA0AO4H5CAJ01YD1 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\U7CA5MBA9OCA500UM1CA38OMYCCA50N6CNCAQ3CIC5CA06ZH20CA3SJO9SCAWSCT6CCAW0BI5GCA28P28RCA62A112CAQVHHHTCA4A9746CAZ0PKH4CABP2LFECAWGFIHVCA5VUGFHCAZBTGJUCA8MSYI6 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\XZCAU9AZV0CABL94AACARX133KCA3N85EICAN8QPL2CA8EZ0B0CAB9SB6ACAZ7CFMKCASIGAY5CA2D3IYRCAWCCX74CAARVOU5CAIHTFHDCAO4J16ICAYG54WKCA1UQQRICAHWVZ6WCALCACI5CABO0ABV moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\AQ4BY5BF\ZYCADVRQWOCAXPO97ICA4SCWPCCAEP5H0CCA31O3H1CAWJPNLDCAH1HIARCA2I6Y39CAX8ES0GCATB0SUFCAV60FS0CAHUO6XKCAQPKD21CA1G7R63CA0VM7QJCA2OG1U6CASCB1S3CAT10PKXCACDGEOU moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\160600ad[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\1CCAKNDOX2CAWAE01YCAMHOCITCATBOCFJCAPIXIINCAASXK10CAFIMACRCAV58WY4CADP3Q42CARR0JEYCAN4Y9O5CAAC5APJCA066EP7CAAXLXQKCAOMKTHICAU26GLECA2PHQFLCAIWTGH4CAFB2X3T moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\5P4IQVCAFSGG4HCAYWIFCNCAKVEN2OCAVQDOIKCAFC0XTDCAXRHRN1CA24XXQ8CA2MSY54CAFZO5RWCA2HK2U2CA4LFMJQCAAXX4V0CA0F8A1VCADZWCXWCADURJ9VCA4YGVDACAPVK3GKCAQCRA4V.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\AICAAS16OTCAPFAEPZCA8224B2CA1WVBVCCA0PU7F6CAN5XD0LCAAVRZ4ICAEVTN08CAG07UU3CAJZBKMHCAS3U4X7CA6H6ZCKCAO693GBCAG37YPZCAHR5ME5CARV85H4CAVVELOSCAGWD8UVCAEMS0F2 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\clkurl=;ord=1976588404[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\FHCA6AB5BJCANA4XADCALS9MFOCAP5U2VCCAX2PYSSCA8HA5BZCAWQQI3FCAGGC2L9CA5L5HSWCA8L68PPCAFFQ48WCABG5URSCAMSPVGVCAFGU85GCAXOZ1OLCAX67CCNCAW06B7VCAHK8IL6CA8917GA moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\GOCA6BONKYCA4NTYQMCA3DKH08CAHK73TECAPCD5R3CAGU39KQCAK2937KCAEZJV2BCADEA6ZPCAS6LXVACAH4UCP8CAWK9D5WCACW0NIMCA7MG0V1CA3D6K1HCAX32IUQCASN8F8XCA0B93UTCAP333G1 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\GQCATDWXO7CAAN8CC5CAAWG8T8CA44S36UCAQX6AVOCA6ZLIBUCA7VIGXZCA6J8W0HCAVJIX0JCAPVOR1PCA0LLKJPCAKYBGYSCAJG0SG8CAML8U29CA5ZUFFZCAK244RBCAR1YH1ZCA1HDA03CAKT88DY moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\RHCAHRRFDHCA4ZW0I7CA8QACN2CA7DS6KECAGICTK8CAI5DSO4CAJB05QICA0MIXG8CA65H0JPCA51HCU1CASEMNYPCA1OR51ZCAQN0G2RCA2TZPYZCA0U5D93CAE4SNVWCARVZD5VCAGX3GK8CARYFMRU moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\RZCAFOFLOQCA561HXECAXKDP3CCAM2CW68CAMN0RB1CA16Y3MJCAH5LODICAIX4A31CA2EWFU2CASWDQX0CAB4KWZFCAMB7R8OCAX2OSVKCAJA2VUQCA2HDVL1CA36X4B3CA1UXR65CAEM7WELCAJXBSSL moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\st[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\W6AUUBCAYBJXLFCAQ399WVCAKCSWNXCAUQJ33GCA7M5YU9CA3CJCNECAXVR54XCAK4ZW3JCAK1F49HCAQ7F1J4CA3OC3J1CALWZB74CA0JIPO6CAPO5ESMCAQNNSF9CAUFDL9ICACBOTOJCA6JKYXB.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\6LPLANE9\Y0CAVHW3TECA3O304ICAB2KR6TCAVEUUG1CAMJDRP3CA8JH1ASCAS0FD9XCAMP5FV6CA74UWJ7CAQ4G6GVCA994V8LCATZ4E3RCAT8Y931CAC27KP3CA9A06M5CAAV12CMCA1P7WUVCA75SS2OCA9H99IL moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

