Anti Malware Defender Removal - Please help

View previous topic View next topic Go down

Anti Malware Defender Removal - Please help

Post by iplo4fun on Tue Mar 23, 2010 10:08 pm

I have a windows xp system that I have been using in safe mode because it is infected with many viruses. I was able to load and run Malwarebytes per your instructions. I have had a difficult time in getting any system response. I currently have a window that pops up (does not let me close) wants me to scan - It is called The Anti Malware Defender Update. My desktop has a GREEN SCREEN with a big black box - red letters saying YOUR SYSTEM IS INFECTED - with smaller print "the system has been stopped due to a serious malfunction" "It is recommended to use a spyware removal tool" ...
Please advise.
I hava appreciated all of your help in the past but I have not been able to fix, per your instructions.
Thanks for your anticipated help.
Mark

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Wed Mar 24, 2010 12:03 am

Download [You must be registered and logged in to see this link.] by OldTimer to your Desktop.

  • Close all windows and double click OTL.exe
  • Click Run Scan and let the program run uninterrupted
  • It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  • You may need to use two posts to get it all.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Wed Mar 24, 2010 5:10 pm

Here is the one that popped up in note pad:
OTL logfile created on: 3/24/2010 11:58:55 AM - Run 4
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Head user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.63 Gb Total Space | 8.07 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 1.78 Gb Free Space | 45.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 97.66 Gb Total Space | 59.63 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
Drive H: | 70.02 Gb Total Space | 36.98 Gb Free Space | 52.82% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 7.47 Gb Total Space | 7.47 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Computer Name: SHERRIS
Current User Name: Head user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe
PRC - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/05/16 05:01:36 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe
MOD - [2008/04/13 19:12:08 | 000,152,576 | ---- | M] () -- C:\WINDOWS\oxilayotevokomas.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/06 04:10:37 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/12/11 13:10:16 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/23 13:14:08 | 000,267,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/23 13:10:32 | 000,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/14 11:09:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/08/29 17:34:02 | 000,221,184 | ---- | M] (NeoPlanet) [On_Demand | Stopped] -- C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA)
SRV - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2010/01/28 16:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/28 16:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/28 16:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/28 16:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/28 16:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/28 16:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/18 13:08:44 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/27 16:53:22 | 000,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/09/19 16:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/09/07 22:16:00 | 000,010,112 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/05/10 16:22:26 | 000,022,842 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8150.SYS -- (USB-100)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/12/04 12:09:44 | 000,263,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2003/12/04 12:09:42 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2003/12/04 12:09:38 | 000,051,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2003/12/04 12:09:36 | 000,164,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2003/12/04 12:09:34 | 000,010,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2003/12/04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/06/13 16:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/01/23 10:40:30 | 000,206,208 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/01/23 10:38:54 | 000,233,984 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/01/23 10:30:30 | 000,024,470 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/01/23 10:30:20 | 000,024,918 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/01/23 10:30:10 | 000,107,430 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2001/09/17 17:14:02 | 000,032,592 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2001/09/17 17:13:42 | 000,011,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2001/09/17 17:13:38 | 000,011,280 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2001/09/17 17:13:32 | 000,032,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ATIVRAXX)
DRV - [2001/09/17 17:12:02 | 000,065,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2001/09/17 17:11:06 | 000,032,336 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2001/09/14 17:32:08 | 000,337,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/18 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 08:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 08:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 08:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 08:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 07:49:48 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ativxbar.sys -- (ATIVXSXX) ATI Audio Crossbar (ATIVXBAR)
DRV - [2001/08/17 07:49:36 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atipcxxx.sys -- (ATIPCXXX)
DRV - [2001/08/17 07:49:12 | 000,049,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atirtcap.sys -- (ATIVRVXX) ATI Rage Theatre Video (ATIRTCAP)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2000/02/09 03:00:00 | 000,022,145 | ---- | M] (SHARP) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\sdcusb.sys -- (sdcusb)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [1999/07/31 09:11:54 | 000,058,304 | ---- | M] (Sharp Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\VSP1284D.SYS -- (VSP1284D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94}: C:\Documents and Settings\Head user\Local Settings\Application Data\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94} [2010/02/10 04:43:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{96504C2C-BFE2-4AF2-9C25-2240609A7995}: C:\Documents and Settings\MARK STEFFEN\Local Settings\Application Data\{96504C2C-BFE2-4AF2-9C25-2240609A7995} [2010/02/10 15:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 19:10:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/11/19 17:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]

[2008/04/08 15:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/08 15:03:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/08 15:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/04/08 15:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/07/21 16:02:22 | 000,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/01/25 15:02:01 | 000,008,246 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absoƖute.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 clickfast.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 code.trasferimento.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 command.adservs.com # ***Inserted By STOPzilla***
O1 - Hosts: 114 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Ypigonorapule] C:\WINDOWS\oxilayotevokomas.DLL ()
O4 - HKLM..\RunOnceEx: [Register Homesite+.exe] C:\Program Files\Macromedia\HomeSite+\Homesite+.exe (Macromedia, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} [You must be registered and logged in to see this link.] (Downloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 192.168.1.1 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Compaq Sapphire.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/31 19:20:49 | 000,000,038 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2003/04/15 12:00:01 | 000,000,063 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/23 16:57:08 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/23 16:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Malwarebytes
[2010/03/23 16:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Head user\Recent
[2010/03/23 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Yahoo!
[2010/03/23 16:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/23 16:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/23 16:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\U3
[2010/03/23 03:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/23 03:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/23 03:30:43 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/23 03:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Local Settings\Application Data\Wildtangent
[2010/02/25 03:27:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\F011B7271E6
[2010/02/23 18:38:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/01/27 04:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/16 07:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/11/19 17:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/19 17:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/25 23:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Supportwaybend
[2008/08/10 22:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2008/02/04 04:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/01/31 16:45:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/03/20 02:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2006/04/19 10:15:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/11 15:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Hotbar
[2004/07/05 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/07/05 18:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL
[2003/07/02 21:53:41 | 000,770,048 | ---- | C] (Frontcode Technologies) -- C:\Program Files\winmx331.exe

========== Files - Modified Within 30 Days ==========

[2010/03/24 12:00:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\B3E9628E9143106A.job
[2010/03/24 12:00:00 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\95DC67C293743256.job
[2010/03/24 12:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\A58A1D709185901C.job
[2010/03/24 12:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\632310D786C521EF.job
[2010/03/24 11:58:21 | 000,001,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/24 11:58:21 | 000,000,659 | ---- | M] () -- C:\WINDOWS\PDOXWIN.INI
[2010/03/24 10:54:25 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Afijefayo.dat
[2010/03/24 10:54:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlilaxu.bin
[2010/03/24 10:54:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/24 10:54:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/24 03:24:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/24 03:24:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/24 03:24:19 | 1341,771,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 03:22:25 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Head user\NTUSER.DAT
[2010/03/24 03:22:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Head user\ntuser.ini
[2010/03/24 03:05:09 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/23 18:55:08 | 000,000,852 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/03/23 16:59:04 | 000,000,238 | -HS- | M] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/03/23 16:59:04 | 000,000,238 | -HS- | M] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/03/23 16:08:20 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 15:52:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/23 15:52:50 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/03/23 13:46:47 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Head user\Desktop\Internet Security 2010.lnk
[2010/03/23 05:43:50 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/23 03:28:00 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 03:28:00 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 03:28:00 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/16 08:27:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11833.exe
[2010/02/23 18:29:54 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll

========== Files Created - No Company Name ==========

[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2010/03/23 16:08:20 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 14:54:08 | 1341,771,776 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/23 03:24:48 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/03/16 08:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11833.exe
[2010/02/23 18:38:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/21 00:17:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 13:35:26 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/02/20 13:35:26 | 000,000,238 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/02/20 13:35:26 | 000,000,238 | -HS- | C] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/02/20 13:35:10 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi
[2010/02/20 13:35:10 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico
[2010/02/20 13:35:10 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico
[2010/02/20 13:35:10 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico
[2010/02/20 13:35:09 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi
[2010/02/20 13:35:09 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi
[2010/02/01 22:55:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/25 15:03:29 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/25 02:13:27 | 000,010,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/16 14:31:26 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/10/14 16:01:15 | 000,000,295 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/08/14 00:19:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/03 11:09:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/14 23:28:57 | 000,000,167 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/07/03 15:14:03 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/06/06 10:57:53 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2006/10/26 18:40:04 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/09/26 14:42:42 | 000,087,220 | ---- | C] () -- C:\WINDOWS\System32\Evbro2.dll
[2006/09/26 14:42:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Evbro232.dll
[2005/12/20 18:12:42 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/17 15:22:25 | 000,000,859 | ---- | C] () -- C:\WINDOWS\OS.INI
[2005/09/24 00:13:40 | 000,000,081 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/04/14 11:20:20 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/04/14 11:20:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/04/14 11:20:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2005/04/14 11:20:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/14 11:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/04/14 11:20:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2004/11/30 19:34:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/10/22 14:50:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\pd1util.INI
[2004/09/10 10:17:37 | 000,057,977 | ---- | C] () -- C:\Program Files\fl_detection_kit_en.zip
[2004/09/01 13:15:18 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2004/09/01 13:02:17 | 000,002,514 | ---- | C] () -- C:\WINDOWS\my.ini
[2004/08/12 15:37:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2004/08/12 15:37:23 | 000,000,975 | ---- | C] () -- C:\WINDOWS\ECAT.INI
[2004/07/16 21:00:46 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GJGJIINK.ini
[2004/05/21 15:40:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/05/21 15:40:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 12:06:58 | 000,000,045 | ---- | C] () -- C:\WINDOWS\igsaw.ini
[2004/04/03 16:23:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\MSrev01.dll
[2004/02/11 13:11:53 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\MSrev41.dll
[2003/12/25 00:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2003/12/10 19:11:00 | 000,000,017 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/14 23:44:34 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/11/14 12:55:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2003/11/14 12:55:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2003/11/14 12:54:49 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 11:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/14 15:20:03 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2003/08/06 11:37:10 | 000,000,028 | ---- | C] () -- C:\WINDOWS\spiemon.ini
[2003/07/26 00:05:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/06/19 14:19:15 | 000,000,659 | ---- | C] () -- C:\WINDOWS\PDOXWIN.INI
[2003/06/19 14:19:15 | 000,000,497 | ---- | C] () -- C:\WINDOWS\PXDLITE.INI
[2003/06/19 14:19:15 | 000,000,108 | ---- | C] () -- C:\WINDOWS\MULTIHLP.INI
[2003/05/15 22:31:33 | 000,028,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/04/14 15:19:25 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2003/04/14 14:39:59 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003/04/14 14:39:59 | 000,000,236 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2003/04/14 14:39:58 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2003/04/14 14:39:57 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2003/04/14 14:39:57 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2003/04/14 14:39:57 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2003/04/14 14:39:56 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2003/04/14 14:39:56 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2003/04/14 14:39:55 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2003/04/14 14:39:55 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2003/04/14 14:39:55 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2003/04/14 14:39:55 | 000,004,384 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2003/04/14 14:39:55 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2003/04/14 14:39:55 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2003/04/02 04:45:42 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/02 01:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/03/31 19:52:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2003/03/31 19:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2003/03/31 19:39:11 | 000,001,016 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2003/03/31 19:39:11 | 000,000,259 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2003/03/31 19:20:36 | 000,000,208 | ---- | C] () -- C:\WINDOWS\DmmYuv.ini
[2003/03/24 01:23:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\spipcl4a.ini
[2003/03/24 01:23:00 | 000,000,185 | ---- | C] () -- C:\WINDOWS\SHSFTSET.INI
[2003/03/02 02:14:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\POWERBAR.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\MIDIPLAY.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CDPLAY.INI
[2003/03/02 02:14:41 | 000,000,046 | ---- | C] () -- C:\WINDOWS\WAVPLAY.INI
[2003/03/02 02:14:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2003/03/02 02:14:21 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2003/03/02 02:14:14 | 000,000,109 | ---- | C] () -- C:\WINDOWS\AUDIOVIW.ini
[2003/02/11 15:16:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2003/02/02 04:40:32 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2003/02/02 04:13:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2003/02/02 04:13:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2003/02/02 04:13:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2003/02/02 04:13:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2003/02/02 04:13:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2003/02/01 23:26:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 22:15:03 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/02/01 22:15:03 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/02/01 22:14:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2003/01/31 16:40:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/31 16:37:39 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2003/01/31 16:36:13 | 000,000,757 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/31 08:19:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\atitunep.sys
[2003/01/31 08:19:31 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2003/01/31 08:19:30 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtsnd.sys
[2003/01/31 08:19:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativxbar.sys
[2003/01/31 08:19:27 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2003/01/31 08:19:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\atipcxxx.sys
[2001/12/14 12:46:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\XEROXTW.INI
[2001/10/22 20:15:26 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/22 20:15:00 | 000,152,576 | ---- | C] () -- C:\WINDOWS\oxilayotevokomas.dll
[2001/10/22 20:14:35 | 000,000,325 | ---- | C] () -- C:\WINDOWS\System32\ntnet.drv
[2001/10/15 09:53:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\XE88STMN.INI
[2001/09/17 17:14:02 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2001/09/17 17:13:50 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2001/09/17 17:13:42 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001/09/17 17:13:38 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2001/09/17 17:13:32 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2001/09/17 17:13:08 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001/09/17 17:12:02 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2001/09/17 17:11:06 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/03 20:22:00 | 000,182,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAVAP.SYS
[2001/05/13 17:18:34 | 000,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 09:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 10:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/10/24 14:56:36 | 000,001,998 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== Files - Unicode (All) ==========
[2009/04/26 01:08:57 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Мicrosoft.NET
[2009/04/26 01:05:37 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2006/08/17 15:01:26 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2006/08/17 15:01:26 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2006/08/16 15:43:38 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2006/08/16 15:43:38 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2006/07/25 21:16:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/07/25 21:16:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/06/21 15:42:36 | 000,000,000 | ---D | M](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2006/06/21 15:42:36 | 000,000,000 | ---D | C](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2006/04/03 18:59:48 | 000,000,000 | ---D | M](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fоnts
[2006/04/03 18:59:48 | 000,000,000 | ---D | C](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fоnts
[2006/03/29 16:06:34 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2006/03/29 16:06:34 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2006/03/29 16:06:33 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft.NET) -- C:\WINDOWS\Mіcrosoft.NET
[2006/03/29 16:06:33 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft.NET) -- C:\WINDOWS\Mіcrosoft.NET
[2006/03/29 16:06:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2006/03/29 16:06:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2006/03/29 16:05:53 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2006/03/29 16:05:53 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2006/03/29 16:05:53 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2005/12/20 00:56:50 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2005/12/20 00:56:50 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2005/09/29 18:24:51 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2005/09/29 18:24:51 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2005/09/09 22:15:54 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2005/09/09 22:15:54 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2005/08/30 19:04:39 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2005/08/30 19:04:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2005/08/16 11:34:47 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2005/08/16 11:34:47 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2005/08/12 10:31:35 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2005/08/12 10:31:35 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2005/08/08 16:21:58 | 000,000,000 | ---D | M](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2005/08/08 16:21:58 | 000,000,000 | ---D | C](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2005/07/14 05:08:21 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2005/07/14 05:08:21 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2005/07/08 15:57:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Таsks
[2005/07/08 15:57:38 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Таsks
[2005/06/20 15:20:45 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2005/06/20 15:20:45 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2005/06/19 15:22:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Мicrosoft.NET
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
< End of report

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Wed Mar 24, 2010 5:13 pm

Here is the one that was saved to the desk top. Thanks for your help


OTL logfile created on: 3/24/2010 11:58:55 AM - Run 4
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Head user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 57.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.63 Gb Total Space | 8.07 Gb Free Space | 11.43% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 1.78 Gb Free Space | 45.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 97.66 Gb Total Space | 59.63 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
Drive H: | 70.02 Gb Total Space | 36.98 Gb Free Space | 52.82% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 7.47 Gb Total Space | 7.47 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Computer Name: SHERRIS
Current User Name: Head user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe
PRC - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 19:12:30 | 000,420,864 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntvdm.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/05/16 05:01:36 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe
MOD - [2008/04/13 19:12:08 | 000,152,576 | ---- | M] () -- C:\WINDOWS\oxilayotevokomas.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Web Scanner)
SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [On_Demand | Stopped] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Mail Scanner)
SRV - [2010/01/28 17:09:28 | 000,040,384 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe -- (avast! Antivirus)
SRV - [2009/11/06 04:10:37 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/12/11 13:10:16 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/23 13:14:08 | 000,267,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/23 13:10:32 | 000,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/14 11:09:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/08/29 17:34:02 | 000,221,184 | ---- | M] (NeoPlanet) [On_Demand | Stopped] -- C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA)
SRV - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Driver Services (SafeList) ==========