And the log after the quick scan:

OTL logfile created on: 7/3/2010 7:03:26 PM - Run 2
OTL by OldTimer - Version 3.2.7.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 145.00 Mb Available Physical Memory | 28.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 66.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 10.53 Gb Free Space | 14.13% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WWW-9D00882762B
Current User Name: Administrator
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/07/03 17:42:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
PRC - [2010/04/01 10:58:04 | 000,910,296 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/07/09 13:07:14 | 000,049,968 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aim6.exe
PRC - [2008/11/06 10:33:00 | 000,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\AIM6\aolsoftware.exe
PRC - [2007/10/24 19:05:40 | 000,136,512 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
PRC - [2007/10/24 19:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe
PRC - [2007/10/16 05:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
PRC - [2007/10/16 05:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/07/03 17:42:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
MOD - [2006/08/25 08:45:56 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2004/08/04 05:00:00 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Viewpoint Manager Service)
SRV - File not found [Disabled | Stopped] -- -- (mnmsrvc)
SRV - [2007/10/24 19:03:28 | 000,103,744 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\Common Framework\FrameworkService.exe -- (McAfeeFramework)
SRV - [2007/10/16 05:50:00 | 000,144,704 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe -- (McShield)
SRV - [2007/10/16 05:50:00 | 000,054,608 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe -- (McTaskManager)

========== Driver Services (SafeList) ==========

DRV - [2009/10/09 19:28:41 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Disabled | Stopped] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2007/10/16 05:50:00 | 000,171,272 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2007/10/16 05:50:00 | 000,072,680 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2007/10/16 05:50:00 | 000,064,168 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2007/10/16 05:50:00 | 000,051,944 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdik.sys -- (mfetdik)
DRV - [2007/10/16 05:50:00 | 000,033,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2006/08/08 22:19:24 | 000,010,368 | ---- | M] (Silicon Image, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys -- (SiFilter)
DRV - [2004/08/04 05:00:00 | 000,003,799 | ---- | M] () [File_System | Disabled | Stopped] -- C:\WINDOWS\system32\wbem\sr.mof -- (sr)
DRV - [2004/08/03 16:08:22 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/08/03 15:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/04 10:27:56 | 000,049,536 | ---- | M] (Texas Instruments Incorporated) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\tiehdusb.sys -- (TIEHDUSB)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.114la.com/index.htm
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Search the Web "
FF - prefs.js..browser.search.suggest.enabled: false
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: dvscontextmenuy@dvdvideosoft.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.5.3
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.7.3
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.1.3
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {01f5f98c-2a8f-4a1b-b41a-86cd610235d2}:1.300.306
FF - prefs.js..extensions.enabledItems: FasterFox_Lite@BigRedBrent:3.8.2Lite
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://serp.freecause.com/?sid=61293&cuid=&userid=35923043&q= "

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/07/02 00:04:15 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/07/03 18:48:31 | 000,000,000 | ---D | M]

[2009/08/20 02:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2009/08/20 02:00:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2010/07/03 11:16:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions
[2010/06/10 13:09:53 | 000,000,000 | ---D | M] (vDream Racing) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{01f5f98c-2a8f-4a1b-b41a-86cd610235d2}
[2010/03/21 09:06:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{07b2a769-ed19-4483-87ce-c643914c9626}
[2010/04/28 18:29:25 | 000,000,000 | ---D | M] (Lockerz Wave Updater Toolbar) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{540cb5e5-8508-4f09-a16b-d36b2b28e74c}
[2009/08/20 18:05:55 | 000,000,000 | ---D | M] (RulerDark) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{6ce6f000-9b3c-11dd-ad8b-0800200c9a66}
[2010/04/15 15:16:12 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/01/30 19:58:12 | 000,000,000 | ---D | M] (Adblock Plus) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2010/05/06 17:18:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\autofillForms@blueimp.net
[2010/06/13 13:08:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\FasterFox_Lite@BigRedBrent
[2010/03/21 09:03:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\info@djzig.com
[2010/04/15 15:16:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\extensions\personas@christopher.beard
[2010/06/10 13:10:24 | 000,001,711 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\6r9s8yds.default\searchplugins\search-the-web.xml
[2010/07/03 10:38:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/03 10:34:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/07/03 10:34:22 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/08/19 19:24:01 | 000,238,776 | ---- | M] (Pando Networks) -- C:\Program Files\Mozilla Firefox\plugins\npPandoWebInst.dll
[2010/05/19 07:38:12 | 000,063,488 | ---- | M] (Nullsoft, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npwachk.dll

O1 HOSTS File: ([2010/07/03 18:53:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\ScriptCl.dll (McAfee, Inc.)
O4 - HKCU..\Run: [Aim6] C:\Program Files\AIM6\aim6.exe (AOL LLC)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowLegacyWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: AllowUnhashedWebView = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoInternetopenWith = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSharedDocuments = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: Intellimenus = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoThumbnailCache = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ForceStartMenuLogOff = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveTrack = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSMHelp = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Save YouTube Video as MP3 - C:\Program Files\Common Files\DVDVideoSoft\Dll\IEContextMenuY.dll (DVSTeam)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.0.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/10 10:57:37 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/07/03 18:50:10 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/07/03 17:42:24 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/03 17:30:51 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/07/03 11:16:15 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/07/03 10:44:18 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/07/03 10:35:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2010/07/03 10:35:23 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Java
[2010/07/03 08:28:25 | 000,000,000 | ---D | C] -- C:\bd6722133f59f635255ec2c4abd3
[2010/07/02 22:37:06 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/07/02 22:29:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/07/01 22:28:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2010/07/01 16:39:48 | 000,000,000 | ---D | C] -- C:\Program Files\Comic Maker 3
[2010/07/01 16:22:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\wangan midnight
[2010/07/01 11:56:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\PntHJan08
[2010/07/01 09:51:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\ROP projects
[2010/06/30 19:39:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\240sx
[2010/06/20 15:00:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Bleach
[2010/06/15 12:27:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\LRC
[2010/06/11 14:25:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\cps3
[2010/05/31 21:35:38 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2010/05/31 20:17:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Apple Computer
[2010/05/31 20:13:23 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/05/25 16:41:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder1
[2010/05/25 16:38:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\New Folder
[2010/05/23 18:25:37 | 000,000,000 | ---D | C] -- C:\Program Files\Winamp Detect
[2010/05/23 18:22:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Winamp
[2010/05/02 18:33:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\phone
[2010/04/30 07:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\VBA-M
[2010/04/30 06:57:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\VBA
[2010/04/23 22:39:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\AIMLogger
[2010/04/19 20:04:26 | 000,000,000 | -H-D | C] -- C:\WINDOWS\PIF