DRV - [2010/01/28 16:57:55 | 000,046,672 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2010/01/28 16:57:34 | 000,163,280 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aswSP.sys -- (aswSP)
DRV - [2010/01/28 16:54:42 | 000,023,376 | ---- | M] (ALWIL Software) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2010/01/28 16:54:16 | 000,100,432 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2010/01/28 16:54:05 | 000,019,024 | ---- | M] (ALWIL Software) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/01/28 16:53:50 | 000,028,240 | ---- | M] (ALWIL Software) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2008/04/13 13:46:20 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)
DRV - [2008/04/13 13:46:20 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)
DRV - [2008/04/13 13:46:09 | 000,051,200 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2008/04/13 13:36:39 | 000,043,008 | ---- | M] (Advanced Micro Devices, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\amdagp.sys -- (amdagp)
DRV - [2007/11/13 05:25:53 | 000,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2007/07/18 13:08:44 | 000,047,360 | ---- | M] (VSO Software) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pcouffin.sys -- (pcouffin)
DRV - [2006/10/04 21:42:42 | 000,002,560 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2006/10/04 21:42:42 | 000,002,432 | ---- | M] (Sonic Solutions) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2006/09/27 16:53:22 | 000,036,560 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\PxHelp20.sys -- (PxHelp20)
DRV - [2006/09/19 16:44:04 | 000,015,664 | ---- | M] (GEAR Software Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\GEARAspiWDM.sys -- (GEARAspiWDM)
DRV - [2006/09/07 22:16:00 | 000,010,112 | ---- | M] (Western Digital Technologies) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wdcsam.sys -- (WDC_SAM)
DRV - [2006/05/10 16:22:26 | 000,022,842 | ---- | M] (Realtek ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8150.SYS -- (USB-100)
DRV - [2004/08/04 00:31:32 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rtl8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/02/09 12:06:22 | 000,015,360 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\NetMotCM.sys -- (ndiscm)
DRV - [2003/12/04 12:09:44 | 000,263,296 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2003/12/04 12:09:42 | 000,016,288 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2003/12/04 12:09:38 | 000,051,520 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMNDIS.SYS -- (SYMNDIS)
DRV - [2003/12/04 12:09:36 | 000,164,512 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMFW.SYS -- (SYMFW)
DRV - [2003/12/04 12:09:34 | 000,010,688 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMDNS.SYS -- (SYMDNS)
DRV - [2003/12/04 11:33:20 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)
DRV - [2003/10/06 15:16:00 | 001,550,043 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2003/01/10 16:13:04 | 000,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/06/13 16:08:46 | 000,014,604 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2002/01/23 10:40:30 | 000,206,208 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\UdfReadr_xp.sys -- (UdfReadr_xp)
DRV - [2002/01/23 10:38:54 | 000,233,984 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\Cdudf_xp.sys -- (cdudf_xp)
DRV - [2002/01/23 10:30:30 | 000,024,470 | ---- | M] (Roxio) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Dvd_2k.sys -- (dvd_2K)
DRV - [2002/01/23 10:30:20 | 000,024,918 | ---- | M] (Roxio) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Mmc_2k.sys -- (mmc_2K)
DRV - [2002/01/23 10:30:10 | 000,107,430 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\pwd_2K.sys -- (pwd_2k)
DRV - [2001/09/17 17:14:02 | 000,032,592 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinxsxx.sys -- (ATIXSAudio)
DRV - [2001/09/17 17:13:42 | 000,011,760 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinpdxx.sys -- (PCDCODEC)
DRV - [2001/09/17 17:13:38 | 000,011,280 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atinmdxx.sys -- (MVDCODEC)
DRV - [2001/09/17 17:13:32 | 000,032,848 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinraxx.sys -- (ATIVRAXX)
DRV - [2001/09/17 17:12:02 | 000,065,104 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atinrvxx.sys -- (atinrvxx)
DRV - [2001/09/17 17:11:06 | 000,032,336 | ---- | M] () [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\atintuxx.sys -- (ATITUNEP)
DRV - [2001/09/14 17:32:08 | 000,337,472 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2001/08/23 14:00:00 | 000,022,400 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SbcpHid.sys -- (SbcpHid)
DRV - [2001/08/18 07:00:00 | 000,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2001/08/17 14:56:16 | 000,007,552 | ---- | M] (Sony Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sonypvu1.sys -- (SONYPVU1) Sony USB Filter Driver (SONYPVU1)
DRV - [2001/08/17 14:52:22 | 000,036,736 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\ultra.sys -- (ultra)
DRV - [2001/08/17 08:28:16 | 000,397,502 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vpctcom.sys -- (Vpctcom)
DRV - [2001/08/17 08:28:16 | 000,064,605 | ---- | M] (PCtel, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vvoice.sys -- (Vvoice)
DRV - [2001/08/17 08:28:14 | 000,604,253 | ---- | M] (PCTEL, INC.) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\vmodem.sys -- (Vmodem)
DRV - [2001/08/17 08:28:14 | 000,112,574 | ---- | M] (PCTEL, INC.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptserlp.sys -- (Ptserlp)
DRV - [2001/08/17 07:49:48 | 000,026,624 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ativxbar.sys -- (ATIVXSXX) ATI Audio Crossbar (ATIVXBAR)
DRV - [2001/08/17 07:49:36 | 000,010,240 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atipcxxx.sys -- (ATIPCXXX)
DRV - [2001/08/17 07:49:12 | 000,049,920 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atirtcap.sys -- (ATIVRVXX) ATI Rage Theatre Video (ATIRTCAP)
DRV - [2001/08/17 07:19:34 | 000,036,480 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sfmanm.sys -- (sfman) Creative SoundFont Manager Driver (WDM)
DRV - [2001/08/17 07:19:28 | 000,006,912 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctlfacem.sys -- (emu10k1) Creative Interface Manager Driver (WDM)
DRV - [2001/08/17 07:19:26 | 000,283,904 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emu10k1m.sys -- (emu10k) Creative SB Live! (WDM)
DRV - [2001/08/17 07:19:20 | 000,003,712 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctljystk.sys -- (ctljystk)
DRV - [2000/02/09 03:00:00 | 000,022,145 | ---- | M] (SHARP) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\sdcusb.sys -- (sdcusb)
DRV - [1999/09/10 13:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI32)
DRV - [1999/07/31 09:11:54 | 000,058,304 | ---- | M] (Sharp Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\VSP1284D.SYS -- (VSP1284D)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94}: C:\Documents and Settings\Head user\Local Settings\Application Data\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94} [2010/02/10 04:43:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{96504C2C-BFE2-4AF2-9C25-2240609A7995}: C:\Documents and Settings\MARK STEFFEN\Local Settings\Application Data\{96504C2C-BFE2-4AF2-9C25-2240609A7995} [2010/02/10 15:44:45 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 19:10:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/11/19 17:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]

[2008/04/08 15:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/08 15:03:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/08 15:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/04/08 15:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/07/21 16:02:22 | 000,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/01/25 15:02:01 | 000,008,246 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost #***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 2005-search.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 600pics.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 a1.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 absoƖute.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 ad.yieldmanager.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 alex.fileburst.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-tgp.org # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 all-websearch.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 apps.deskwizz.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 awmdabest.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 b.casalemedia.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bailefunk.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best4all.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 besthardcore.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 best-targeted-traffic.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bins.elitemediagroup.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bn.i-ru.net # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 bundleware.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 burnsrecyclinginc.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 campaigns.interclick.com # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 clickfast.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 code.jcash.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 code.trasferimento.biz # ***Inserted By STOPzilla***
O1 - Hosts: 127.0.0.1 command.adservs.com # ***Inserted By STOPzilla***
O1 - Hosts: 114 more lines...
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [Ypigonorapule] C:\WINDOWS\oxilayotevokomas.DLL ()
O4 - HKLM..\RunOnceEx: [Register Homesite+.exe] C:\Program Files\Macromedia\HomeSite+\Homesite+.exe (Macromedia, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll (Google Inc.)
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O15 - HKLM\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKLM\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: buy-internetsecurity10.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: buy-is2010.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is10-soft-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: is-software-download25.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} [You must be registered and logged in to see this link.] (Downloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 192.168.1.1 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper:
O24 - Desktop BackupWallPaper: C:\WINDOWS\Compaq Sapphire.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/31 19:20:49 | 000,000,038 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2003/04/15 12:00:01 | 000,000,063 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O33 - MountPoints2\I\Shell\AutoRun\command - "" = I:\wd_windows_tools\WDEULA.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/03/23 16:57:08 | 000,000,000 | ---D | C] -- C:\Avenger
[2010/03/23 16:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Malwarebytes
[2010/03/23 16:10:15 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Head user\Recent
[2010/03/23 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Yahoo!
[2010/03/23 16:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/23 16:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/23 16:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\U3
[2010/03/23 03:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/23 03:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/23 03:30:43 | 003,558,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\moviemk.exe
[2010/03/23 03:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Local Settings\Application Data\Wildtangent
[2010/02/25 03:27:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\F011B7271E6
[2010/02/23 18:38:05 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\MpEngineStore
[2010/01/27 04:06:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/12/16 07:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/11/19 17:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/19 17:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/25 23:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Supportwaybend
[2008/08/10 22:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2008/02/04 04:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/01/31 16:45:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/03/20 02:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2006/04/19 10:15:54 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2004/08/11 15:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Hotbar
[2004/07/05 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/07/05 18:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL
[2003/07/02 21:53:41 | 000,770,048 | ---- | C] (Frontcode Technologies) -- C:\Program Files\winmx331.exe

========== Files - Modified Within 30 Days ==========

[2010/03/24 12:00:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\B3E9628E9143106A.job
[2010/03/24 12:00:00 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\95DC67C293743256.job
[2010/03/24 12:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\A58A1D709185901C.job
[2010/03/24 12:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\632310D786C521EF.job
[2010/03/24 11:58:21 | 000,001,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/24 11:58:21 | 000,000,659 | ---- | M] () -- C:\WINDOWS\PDOXWIN.INI
[2010/03/24 10:54:25 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Afijefayo.dat
[2010/03/24 10:54:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlilaxu.bin
[2010/03/24 10:54:15 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/24 10:54:14 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/24 03:24:30 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/24 03:24:21 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/24 03:24:19 | 1341,771,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/24 03:22:25 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Head user\NTUSER.DAT
[2010/03/24 03:22:25 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Head user\ntuser.ini
[2010/03/24 03:05:09 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/23 18:55:08 | 000,000,852 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/03/23 16:59:04 | 000,000,238 | -HS- | M] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/03/23 16:59:04 | 000,000,238 | -HS- | M] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/03/23 16:08:20 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 15:52:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/23 15:52:50 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
[2010/03/23 13:46:47 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Head user\Desktop\Internet Security 2010.lnk
[2010/03/23 05:43:50 | 000,096,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\atapi.sys
[2010/03/23 03:28:00 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 03:28:00 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 03:28:00 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/03/16 08:27:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11833.exe
[2010/02/23 18:29:54 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll

========== Files Created - No Company Name ==========

[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2010/03/23 16:08:20 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 14:54:08 | 1341,771,776 | -HS- | C] () -- C:\hiberfil.sys
[2010/03/23 03:24:48 | 000,003,310 | ---- | C] () -- C:\WINDOWS\System32\warning.html
[2010/03/16 08:27:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\11833.exe
[2010/02/23 18:38:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/21 00:17:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/20 13:35:26 | 000,000,852 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/02/20 13:35:26 | 000,000,238 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/02/20 13:35:26 | 000,000,238 | -HS- | C] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv
[2010/02/20 13:35:10 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi
[2010/02/20 13:35:10 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico
[2010/02/20 13:35:10 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico
[2010/02/20 13:35:10 | 000,025,214 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico
[2010/02/20 13:35:09 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi
[2010/02/20 13:35:09 | 000,990,720 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi
[2010/02/01 22:55:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2010/01/25 15:03:29 | 000,001,573 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
[2010/01/25 02:13:27 | 000,010,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll
[2010/01/16 14:31:26 | 000,000,008 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\sysReserve.ini
[2009/10/14 16:01:15 | 000,000,295 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/08/14 00:19:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/03 11:09:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/14 23:28:57 | 000,000,167 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/07/03 15:14:03 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/06/06 10:57:53 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2006/10/26 18:40:04 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/09/26 14:42:42 | 000,087,220 | ---- | C] () -- C:\WINDOWS\System32\Evbro2.dll
[2006/09/26 14:42:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Evbro232.dll
[2005/12/20 18:12:42 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/17 15:22:25 | 000,000,859 | ---- | C] () -- C:\WINDOWS\OS.INI
[2005/09/24 00:13:40 | 000,000,081 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/04/14 11:20:20 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/04/14 11:20:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/04/14 11:20:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2005/04/14 11:20:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/14 11:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/04/14 11:20:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2004/11/30 19:34:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/10/22 14:50:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\pd1util.INI
[2004/09/10 10:17:37 | 000,057,977 | ---- | C] () -- C:\Program Files\fl_detection_kit_en.zip
[2004/09/01 13:15:18 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2004/09/01 13:02:17 | 000,002,514 | ---- | C] () -- C:\WINDOWS\my.ini
[2004/08/12 15:37:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2004/08/12 15:37:23 | 000,000,975 | ---- | C] () -- C:\WINDOWS\ECAT.INI
[2004/07/16 21:00:46 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GJGJIINK.ini
[2004/05/21 15:40:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/05/21 15:40:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 12:06:58 | 000,000,045 | ---- | C] () -- C:\WINDOWS\igsaw.ini
[2004/04/03 16:23:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\MSrev01.dll
[2004/02/11 13:11:53 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\MSrev41.dll
[2003/12/25 00:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2003/12/10 19:11:00 | 000,000,017 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/14 23:44:34 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/11/14 12:55:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2003/11/14 12:55:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2003/11/14 12:54:49 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 11:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/14 15:20:03 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2003/08/06 11:37:10 | 000,000,028 | ---- | C] () -- C:\WINDOWS\spiemon.ini
[2003/07/26 00:05:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/06/19 14:19:15 | 000,000,659 | ---- | C] () -- C:\WINDOWS\PDOXWIN.INI
[2003/06/19 14:19:15 | 000,000,497 | ---- | C] () -- C:\WINDOWS\PXDLITE.INI
[2003/06/19 14:19:15 | 000,000,108 | ---- | C] () -- C:\WINDOWS\MULTIHLP.INI
[2003/05/15 22:31:33 | 000,028,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/04/14 15:19:25 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2003/04/14 14:39:59 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003/04/14 14:39:59 | 000,000,236 | ---- | C] () -- C:\WINDOWS\winhelp.ini
[2003/04/14 14:39:58 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2003/04/14 14:39:57 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2003/04/14 14:39:57 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2003/04/14 14:39:57 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2003/04/14 14:39:56 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2003/04/14 14:39:56 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2003/04/14 14:39:55 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2003/04/14 14:39:55 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2003/04/14 14:39:55 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2003/04/14 14:39:55 | 000,004,384 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2003/04/14 14:39:55 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2003/04/14 14:39:55 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2003/04/02 04:45:42 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/02 01:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/03/31 19:52:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2003/03/31 19:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2003/03/31 19:39:11 | 000,001,016 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2003/03/31 19:39:11 | 000,000,259 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2003/03/31 19:20:36 | 000,000,208 | ---- | C] () -- C:\WINDOWS\DmmYuv.ini
[2003/03/24 01:23:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\spipcl4a.ini
[2003/03/24 01:23:00 | 000,000,185 | ---- | C] () -- C:\WINDOWS\SHSFTSET.INI
[2003/03/02 02:14:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\POWERBAR.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\MIDIPLAY.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CDPLAY.INI
[2003/03/02 02:14:41 | 000,000,046 | ---- | C] () -- C:\WINDOWS\WAVPLAY.INI
[2003/03/02 02:14:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2003/03/02 02:14:21 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2003/03/02 02:14:14 | 000,000,109 | ---- | C] () -- C:\WINDOWS\AUDIOVIW.ini
[2003/02/11 15:16:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2003/02/02 04:40:32 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2003/02/02 04:13:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2003/02/02 04:13:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2003/02/02 04:13:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2003/02/02 04:13:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2003/02/02 04:13:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2003/02/01 23:26:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 22:15:03 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/02/01 22:15:03 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/02/01 22:14:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2003/01/31 16:40:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/31 16:37:39 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2003/01/31 16:36:13 | 000,000,757 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/31 08:19:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\atitunep.sys
[2003/01/31 08:19:31 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2003/01/31 08:19:30 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtsnd.sys
[2003/01/31 08:19:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativxbar.sys
[2003/01/31 08:19:27 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2003/01/31 08:19:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\atipcxxx.sys
[2001/12/14 12:46:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\XEROXTW.INI
[2001/10/22 20:15:26 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/22 20:15:00 | 000,152,576 | ---- | C] () -- C:\WINDOWS\oxilayotevokomas.dll
[2001/10/22 20:14:35 | 000,000,325 | ---- | C] () -- C:\WINDOWS\System32\ntnet.drv
[2001/10/15 09:53:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\XE88STMN.INI
[2001/09/17 17:14:02 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2001/09/17 17:13:50 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2001/09/17 17:13:42 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001/09/17 17:13:38 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2001/09/17 17:13:32 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2001/09/17 17:13:08 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001/09/17 17:12:02 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2001/09/17 17:11:06 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/03 20:22:00 | 000,182,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAVAP.SYS
[2001/05/13 17:18:34 | 000,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 09:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 10:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/10/24 14:56:36 | 000,001,998 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== Files - Unicode (All) ==========
[2009/04/26 01:08:57 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Мicrosoft.NET
[2009/04/26 01:05:37 | 000,000,000 | ---D | M](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2006/08/17 15:01:26 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2006/08/17 15:01:26 | 000,000,000 | ---D | M](C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
[2006/08/16 15:43:38 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2006/08/16 15:43:38 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
[2006/07/25 21:16:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/07/25 21:16:02 | 000,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/06/21 15:42:36 | 000,000,000 | ---D | M](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2006/06/21 15:42:36 | 000,000,000 | ---D | C](C:\WINDOWS\??sembly) -- C:\WINDOWS\аѕsembly
[2006/04/03 18:59:48 | 000,000,000 | ---D | M](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fоnts
[2006/04/03 18:59:48 | 000,000,000 | ---D | C](C:\WINDOWS\System32\F?nts) -- C:\WINDOWS\System32\Fоnts
[2006/03/29 16:06:34 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2006/03/29 16:06:34 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2006/03/29 16:06:33 | 000,000,000 | ---D | M](C:\WINDOWS\M?crosoft.NET) -- C:\WINDOWS\Mіcrosoft.NET
[2006/03/29 16:06:33 | 000,000,000 | ---D | C](C:\WINDOWS\M?crosoft.NET) -- C:\WINDOWS\Mіcrosoft.NET
[2006/03/29 16:06:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2006/03/29 16:06:06 | 000,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
[2006/03/29 16:05:53 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2006/03/29 16:05:53 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?dobe) -- C:\WINDOWS\System32\Аdobe
[2006/03/29 16:05:53 | 000,000,000 | ---D | C](C:\WINDOWS\?ppPatch) -- C:\WINDOWS\АppPatch
[2005/12/20 00:56:50 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2005/12/20 00:56:50 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??crosoft.NET) -- C:\WINDOWS\System32\Міcrosoft.NET
[2005/09/29 18:24:51 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2005/09/29 18:24:51 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem) -- C:\WINDOWS\System32\ѕуstem
[2005/09/09 22:15:54 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2005/09/09 22:15:54 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2005/08/30 19:04:39 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2005/08/30 19:04:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??stem32) -- C:\WINDOWS\System32\ѕуstem32
[2005/08/16 11:34:47 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2005/08/16 11:34:47 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??pPatch) -- C:\WINDOWS\System32\АрpPatch
[2005/08/12 10:31:35 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2005/08/12 10:31:35 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2005/08/08 16:21:58 | 000,000,000 | ---D | M](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2005/08/08 16:21:58 | 000,000,000 | ---D | C](C:\WINDOWS\System32\W?nSxS) -- C:\WINDOWS\System32\WіnSxS
[2005/07/14 05:08:21 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2005/07/14 05:08:21 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??curity) -- C:\WINDOWS\System32\ѕеcurity
[2005/07/08 15:57:38 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Таsks
[2005/07/08 15:57:38 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sks) -- C:\WINDOWS\System32\Таsks
[2005/06/20 15:20:45 | 000,000,000 | ---D | M](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2005/06/20 15:20:45 | 000,000,000 | ---D | C](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2005/06/19 15:22:39 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft.NET) -- C:\WINDOWS\System32\Мicrosoft.NET
(C:\Program Files\Common Files\?racle) -- C:\Program Files\Common Files\Οracle
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Аdobe
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
(C:\Program Files\?ecurity) -- C:\Program Files\ѕecurity
< End of report >

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Thu Mar 25, 2010 1:22 am

Hello.