========== Files - Modified Within 90 Days ==========

[2010/07/03 18:56:08 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/07/03 18:53:35 | 006,553,600 | -H-- | M] () -- C:\Documents and Settings\Administrator\NTUSER.DAT
[2010/07/03 18:53:35 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Administrator\ntuser.ini
[2010/07/03 18:53:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2010/07/03 17:42:28 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2010/07/03 11:12:55 | 000,000,356 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/07/03 10:57:59 | 006,291,456 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\IconCache.db
[2010/07/03 09:19:29 | 000,100,908 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/07/03 09:18:44 | 000,867,892 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/07/03 08:52:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\tasks\WGASetup.job
[2010/07/03 08:45:38 | 000,492,072 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/07/03 08:45:38 | 000,435,260 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/07/03 08:45:38 | 000,068,156 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/07/02 22:37:14 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/07/02 22:05:19 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/02 11:11:56 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/07/02 09:35:52 | 000,000,051 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2010/07/02 09:00:58 | 000,000,444 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/07/02 09:00:58 | 000,000,210 | ---- | M] () -- C:\Boot.bak
[2010/07/02 08:09:54 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/07/02 07:04:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/30 21:11:47 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/06/26 09:09:44 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2010/06/10 12:31:04 | 000,131,688 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/02 16:53:53 | 002,119,228 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1271702011_BMWM3E92.rar
[2010/05/31 19:40:00 | 000,190,757 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\GTA-SA-GarageEdit-v1.zip
[2010/05/30 17:10:02 | 000,001,580 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Defraggler.lnk
[2010/05/30 14:54:05 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\CCleaner.lnk
[2010/05/30 00:17:30 | 000,469,886 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1266846040_VeichleSpawner.rar
[2010/05/23 18:26:00 | 000,000,672 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/05/23 17:30:04 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes (2).lnk
[2010/05/16 21:51:39 | 000,000,175 | ---- | M] () -- C:\WINDOWS\GSdx9.INI
[2010/05/08 16:46:16 | 000,044,494 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2010/04/29 15:39:38 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/04/29 15:39:26 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/04/15 15:29:53 | 000,028,136 | ---- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

========== Files Created - No Company Name ==========

[2010/07/03 09:19:27 | 000,100,908 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SystemLook.exe
[2010/07/03 09:18:43 | 000,867,892 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\SecurityCheck.exe
[2010/07/02 22:37:14 | 000,000,210 | ---- | C] () -- C:\Boot.bak
[2010/07/02 22:37:09 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/07/02 22:05:18 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rkill.com
[2010/07/02 11:11:53 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2010/07/02 09:35:52 | 000,000,051 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/06/05 16:42:41 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/02 16:53:42 | 002,119,228 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1271702011_BMWM3E92.rar
[2010/05/31 19:39:53 | 000,190,757 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\GTA-SA-GarageEdit-v1.zip
[2010/05/30 00:17:21 | 000,469,886 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1266846040_VeichleSpawner.rar
[2010/05/23 18:26:00 | 000,000,672 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Winamp.lnk
[2010/05/16 21:51:25 | 000,000,175 | ---- | C] () -- C:\WINDOWS\GSdx9.INI
[2010/05/08 16:46:15 | 000,044,494 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\untitled.JPG
[2009/08/27 05:40:45 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS50.DLL
[2009/08/19 03:21:04 | 000,000,280 | ---- | C] () -- C:\WINDOWS\System32\epoPGPsdk.dll.sig
[2008/04/10 09:25:28 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2008/03/30 14:28:06 | 000,000,639 | ---- | C] () -- C:\WINDOWS\System32\OemInfo.ini
[2008/03/30 12:22:19 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/31 23:54:30 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2006/10/31 23:52:38 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2006/05/26 06:29:14 | 000,005,120 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2006/04/03 05:26:36 | 000,000,547 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest
[2003/05/14 23:39:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2003/01/07 08:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/05/14 21:58:38 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\v2k2_dec.dll

========== LOP Check ==========

[2009/08/19 18:43:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2009/08/19 19:11:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CopyTrans
[2009/11/26 08:50:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2009/11/27 00:36:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/04/30 07:24:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\VBA-M
[2009/08/19 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WindSolutions
[2009/08/19 18:43:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/08/27 05:50:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2009/10/16 22:18:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/01/19 22:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NFS Underground
[2009/08/24 00:02:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/07/03 18:48:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/08/19 19:08:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2009/10/27 00:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/08/19 19:01:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2010/07/03 08:52:53 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\WGASetup.job

========== Purity Check ==========

< End of report >

broni · 2010/07/03

Let's run OTL one more time to remove that IE entry.
Post only a log from the fix. No new OTL log needed.

Run OTL
Under the [color= "#0000FF"]Custom Scans/Fixes[/color] box at the bottom, paste in the following
Code:
:OTL
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.114la.com/index.htm

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[emptyflash]
[resethosts]
[Reboot]
Then click the [color= "#FF0000"]Run Fix[/color] button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

bartdude59 · 2010/07/03

OK, here's the log.

All processes killed
========== OTL ==========
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main\\Start Page| /E : value set successfully!
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 108860 bytes
->Temporary Internet Files folder emptied: 80727 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 28814512 bytes
->Google Chrome cache emptied: 20804825 bytes
->Flash cache emptied: 4627 bytes

User: All Users

User: Asdf
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 7633579 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 64245768 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 3201313 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 119.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Asdf
->Flash cache emptied: 0 bytes

User: Default User
->Flash cache emptied: 0 bytes

User: LocalService

User: NetworkService

Total Flash Files Cleaned = 0.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.7.0 log created on 07032010_194637

Files\Folders moved on Reboot...
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\160600ad[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\2VCAIHDQ0UCAWCZUTMCA24I5I4CA6SC22JCAHUV182CA4DEV0JCAGMDGOACA9OCEHECANEZ83TCAUW4HT9CA41MUKLCAHQRMWECAPRCXTICA97D5RPCADE2X8QCA3ST1P7CAS0SV1SCANOY39CCAYK75OO moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\ad[4].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\banner[2].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\BTCAMOGH0OCAAQE1IOCAEM1GAVCA7AE2X6CA5V2GN7CA5G80OTCA3KSXQXCAK90IB7CA18EK9ZCAR7M7RACA3G0021CAA5FUASCA4X6KSKCA2OJZDKCAKJ43IBCA73O9R7CA8PSZH4CA5WCPI0CAZS1AVF moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\E5CAJDCKZ0CATU79ZNCABDKDSCCA82JYKVCA33VVD2CA8J92ZECA7NBSNWCAOAEGBXCAVCH8HSCAORPEMZCACQCAUOCA1OL7HLCANGYUYQCAL1RPB5CAO5KQUNCALFY172CA4C5Z77CAILNI9HCA769ZOC moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\O4D9XLCA38QLPZCAI218T7CAZGSXGVCAG50D3PCAYG10LTCA17HGKWCA9ZXF11CA5RX5A0CAOWDY13CA9Q71WZCAKD0TPYCATFZDXZCAL78S1WCAWGIW19CA1T8JCFCAS756W6CADDIGJPCAQU4DBD.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\pixel[1].gif moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\st[5] moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\TVCAOHHZO3CARNOSDMCA81MHEVCAVSNYDDCAX1FRFZCANKTZQ3CAFQ4HJKCAOL5D44CAXE6T2MCASICY7ACAJXP2WKCAYCQR7HCA4VXQERCA7RXHCBCA0VVZZ5CA936NX6CA7Z9GEXCAUTQE88CAUD430V moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\W6CAKTE76DCAM3AQ8MCALEUEU0CARC9EHDCA01LZYRCAEEA0F3CAYPQCVUCA5VNYA4CAF0HYZSCAAXXD9HCA3JSV22CAHN43LJCAVFZ4L9CAVLLDUZCARBUSUGCAE0H5XICAYNTO4BCABI2GSTCADA9Q1N moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\WICAAY0QFECAD0RHPLCA5R8OLYCA0WXYVKCAPCKF22CAGJSSRXCAZODL2FCAHQ8TTZCALL0PKXCA4S98HVCA4GRB6KCAO04E1ACA00D1P9CAG0K7BYCA076STGCA6KDCLFCAY6BZVUCA9H0U1TCA5GE0AU moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\WQCA3ECTCUCAEG5IH8CA3VXG0ACAN0NDJYCA5HFMDFCAKMR5VHCAUYEHGFCAD4H0VECAL51OIOCAXY6B02CAUE3EFECASV97B0CA1LF5EMCAFXH8DKCAQY3CLUCAAVNPZ1CAB2DB16CAYOSLNNCAHHGU21 