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    [2004/08/11 15:15:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Hotbar
    [2010/03/24 12:00:00 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\B3E9628E9143106A.job
    [2010/03/24 12:00:00 | 000,000,280 | -H-- | M] () -- C:\WINDOWS\tasks\95DC67C293743256.job
    [2010/03/24 12:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\A58A1D709185901C.job
    [2010/03/24 12:00:00 | 000,000,256 | -H-- | M] () -- C:\WINDOWS\tasks\632310D786C521EF.job
    [2010/03/24 10:54:25 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Afijefayo.dat
    [2010/03/24 10:54:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlilaxu.bin
    [2010/03/23 15:52:50 | 000,003,310 | ---- | M] () -- C:\WINDOWS\System32\warning.html
    [2010/03/23 13:46:47 | 000,000,756 | ---- | M] () -- C:\Documents and Settings\Head user\Desktop\Internet Security 2010.lnk
    [2010/03/16 08:27:25 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\11833.exe
    [2010/02/23 18:29:54 | 000,001,573 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll
    [2010/01/25 02:13:27 | 000,010,789 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll

    :commands
    [purity]


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Fri Mar 26, 2010 4:41 am

Thank you for your help you have been very helpful. The following is the pasted information that you requested.

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\hotbar\static\2 folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\hotbar\static folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\hotbar folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\hostol\static\2 folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\hostol\static folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0\hostol folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\v3.0 folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar\eskin folder moved successfully.
C:\Documents and Settings\LocalService\Application Data\Hotbar folder moved successfully.
C:\WINDOWS\tasks\B3E9628E9143106A.job moved successfully.
C:\WINDOWS\tasks\95DC67C293743256.job moved successfully.
C:\WINDOWS\tasks\A58A1D709185901C.job moved successfully.
C:\WINDOWS\tasks\632310D786C521EF.job moved successfully.
C:\WINDOWS\Afijefayo.dat moved successfully.
C:\WINDOWS\Vlilaxu.bin moved successfully.
C:\WINDOWS\system32\warning.html moved successfully.
C:\Documents and Settings\Head user\Desktop\Internet Security 2010.lnk moved successfully.
C:\WINDOWS\system32\11833.exe moved successfully.
C:\Documents and Settings\All Users\Application Data\h8srtkrl32mainweq.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\h8srtmainqt.dll moved successfully.
========== COMMANDS ==========
C:\WINDOWS\АppPatch\PPPATC~1 folder moved successfully.
C:\WINDOWS\АppPatch folder moved successfully.
C:\WINDOWS\аѕsembly folder moved successfully.
C:\WINDOWS\Mіcrosoft.NET folder moved successfully.
C:\WINDOWS\System32\Аdobe folder moved successfully.
C:\WINDOWS\System32\АрpPatch folder moved successfully.
C:\WINDOWS\System32\аѕsembly folder moved successfully.
C:\WINDOWS\System32\Fоnts folder moved successfully.
C:\WINDOWS\System32\Мicrosoft.NET folder moved successfully.
C:\WINDOWS\System32\Міcrosoft.NET folder moved successfully.
C:\WINDOWS\System32\ѕеcurity folder moved successfully.
C:\WINDOWS\System32\ѕуmbols folder moved successfully.
C:\WINDOWS\System32\ѕуstem folder moved successfully.
C:\WINDOWS\System32\ѕуstem32 folder moved successfully.
C:\WINDOWS\System32\Таsks folder moved successfully.
C:\WINDOWS\System32\WіnSxS folder moved successfully.
C:\Program Files\ѕecurity folder moved successfully.
C:\Program Files\Common Files\Αdobe folder moved successfully.
C:\Program Files\Common Files\Аdobe folder moved successfully.
C:\Program Files\Common Files\Οracle folder moved successfully.
C:\Program Files\Common Files\Τаsks folder moved successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 03252010_233831

I hope this will help you, help me.

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Fri Mar 26, 2010 7:25 pm

Please download and run this tool.

Download Malwarebytes' Anti-Malware from [You must be registered and logged in to see this link.]

Double Click mbam-setup.exe to install the application.

  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.


Post the contents of the MBAM Log.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Sat Mar 27, 2010 3:48 am

Thank you for the help. The following is the results of the log that you asked for. I now have another virus called XP SMART SECURITY that will not let me work in windows explorer without forcing me to its site to purchase ITS SOFTWARE. When I go to your forums (through explorer) and try to hit a link it automatically takes me to their security warning telling me that THE GEEK POLICE SITE may be a problem. Please advise on how to get the XP SMART SECURITY trojan out of my system. I now CAN'T RUN the MALWAREBYTES software. Please advise

Here is the log results that you asked for above:

Malwarebytes' Anti-Malware 1.44
Database version: 3919
Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/26/2010 4:42:02 PM
mbam-log-2010-03-26 (16-42-02).txt

Scan type: Quick Scan
Objects scanned: 210072
Time elapsed: 8 minute(s), 42 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 2
Registry Data Items Infected: 5
Folders Infected: 3
Files Infected: 20

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\oxilayotevokomas.dll (Trojan.Hiloti) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware Defender (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\ypigonorapule (Trojan.Hiloti) -> Delete on reboot.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-is2010.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is10-soft-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\buy-Internetsecurity10.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\is-software-download25.com\http (Hijack.TrustedZone) -> Bad: (2) Good: (4) -> Quarantined and deleted successfully.

Folders Infected:
C:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Start Menu\Programs\Antimalware Defender (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Program Files\Antimalware Defender (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\oxilayotevokomas.dll (Trojan.Hiloti) -> Delete on reboot.
C:\Documents and Settings\All Users\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Start Menu\Programs\Antimalware Defender\Antimalware Defender.lnk (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Program Files\Antimalware Defender\Antimalware Defender.dll (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Desktop\Antimalware Defender.LNK (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Application Data\Microsoft\Internet Explorer\Quick Launch\Antimalware Defender.LNK (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\sysReserve.ini (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico (Rogue.AntimalwareDefender) -> Quarantined and deleted successfully.
C:\Documents and Settings\All Users\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\MARK STEFFEN\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\MARK STEFFEN\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_.mkv (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Head user\Local Settings\Application Data\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.avi (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\fc1212eb-4db7-4cd6-8204-15407f3a0a7e_8.ico (Trojan.FakeAlert) -> Quarant

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Sat Mar 27, 2010 5:20 pm

Hello.

  • Download combofix from here
    [You must be registered and logged in to see this link.]
    [You must be registered and logged in to see this link.]

    1. If you are using Firefox, make sure that your download settings are as follows:

    * Tools->Options->Main tab
    * Set to "Always ask me where to Save the files".

    2. During the download, rename Combofix to Combo-Fix as follows:





    3. It is important you rename Combofix during the download, but not after.
    4. Please do not rename Combofix to other names, but only to the one indicated.
    5. Close any open browsers.
    6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

  • We need to disable your local AV (Anti-virus) before running Combofix.
  • See [You must be registered and logged in to see this link.] for how to disable your AV.
  • Double click on ComboFix.exe.
  • Follow the prompts. NOTE:
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
    ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***

    **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.


  • The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.



  • Allow ComboFix to download the Recovery Console.
  • Accept the End-User License Agreement.
  • The Recovery Console will be installed.
  • You will then get this next prompt that asks if you want to continue the malware scan, select yes



  • Allow combofix to run
  • Post C:\combofix.txt back here.

    Note:
    Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Mon Mar 29, 2010 7:26 pm

Thank you for your help, I had to uninstall my antivirus to proceed, so please advise on a good antivirus once this is done. I hope this works, you have been very helpful.
Here is the log:

ComboFix 10-03-28.03 - Head user 03/29/2010 13:50:17.1.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1280.957 [GMT -5:00]
Running from: h:\downloads\Combo-Fix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Head user\Local Settings\Application Data\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94}
c:\documents and settings\Head user\Local Settings\Application Data\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94}\chrome.manifest
c:\documents and settings\Head user\Local Settings\Application Data\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94}\chrome\content\_cfg.js
c:\documents and settings\Head user\Local Settings\Application Data\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94}\chrome\content\overlay.xul
c:\documents and settings\Head user\Local Settings\Application Data\{CEF4EBAD-36B1-46D8-B96E-F2B9FAFAEE94}\install.rdf
c:\documents and settings\Head user\Local Settings\Application Data\ave.exe
c:\documents and settings\Head user\Local Settings\Temporary Internet Files\02ph5FJ1Q.jpg
c:\documents and settings\Head user\Local Settings\Temporary Internet Files\7vS5NU.jpg
c:\documents and settings\Head user\Local Settings\Temporary Internet Files\Pnr3FM7y1.jpg
c:\documents and settings\Head user\Local Settings\Temporary Internet Files\X0RpGp4X.jpg
c:\documents and settings\Mark's\Application Data\inst.exe
c:\documents and settings\MARK STEFFEN\Application Data\inst.exe
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\{96504C2C-BFE2-4AF2-9C25-2240609A7995}
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\{96504C2C-BFE2-4AF2-9C25-2240609A7995}\chrome.manifest
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\{96504C2C-BFE2-4AF2-9C25-2240609A7995}\chrome\content\_cfg.js
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\{96504C2C-BFE2-4AF2-9C25-2240609A7995}\chrome\content\overlay.xul
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\{96504C2C-BFE2-4AF2-9C25-2240609A7995}\install.rdf
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\av.exe
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\ave.exe
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\Microsoft\Windows Defender\ave.exe
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\MSASCui.exe
c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\vma.exe
c:\documents and settings\NetworkService\Local Settings\Application Data\ave.exe
c:\recycler\S-1-5-21-725345543-1060284298-1417001333-1003
c:\windows\compaq.reg
c:\windows\desktop
c:\windows\desktop\Compaq Knowledge Center.lnk
c:\windows\system32\_000006_.tmp.dll
c:\windows\system32\ntnet.drv
c:\windows\system32\ssembl~1
c:\windows\system32\Temp
c:\windows\system32\Temp\ecdcinst2.log
c:\windows\system32\win.ini
c:\windows\system32\wnsapicc.exe
c:\windows\winhelp.ini
C:\xcrashdump.dat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((( Files Created from 2010-02-28 to 2010-03-29 )))))))))))))))))))))))))))))))
.