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\XGCAD2A7CWCAQKOBPACA5M1VPPCAYILHK5CAMWWY1TCAMAM2THCAQE7KIGCATO0PSWCAB00CZPCAOIWVF6CAXRZOLNCALZCQPACAGZOFCMCAFA303CCAY7DJ87CA86WH0ZCA49ABAXCAD5Q3ZHCAUSS6B3 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\YCCA5G6R56CA8Y88Y2CAN91IETCA88NQKRCAKYHJZMCANB4IJOCAGQ5ABPCA6KV5IWCAXVVHDLCARWDKHBCAJGU94NCAMZL9SGCAXIFDZHCAS1PWSRCAJRAQA8CA6KJFRFCATRT0KYCA6NA0RUCAUEQIL0 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\O8RQS4E9\YZCAXIL43KCAFXGUSHCA9ZLQ1CCAS6VHPICATTMBXACAODUV6ACA6KNPKLCAT7N8NZCAUC1IZUCAO9KXZLCAA1NCX8CA3LRSIPCAM7HB28CA5MTRSWCA8S6PH1CAL9UA71CAUL99CHCACV4L9WCAFV00Y6 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\9BCASHU30DCAN08XDJCAMQ3253CANWEU7ECA1OI8MSCAYBZJAZCAATI0AKCAD2HJV7CA6JIIQRCA7UDR82CACU5VQXCA7A65PWCA80JMVMCAVXJJEACAOOPR5OCA9YPNIPCAUC0L5GCAHJ3R0OCA2LVKGW moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\ad[4].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\DFCAKI7KQZCAHP8AHVCA2YZWC9CARFVDJFCAKXP02ECAHYNYJSCAS66W1HCAA41ORCCAL6ZG5UCASG7367CATBJJYSCAOKQ8KYCA92ZBR1CA1DLDLNCADLXZDSCALL0BUSCAIJS5LPCAIMNZ9VCAOKRKMN moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\FSCAEKP1OJCA8CN6BZCASF3E7NCAZC48I7CABQJ00ZCA0SLS5NCAGEU9QWCA3NN1HKCAC7X0LRCATNBVPICAW773USCAYF29TYCAGALH30CA326M91CAWCF22OCAOZBCCJCASS02QZCA53SD4HCAW7FG99 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\K3CA0AROTQCAPRXUTJCA5QYK8TCAV0GCAHCAXXP4VECAHUMESXCA3L3ACNCA7ZP12XCASNOW1HCAV8FJOZCA7RYREICA0N7LVMCA4UPJSBCAIIU10ECARWAIFACAYSHAOSCAKE5ZTXCAI76G3MCA8KEOLQ moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\KHCAS26WZZCAHN16MNCA77EIKXCA6J9GU7CALTPBFYCAYGN0FKCA5K0I1HCAQY7I2XCAV5NAVCCA4TQBYHCA64V99PCAZISW5RCAP40LA2CA7977GOCAJIB3EFCA2S0L7OCATF399OCAKJ8Y6ZCAXJV1CH moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\NXCAO4D3D5CALJ33HVCA5R9Q0HCAQ5M3LKCAT9NXKUCAEN50L9CAYYLBCZCA3NEKB3CAV0K532CA329RW0CADTMEZECA8BLZFVCAU52GPVCA5PEG6JCA48116PCAPI4VK8CAFP3G5YCAGSDP87CAMLG72X moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\PF8KSFCANITQFICA5BR4CCCAZIUVTECAO4FRGECAZUOSHXCAUTYQ47CAY0GI3KCABA7ZP0CA8G52FTCAGV4KP2CA9144SSCATKVLC8CA6PKTCPCAKV0RBZCAZO4N6PCAGQKYOVCA7W39OMCAT9S6TD.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LN1652MX\QBCACBP2P3CA1COU8FCABXI59ACAWEQU6TCA1N5RR5CACRI5BOCA6XBAZOCAH1K8JRCAWTYNYPCAIYDOYUCA6OPTP8CA13EOJ3CAWBA8JSCAUT9GICCA07UBNSCAHAE01PCA7ROOOWCAH33P6ECAC6WFYJ moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\1120412_58933_ABU_US_SMB_FY11Q2_SYS_FastTrack_BA_INTEL_728x90_v2[3].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\160600ad[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\1C9FC5CA8IF66ZCA5082SICA2L2K6FCA456R0QCAXZUBEMCA2KXTK7CASGQ9A6CA73ZV16CACDGA6SCACS69KUCA42IW05CAYR0CYICAEMNNL5CAK0ZC6GCACJSN2TCAW5HKV0CA449UGMCAFLZS6K.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\1[timestamp]@x90[2].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\300x250[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\3VCAS31GB4CA5FDU4QCA0KC310CAY5A4JJCA79W39JCACL5DZ0CAW99C6XCAIYL44PCAD7C165CAA827QVCA75ZH6MCAJWPUZKCAXEHFBUCA9BSFBPCAJS8COKCAG7LB1PCAZ0RAP1CAB60Q6LCANHRUJ1 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\afr[7].