2010-03-29 17:11 . 2010-03-29 17:11 -------- d-----w- c:\documents and settings\Head user\Application Data\AdobeAUM
2010-03-29 17:11 . 2010-03-29 17:11 -------- d-----w- c:\documents and settings\Head user\Application Data\Leadertech
2010-03-28 02:36 . 2010-03-28 02:36 -------- d-----w- c:\documents and settings\NetworkService\Application Data\AdobeUM
2010-03-26 21:43 . 2010-03-28 02:36 -------- d-----w- c:\documents and settings\NetworkService\Local Settings\Application Data\Adobe
2010-03-26 16:56 . 2010-03-26 18:03 -------- d-----w- c:\documents and settings\MARK STEFFEN\Tracing
2010-03-26 16:33 . 2010-03-26 21:46 120 ----a-w- c:\windows\Afijefayo.dat
2010-03-26 16:33 . 2010-03-26 16:33 0 ----a-w- c:\windows\Vlilaxu.bin
2010-03-26 04:38 . 2010-03-26 04:38 -------- d-----w- C:\_OTL
2010-03-23 22:51 . 2010-03-23 22:52 -------- d-----w- c:\documents and settings\MARK STEFFEN\Application Data\U3
2010-03-23 21:34 . 2010-03-23 21:34 -------- d-----w- c:\documents and settings\Head user\Application Data\Malwarebytes
2010-03-23 21:08 . 2010-03-23 21:08 -------- d-----w- c:\documents and settings\Head user\Application Data\Yahoo!
2010-03-23 21:08 . 2010-03-23 21:08 -------- d-----w- c:\program files\Yahoo!
2010-03-23 21:08 . 2010-03-23 22:52 -------- d-----w- c:\program files\CCleaner
2010-03-23 21:08 . 2010-03-23 21:12 -------- d-----w- c:\documents and settings\Head user\Application Data\U3
2010-03-23 08:30 . 2009-10-23 15:28 3558912 -c----w- c:\windows\system32\dllcache\moviemk.exe
2010-03-23 08:07 . 2010-03-23 08:07 -------- d-----w- c:\documents and settings\Head user\Local Settings\Application Data\Wildtangent

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-03-29 18:28 . 2010-02-10 20:18 -------- d-----w- c:\documents and settings\All Users\Application Data\Alwil Software
2010-03-26 17:20 . 2006-07-13 19:46 -------- d-----w- c:\documents and settings\MARK STEFFEN\Application Data\Yahoo!
2010-03-23 22:48 . 2008-05-20 15:39 -------- d-----w- c:\program files\Plaxo
2010-03-23 21:17 . 2007-01-20 07:26 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo! Companion
2010-03-23 10:43 . 2001-08-17 13:51 96512 ----a-w- c:\windows\system32\drivers\atapi.sys
2010-03-23 08:24 . 2008-01-31 21:22 -------- d-----w- c:\program files\Google
2010-02-20 17:50 . 2010-02-20 17:50 -------- d-----w- c:\documents and settings\Head user\Application Data\Vso
2010-02-11 07:02 . 2010-02-11 07:02 -------- d-----w- c:\documents and settings\Head user\Application Data\AdobeUM
2010-02-11 00:12 . 2003-07-03 02:54 -------- d-----w- c:\program files\WinMX
2010-02-11 00:08 . 2003-01-31 21:35 -------- d-----w- c:\program files\COMPAQ
2010-02-11 00:08 . 2003-01-31 21:35 -------- d--h--w- c:\program files\InstallShield Installation Information
2010-02-10 23:14 . 2003-01-31 21:22 78400 ----a-w- c:\windows\PCHEALTH\HELPCTR\OfflineCache\index.dat
2010-02-10 20:18 . 2010-02-10 20:18 -------- d-----w- c:\program files\Alwil Software
2010-02-03 01:09 . 2008-04-08 22:23 137656 ----a-w- c:\documents and settings\Mark's\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-02-01 23:07 . 2010-02-01 23:07 -------- d-----w- c:\documents and settings\Head user\Application Data\Viewpoint
2010-02-01 23:07 . 2010-02-01 23:07 -------- d-----w- c:\documents and settings\Head user\Application Data\AOL
2010-01-26 19:27 . 2004-04-07 18:29 137656 ----a-w- c:\documents and settings\MARK STEFFEN\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-25 23:41 . 2010-01-25 23:22 137656 ----a-w- c:\documents and settings\Head user\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-01-07 22:07 . 2010-01-18 00:17 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-01-07 22:07 . 2010-01-18 00:17 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-01-05 10:00 . 2004-02-06 23:05 832512 ----a-w- c:\windows\system32\wininet.dll
2010-01-05 10:00 . 2004-08-04 07:56 78336 ----a-w- c:\windows\system32\ieencode.dll
2010-01-05 10:00 . 2001-10-23 01:14 17408 ------w- c:\windows\system32\corpol.dll
2009-12-31 16:50 . 2001-10-23 01:14 353792 ----a-w- c:\windows\system32\drivers\srv.sys
2004-09-10 15:17 . 2004-09-10 15:17 57977 -c--a-w- c:\program files\fl_detection_kit_en.zip
2003-07-03 02:53 . 2003-07-03 02:53 770048 -c--a-w- c:\program files\winmx331.exe
2006-10-11 08:04 . 2008-04-08 20:02 61036 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2006-10-11 08:04 . 2008-04-08 20:02 48742 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2006-10-11 08:05 . 2008-04-08 20:02 29313 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2006-10-11 08:05 . 2008-04-08 20:02 41082 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2006-10-11 08:04 . 2008-04-08 20:02 166510 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"AOL Fast Start"="c:\program files\AOL 9.0\AOL.EXE" [2007-04-18 50736]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-11-06 39408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-10-06 5058560]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Symantec NetDriver Warning"="c:\progra~1\SYMNET~1\SNDWarn.exe" [2004-10-29 218232]
"MySpaceIM"="c:\program files\MySpace\IM\MySpaceIM.exe" [2007-03-07 5181440]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Namo\\WebBoard\\Server\\Apache\\Apache.exe"=
"c:\\Program Files\\Namo\\WebBoard\\Server\\MySQL\\bin\\mysqld.exe"=
"c:\\Program Files\\Microsoft Office\\Office\\FRONTPG.EXE"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\3.0\\aoltpsd3.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"=
"c:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero ShowTime\\ShowTime.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Intuit\\QuickBooks 2008\\QBDBMgrN.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Common Files\\AOL\\1218734308\\ee\\aolsoftware.exe"=
"c:\\Program Files\\AOL 9.0\\waol.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Sync\\WindowsLiveSync.exe"=
"c:\\WINDOWS\\system32\\LEXPPS.EXE"=

R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [1/10/2007 4:03 PM 24652]
S2 sdcusb;USB-DEVICE;c:\windows\system32\drivers\sdcusb.sys [2/9/2000 3:00 AM 22145]
S3 ATIPCXXX;ATI Parental control device;c:\windows\system32\drivers\atipcxxx.sys [1/31/2003 8:19 AM 10240]
S3 ATIVRVXX;ATI Rage Theatre Video (ATIRTCAP);c:\windows\system32\drivers\atirtcap.sys [1/31/2003 8:19 AM 49920]
S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);c:\windows\system32\drivers\ativxbar.sys [1/31/2003 8:19 AM 26624]
S3 USB-100;Realtek RTL8150 USB 10/100 Fast Ethernet Adapter;c:\windows\system32\drivers\RTL8150.SYS [5/10/2006 4:22 PM 22842]
S3 WDC_SAM;WD SCSI Pass Thru driver;c:\windows\system32\drivers\wdcsam.sys [11/18/2007 4:06 AM 10112]
S4 AutoSyncService;Memeo AutoSync ;c:\program files\Memeo\AutoSync\MemeoService.exe [7/6/2007 6:28 PM 31768]
.
Contents of the 'Scheduled Tasks' folder

2010-02-02 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-08-29 19:57]

2010-03-29 c:\windows\Tasks\RegCure Program Check.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2010-03-25 c:\windows\Tasks\RegCure.job
- c:\program files\RegCure\RegCure.exe [2008-12-29 17:58]

2003-02-02 c:\windows\Tasks\Registration reminder 3.job
- c:\windows\System32\OOBE\oobebaln.exe [2003-03-25 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: Google Sidewiki... - c:\program files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_60D6097707281E79.dll/cmsidewiki.html
DPF: Microsoft XML Parser for Java
DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} - [You must be registered and logged in to see this link.]
DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} - [You must be registered and logged in to see this link.]
FF - ProfilePath -
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2010-03-29 14:11
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Plextor\PlexTools\¯** ]
"Parameter"=dword:00007fec
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(3844)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\SmartFTP\smarthook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\windows\System32\SCardSvr.exe
c:\program files\Common Files\AOL\ACS\AOLAcsd.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\windows\System32\nvsvc32.exe
c:\windows\system32\pctspk.exe
c:\program files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
c:\program files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe
c:\program files\AOL 9.0\waol.exe
c:\windows\system32\devldr32.exe
c:\program files\AOL 9.0\shellmon.exe
.
**************************************************************************
.
Completion time: 2010-03-29 14:20:44 - machine was rebooted
ComboFix-quarantined-files.txt 2010-03-29 19:20

Pre-Run: 8,430,944,256 bytes free
Post-Run: 11,852,353,536 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

Current=2 Default=2 Failed=4 LastKnownGood=3 Sets=1,2,3,4
- - End Of File - - 06AE2809CFE203396CB98E413E07E620

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Tue Mar 30, 2010 12:45 am

Hello.
Do you still have the OTL logs? can you post attach.txt please?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Tue Mar 30, 2010 2:22 am

I ran a new OTL earlier today and here are the logs: Thank you for your help, the system seems to be much better.

OTL logfile created on: 3/29/2010 4:02:06 PM - Run 7
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Head user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.63 Gb Total Space | 11.07 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 1.78 Gb Free Space | 45.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 97.66 Gb Total Space | 59.63 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
Drive H: | 70.02 Gb Total Space | 36.97 Gb Free Space | 52.79% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 7.47 Gb Total Space | 7.47 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Computer Name: SHERRIS
Current User Name: Head user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe
PRC - [2009/11/06 04:10:40 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/04/18 01:49:07 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2007/04/18 01:49:00 | 000,050,736 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\aol.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/05/16 05:01:36 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/06 04:10:37 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/12/11 13:10:16 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/23 13:14:08 | 000,267,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/23 13:10:32 | 000,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/14 11:09:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/08/29 17:34:02 | 000,221,184 | ---- | M] (NeoPlanet) [On_Demand | Stopped] -- C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA)
SRV - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 19:10:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/11/19 17:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]

[2008/04/08 15:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/08 15:03:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/08 15:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/04/08 15:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/07/21 16:02:22 | 000,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/29 14:11:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} [You must be registered and logged in to see this link.] (Downloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 192.168.1.1 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Compaq Sapphire.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/31 19:20:49 | 000,000,038 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2003/04/15 12:00:01 | 000,000,063 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/29 14:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/29 13:36:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/29 13:35:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/29 13:35:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/29 13:35:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/29 13:35:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/29 13:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 13:22:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/29 12:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\AdobeAUM
[2010/03/29 12:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Leadertech
[2010/03/27 21:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/03/27 21:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/27 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/26 22:53:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Head user\Recent
[2010/03/26 16:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/25 23:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/25 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/25 23:10:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/23 16:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Malwarebytes
[2010/03/23 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Yahoo!
[2010/03/23 16:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/23 16:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/23 16:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\U3
[2010/03/23 03:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/23 03:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Local Settings\Application Data\Wildtangent
[2009/12/16 07:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/11/19 17:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/19 17:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/25 23:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Supportwaybend
[2008/08/10 22:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2008/02/04 04:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/01/31 16:45:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/03/20 02:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2004/07/05 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/07/05 18:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL
[2003/07/02 21:53:41 | 000,770,048 | ---- | C] (Frontcode Technologies) -- C:\Program Files\winmx331.exe

========== Files - Modified Within 14 Days ==========

[2010/03/29 16:02:05 | 000,001,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 16:01:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/29 16:01:36 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/29 15:55:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 15:55:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 15:55:33 | 1341,771,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 14:27:36 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Head user\NTUSER.DAT
[2010/03/29 14:27:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Head user\ntuser.ini
[2010/03/29 14:11:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 14:11:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 13:37:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/29 13:28:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/29 13:00:24 | 000,012,660 | -HS- | M] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\YGvcpA571Wx
[2010/03/29 13:00:24 | 000,012,660 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\YGvcpA571Wx
[2010/03/29 12:06:01 | 000,000,659 | ---- | M] () -- C:\WINDOWS\PDOXWIN.INI
[2010/03/26 16:47:29 | 000,012,656 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1488701108
[2010/03/26 16:46:08 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Afijefayo.dat
[2010/03/26 11:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlilaxu.bin
[2010/03/25 04:05:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/03/24 03:05:09 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/23 16:08:20 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 15:52:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/23 03:28:00 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 03:28:00 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 03:28:00 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2010/03/29 13:37:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/29 13:36:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/29 13:35:09 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/29 13:35:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/29 13:35:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/29 13:35:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/29 13:35:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/26 16:45:00 | 000,012,660 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\YGvcpA571Wx
[2010/03/26 16:45:00 | 000,012,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1488701108
[2010/03/26 16:44:18 | 000,012,660 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\YGvcpA571Wx
[2010/03/26 16:44:18 | 000,009,772 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\YGvcpA571Wx
[2010/03/26 11:33:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Afijefayo.dat
[2010/03/26 11:33:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vlilaxu.bin
[2010/03/23 16:08:20 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 14:54:08 | 1341,771,776 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/23 18:38:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/21 00:17:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:55:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/10/14 16:01:15 | 000,000,295 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/08/14 00:19:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/03 11:09:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/14 23:28:57 | 000,000,167 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/07/03 15:14:03 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/06/06 10:57:53 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2006/10/26 18:40:04 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/09/26 14:42:42 | 000,087,220 | ---- | C] () -- C:\WINDOWS\System32\Evbro2.dll
[2006/09/26 14:42:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Evbro232.dll
[2005/12/20 18:12:42 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/17 15:22:25 | 000,000,859 | ---- | C] () -- C:\WINDOWS\OS.INI
[2005/09/24 00:13:40 | 000,000,081 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/04/14 11:20:20 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/04/14 11:20:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/04/14 11:20:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2005/04/14 11:20:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/14 11:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/04/14 11:20:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2004/11/30 19:34:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/10/22 14:50:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\pd1util.INI
[2004/09/10 10:17:37 | 000,057,977 | ---- | C] () -- C:\Program Files\fl_detection_kit_en.zip
[2004/09/01 13:15:18 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2004/09/01 13:02:17 | 000,002,514 | ---- | C] () -- C:\WINDOWS\my.ini
[2004/08/12 15:37:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2004/08/12 15:37:23 | 000,000,975 | ---- | C] () -- C:\WINDOWS\ECAT.INI
[2004/07/16 21:00:46 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GJGJIINK.ini
[2004/05/21 15:40:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/05/21 15:40:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 12:06:58 | 000,000,045 | ---- | C] () -- C:\WINDOWS\igsaw.ini
[2004/04/03 16:23:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\MSrev01.dll
[2004/02/11 13:11:53 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\MSrev41.dll
[2003/12/25 00:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2003/12/10 19:11:00 | 000,000,017 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/14 23:44:34 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/11/14 12:55:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2003/11/14 12:55:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2003/11/14 12:54:49 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 11:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/14 15:20:03 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2003/08/06 11:37:10 | 000,000,028 | ---- | C] () -- C:\WINDOWS\spiemon.ini
[2003/07/26 00:05:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/06/19 14:19:15 | 000,000,659 | ---- | C] () -- C:\WINDOWS\PDOXWIN.INI
[2003/06/19 14:19:15 | 000,000,497 | ---- | C] () -- C:\WINDOWS\PXDLITE.INI
[2003/06/19 14:19:15 | 000,000,108 | ---- | C] () -- C:\WINDOWS\MULTIHLP.INI
[2003/05/15 22:31:33 | 000,028,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/04/14 15:19:25 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2003/04/14 14:39:59 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003/04/14 14:39:58 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2003/04/14 14:39:57 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2003/04/14 14:39:57 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2003/04/14 14:39:57 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2003/04/14 14:39:56 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2003/04/14 14:39:56 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2003/04/14 14:39:55 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2003/04/14 14:39:55 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2003/04/14 14:39:55 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2003/04/14 14:39:55 | 000,004,384 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2003/04/14 14:39:55 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2003/04/14 14:39:55 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2003/04/02 04:45:42 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/02 01:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/03/31 19:52:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2003/03/31 19:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2003/03/31 19:39:11 | 000,001,016 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2003/03/31 19:39:11 | 000,000,259 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2003/03/31 19:20:36 | 000,000,208 | ---- | C] () -- C:\WINDOWS\DmmYuv.ini
[2003/03/24 01:23:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\spipcl4a.ini
[2003/03/24 01:23:00 | 000,000,185 | ---- | C] () -- C:\WINDOWS\SHSFTSET.INI
[2003/03/02 02:14:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\POWERBAR.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\MIDIPLAY.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CDPLAY.INI
[2003/03/02 02:14:41 | 000,000,046 | ---- | C] () -- C:\WINDOWS\WAVPLAY.INI
[2003/03/02 02:14:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2003/03/02 02:14:21 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2003/03/02 02:14:14 | 000,000,109 | ---- | C] () -- C:\WINDOWS\AUDIOVIW.ini
[2003/02/11 15:16:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2003/02/02 04:40:32 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2003/02/02 04:13:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2003/02/02 04:13:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2003/02/02 04:13:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2003/02/02 04:13:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2003/02/02 04:13:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2003/02/01 23:26:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 22:15:03 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/02/01 22:15:03 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/02/01 22:14:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2003/01/31 16:40:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/31 16:37:39 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2003/01/31 16:36:13 | 000,000,757 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/31 08:19:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\atitunep.sys
[2003/01/31 08:19:31 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2003/01/31 08:19:30 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtsnd.sys
[2003/01/31 08:19:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativxbar.sys
[2003/01/31 08:19:27 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2003/01/31 08:19:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\atipcxxx.sys
[2001/12/14 12:46:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\XEROXTW.INI
[2001/10/22 20:15:26 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/15 09:53:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\XE88STMN.INI
[2001/09/17 17:14:02 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2001/09/17 17:13:50 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2001/09/17 17:13:42 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001/09/17 17:13:38 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2001/09/17 17:13:32 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2001/09/17 17:13:08 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001/09/17 17:12:02 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2001/09/17 17:11:06 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/03 20:22:00 | 000,182,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAVAP.SYS
[2001/05/13 17:18:34 | 000,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 09:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 10:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/10/24 14:56:36 | 000,001,998 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2009/04/13 17:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2008/07/21 16:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/03/29 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/01/31 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/09/02 22:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/11/06 04:02:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2005/12/26 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004/02/28 02:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/09/15 15:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Start stupid bone online
[2010/01/25 15:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/01/18 14:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/06 04:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2010/01/25 15:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2010/03/29 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Head user\Application Data\Leadertech
[2010/02/01 18:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Head user\Application Data\Viewpoint
[2010/02/20 12:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Head user\Application Data\Vso
[2010/03/29 16:01:36 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/03/25 04:05:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2003/02/01 22:01:57 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========


< End of report >

I will put the next log on a new post.
Thank you.

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Tue Mar 30, 2010 2:24 am

Here is the second log.
Thank you for all of your help. Can you tell me how I can keep the system virus free. This has been a very big headache. You have been very helpful.

Here is the second log:
OTL logfile created on: 3/29/2010 4:02:06 PM - Run 7
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Head user\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 90.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.63 Gb Total Space | 11.07 Gb Free Space | 15.67% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 1.78 Gb Free Space | 45.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 97.66 Gb Total Space | 59.63 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
Drive H: | 70.02 Gb Total Space | 36.97 Gb Free Space | 52.79% Space Free | Partition Type: NTFS
Drive I: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 7.47 Gb Total Space | 7.47 Gb Free Space | 99.92% Space Free | Partition Type: FAT32

Computer Name: SHERRIS
Current User Name: Head user
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe
PRC - [2009/11/06 04:10:40 | 000,039,408 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe
PRC - [2008/09/08 10:21:05 | 000,112,072 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
PRC - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe
PRC - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2007/04/18 01:49:07 | 000,039,472 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\waol.exe
PRC - [2007/04/18 01:49:00 | 000,050,736 | ---- | M] (AOL, LLC.) -- C:\Program Files\AOL 9.0\aol.exe
PRC - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\acs\AOLacsd.exe
PRC - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvsvc32.exe
PRC - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXBCES.EXE
PRC - [2003/05/16 05:01:36 | 000,174,592 | ---- | M] (Lexmark International, Inc.) -- C:\WINDOWS\system32\LEXPPS.EXE
PRC - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) -- C:\WINDOWS\system32\pctspk.exe
PRC - [2001/08/17 17:36:42 | 000,024,064 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\system32\devldr32.exe


========== Modules (SafeList) ==========

MOD - [2010/02/10 16:12:40 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Head user\Desktop\OTL.exe


========== Win32 Services (SafeList) ==========

SRV - [2009/11/06 04:10:37 | 000,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/05/19 12:36:18 | 000,240,512 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort)
SRV - [2008/09/08 10:19:23 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2008/02/27 04:24:12 | 000,020,480 | ---- | M] (Intuit) [Auto | Running] -- C:\Program Files\Common Files\Intuit\QuickBooks\QBCFMonitorService.exe -- (QBCFMonitorService)
SRV - [2007/12/11 13:10:16 | 000,504,104 | ---- | M] (Apple Inc.) [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2007/09/06 13:28:18 | 000,110,592 | ---- | M] (Apple, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2007/07/06 18:28:44 | 000,031,768 | ---- | M] (Memeo) [Disabled | Stopped] -- C:\Program Files\Memeo\AutoSync\MemeoService.exe -- (AutoSyncService)
SRV - [2007/05/24 07:08:44 | 000,061,440 | ---- | M] (Intuit Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Intuit\QuickBooks\FCS\Intuit.QuickBooks.FCS.exe -- (QBFCService)
SRV - [2007/03/23 13:14:08 | 000,267,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe -- (NMIndexingService)
SRV - [2007/03/23 13:10:32 | 000,779,824 | ---- | M] (Nero AG) [On_Demand | Stopped] -- C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe -- (NBService)
SRV - [2006/10/23 07:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/04/14 11:09:28 | 000,068,096 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Macromedia Shared\Service\Macromedia Licensing.exe -- (Macromedia Licensing Service)
SRV - [2005/04/04 00:41:10 | 000,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2003/10/06 15:16:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) [Auto | Running] -- C:\WINDOWS\system32\nvsvc32.exe -- (NVSvc)
SRV - [2003/05/16 05:04:26 | 000,303,104 | ---- | M] (Lexmark International, Inc.) [Auto | Running] -- C:\WINDOWS\system32\LEXBCES.EXE -- (LexBceS)
SRV - [2001/08/29 17:34:02 | 000,221,184 | ---- | M] (NeoPlanet) [On_Demand | Stopped] -- C:\Program Files\COMPAQ\Compaq Advisor\bin\compaq-rba.exe -- (Compaq_RBA)
SRV - [2001/08/17 17:36:54 | 000,086,016 | ---- | M] (PCtel, Inc.) [Auto | Running] -- C:\WINDOWS\system32\pctspk.exe -- (Pctspk)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = [You must be registered and logged in to see this link.]
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/02/10 19:10:08 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 2.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Components: C:\Program Files\Netscape\Netscape 6\Components [2009/11/19 17:39:17 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Netscape 6 6.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape 6\Plugins [2009/11/19 17:39:30 | 000,000,000 | ---D | M]

[2008/04/08 15:03:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2008/04/08 15:03:22 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/04/08 15:02:55 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\real-networks@partners.mozilla.com
[2008/04/08 15:03:01 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions\talkback@mozilla.org
[2006/10/11 03:04:58 | 000,061,036 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jar50.dll
[2006/10/11 03:04:59 | 000,048,742 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\jsd3250.dll
[2006/10/11 03:05:03 | 000,029,313 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\myspell.dll
[2006/10/11 03:05:03 | 000,041,082 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\spellchk.dll
[2006/10/11 03:04:58 | 000,166,510 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\xpinstal.dll
[2007/12/19 07:57:38 | 000,310,272 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npGoogleGadgetPluginFirefoxWin.dll
[2007/04/16 12:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll
[2008/07/21 16:02:22 | 000,001,982 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\AIM Search.xml

O1 HOSTS File: ([2010/03/29 14:11:10 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - c:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation)
O2 - BHO: (AOL Toolbar Loader) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O2 - BHO: (ST) - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (MSNToolBandBHO) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AIM Search) - {40D41A8B-D79B-43d7-99A7-9EE0F344C385} - C:\Program Files\AIM Toolbar\AIMBar.dll (America Online, Inc)
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (MSN) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - G:\Program FilesFromC31804\Norton AntiVirus\NAVShExt.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL LLC)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.0\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation)
O9 - Extra Button: ATI TV - {44226DFF-747E-4edc-B30C-78752E50CD0C} - C:\Program Files\ATI Multimedia\TV\EXPLBAR.DLL (ATI Technologies Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - Reg Error: Value error. File not found
O9 - Extra Button: PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O9 - Extra 'Tools' menuitem : PartyPoker.net - {F4430FE8-2638-42e5-B849-800749B94EED} - Reg Error: Value error. File not found
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} [You must be registered and logged in to see this link.] (Shockwave ActiveX Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} [You must be registered and logged in to see this link.] (Windows Genuine Advantage Validation Tool)
O16 - DPF: {33564D57-0000-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {33564D57-9980-0010-8000-00AA00389B71} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {41F17733-B041-4099-A042-B518BB6A408C} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {8EF27A70-DD04-11D6-B7F6-00A0C9CD5F8A} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} [You must be registered and logged in to see this link.] (InstallShield International Setup Player)
O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {BCC0FF27-31D9-4614-A68E-C18E1ADA4389} [You must be registered and logged in to see this link.] (Reg Error: Key error.)
O16 - DPF: {CA034DCC-A580-4333-B52F-15F98C42E04C} [You must be registered and logged in to see this link.] (Downloader Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} [You must be registered and logged in to see this link.] (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java Reg Error: Value error. (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.77.134 68.87.72.134 192.168.1.1 68.87.77.134 68.87.72.134
O18 - Protocol\Handler\intu-help-qb1 {9B0F96C7-2E4B-433e-ABF3-043BA1B54AE3} - C:\Program Files\Intuit\QuickBooks 2008\HelpAsyncPluggableProtocol.dll (TODO: )
O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop BackupWallPaper: C:\WINDOWS\Compaq Sapphire.BMP
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2003/03/31 19:20:49 | 000,000,038 | ---- | M] () - C:\autoexec.001 -- [ NTFS ]
O32 - AutoRun File - [2003/04/15 12:00:01 | 000,000,063 | ---- | M] () - C:\autoexec.bat -- [ NTFS ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/29 14:20:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/29 13:36:54 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/29 13:35:09 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/29 13:35:09 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/29 13:35:09 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/29 13:35:09 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/29 13:25:27 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/29 13:22:35 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/29 12:11:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\AdobeAUM
[2010/03/29 12:11:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Leadertech
[2010/03/27 21:36:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2010/03/27 21:36:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/03/27 00:05:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2010/03/26 22:53:35 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Head user\Recent
[2010/03/26 16:43:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/03/25 23:38:31 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/25 23:10:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2010/03/25 23:10:08 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2010/03/23 16:34:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Malwarebytes
[2010/03/23 16:08:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\Yahoo!
[2010/03/23 16:08:24 | 000,000,000 | ---D | C] -- C:\Program Files\Yahoo!
[2010/03/23 16:08:19 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2010/03/23 16:08:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Application Data\U3
[2010/03/23 03:31:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/03/23 03:07:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Head user\Local Settings\Application Data\Wildtangent
[2009/12/16 07:24:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp
[2009/11/19 17:35:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2009/11/19 17:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2009/04/25 23:07:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Supportwaybend
[2008/08/10 22:28:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2008/02/04 04:36:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Intuit
[2008/01/31 16:45:40 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2007/03/20 02:36:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Viewpoint
[2004/07/05 18:32:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2004/07/05 18:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AOL
[2003/07/02 21:53:41 | 000,770,048 | ---- | C] (Frontcode Technologies) -- C:\Program Files\winmx331.exe

========== Files - Modified Within 14 Days ==========

[2010/03/29 16:02:