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\afr[8].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\AOZZK0CA78A3MACA48UDOOCAL9XU5MCAO0P17JCAVDR3I8CAAF1INQCAXV4MN9CAVI3EAICAAX6MU0CASDH8EPCAVOXRI1CAEQ52T8CAVLMAE3CAVBKDHVCAWKC3HNCAG8ML8VCANYRD6OCAXQ2WBG.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\K8CAJBQ4GTCA5OFMXBCAQKBIT2CASDY7GOCA54EEHMCAIJ5SQMCA3FSM1ECAZUB5K3CA1P3DN1CAWG3SFOCAFV2HFICANK0LL9CA02NCDDCAVL8ZLKCA5UIZ3ICASMPP1TCAJFB55FCAYE9J4RCA504D9N moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\TJCASHI982CAOLTUDECA7P04U2CAHPVDF3CAGZUXCWCAW7OYZXCA6HE0OLCAJZ3FG7CA05NJ9LCAXSBDOQCA77AXY1CABI4L4SCANCCV0XCAXK15XYCAPNPRB1CA3T9V8CCA14LYIACAM2B93BCA5JIVIB moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\LJYJNR91\XYCAH7DDSICAXGCQU3CA40AH5FCA68ZHOOCAJZ0O4GCACA7AKFCAX56ZAACA6KI4WPCAKFN5WRCAZ8FLNPCAX5DC54CA0JD0IWCAB236GACAC7EK8VCA6TZS9HCA94N030CALIKCGNCAOA6L0DCADJDKWE moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\1[timestamp]@x90[1].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\7LF87RCABGU47JCAQB6K5HCAZ98RWNCAE89MYVCA0HHBUZCAHCP7T4CA5KPDTVCAZSDHQYCA3HMH3TCAQ3G0WRCAFYKB5MCAWSA7IVCAFE2HF8CAORDL2TCACN8AOBCA12S6FUCAYT7ZTTCA6N65Z2.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\9OKZ5XCAY9P9MTCAMHUW36CAXGRO8LCA0HLO3UCAMVMUNWCA4JAXDKCAG5MU1FCA2YHN14CAYG8K32CAXDQEGGCAABD6SBCAYOD3ETCAF13HP6CAEGSEKNCA0D7FIQCAFN0OXFCAMO7RYJCABYUF5C.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\banner[4].htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\DAX4PDCAF1D7N6CA0FLQCHCARVE2X0CAW98TP6CABG6211CAPQVM52CAR92PJPCAEDIIOJCATNN4VLCAGM7AA5CAMVDPC5CAPOF1IECAUVQE81CAEVYQLICAEUYOZACAT7JY4MCA02WLS1CAXE02G6.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\FOCACEMNBNCAQJG4T9CAF6T8GOCAU18TD6CA5R5E3WCANXICSVCA2DMLIUCA5ZK13WCA9VEOYECA0BJTZSCAWOORFNCAM648HYCAX0F9FSCA1EDD2VCASJY5JGCA2MAECJCA5LD04SCAHTZBQYCA05OIOH moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\HGCAHV8QMPCAD48TO6CASD934HCA6MR1UECAUUSSUWCAXZ66H4CAK2795LCAEHHLILCAHG7TFBCAPMNRA8CA7761JPCAVO033WCAXF22UDCA6TH7QQCAXJVTYYCAEH3200CAQE9BF5CAED80TACA9ZZ7N9 moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\QR22ENCADD2CCLCA8LUC0ACALDWQFUCAB0QV02CADNC2CHCAI35V5YCAK4VD9LCAPFOU3YCAZBPJVBCANU4QP3CAYH9MBFCA2Z52AZCAYL0DZPCAOGY5RXCAR0QFLFCA3W1KDRCAXT6CZ9CA87BAFN.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\RGCA45ZA85CAO70530CA0F26S2CAA55DC0CAP6ZOYMCA99T44MCA06QV58CAP0KV7MCAO64JMWCAI43SEBCA04XJQYCAUZIZ69CA9SUS9UCATGBK5LCAPLMHDFCAA2Y4WSCATA7T3BCAIPR4WPCACEVCOJ moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\VUT7QPCA98AC4DCASFSVHCCA6F1DVTCABE5LOOCAZKSHT9CAZT7Q3VCAU7VWGWCARICJC3CART2S88CAWMTYNUCA1NDPTWCATDVL4VCAVR2IDCCATM0O12CAF74AAOCA2HY9YDCA04TIRSCAHFJW0J.htm moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\BQNREGFV\YGCAJW603PCAW89KJFCAQ6S917CAAYROK8CA664OQ9CA80JCUOCAJD3H7QCA25DT0JCA539S48CAZ0U293CA827GVTCA8OIS5SCA24NSLICAN5IG32CABMFX8TCAGQU8PECAEX0TYCCAOYGTJ1CALYXC1B moved successfully.
C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\AntiPhishing\A0AB7674-8D67-4F4D-B5E1-96FAEADFB79D.dat moved successfully.

Registry entries deleted on Reboot...

broni · 2010/07/03

Good
How are the issues?

bartdude59 · 2010/07/03

Well iexplore.exe still pops up even after I end the process.

Also, I don't know if this is related but when I try to run msconfig, I get an error saying Windows cannot find 'msconfig.'

broni · 2010/07/03

Combofix kept removing your msconfig.exe file and I forgot about it.
Download fresh copy from HERE and place it in C:\Windows\system32 folder.

================================================================

STEP 1. Download Malwarebytes' Anti-Malware: http://www.malwarebytes.org/mbam.php to your desktop.
(Malwarebytes is free to use as a manual scanner. Payment is only required if you wish to have it run and update automatically which is not necessary for our purposes)

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Quick Scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.
* Be sure that everything is checked, and click Remove Selected.
* When completed, a log will open in Notepad.
* Post the log back here.

The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\log-date.txt
Or at C:\Program Files\Malwarebytes' Anti-Malware\Logs\log-date.txt

RESTART COMPUTER!

STEP 2. Download GMER: http://www.gmer.net/files.php, by clicking on Download EXE button.
Alternative downloads:
- http://majorgeeks.com/GMER_d5198.html
- http://www.softpedia.com/get/Interne...ers/GMER.shtml
Double click on downloaded .exe file, select Rootkit tab and click the Scan button.
Do NOT use the computer while GMER is running!
When scan is completed, click Save button, and save the results as gmer.log
Warning ! Please, do not select the "Show all" checkbox during the scan.
Post the log to your next reply.

IMPORTANT! If for some reason GMER refuses to run, try again.
If it still fails, try to UN-check "Devices" in right pane.
If still no joy, try to run it from Safe Mode.

RESTART COMPUTER

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

bartdude59 · 2010/07/03

I did not download Malwarebytes again because I already have it on my computer. So after I scanned with Malwarebytes' Anti-Malware, I restarted my computer like you said. But when the login screen was loading, I got the lsass.exe error again. Is this related to the iexplore.exe problem?

lsass.exe - Application Error
The application failed to initialize properly (0xc0000142). Click on OK to terminate the application.

This is really strange. I can't find the log anywhere. I have used Malwarebytes before but I don't have a Logs folder for it. I know I have had it in the past because I have used the Logs before. And there is no Application Data folder. Should I run Malwarebytes again?

broni · 2010/07/04

Should I run Malwarebytes again?
Click to expand...

Please do.

bartdude59 · 2010/07/04

Just ran Malwarebytes. Here's the log:

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4267

Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.13

7/4/2010 9:26:49 AM
mbam-log-2010-07-04 (09-26-49).txt

Scan type: Quick scan
Objects scanned: 137075
Time elapsed: 20 minute(s), 19 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

So any word on that lsass.exe application error?

Going to run GMER now.

Edit: While GMER was running, I got a BSOD saying STOP: d0000144 Unknown Hard Error. Now I'm running my computer in safe mode with networking. I'm still getting the lsass.exe application errors with every restart.

broni · 2010/07/04

So any word on that lsass.exe application error?
Click to expand...

We'll leave this issue alone for now, until we make sure, your computer is clean.

Log in or Sign up

Solved iexplore.exe problem

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved iexplore.exe problem

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

bartdude59 Inactive Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches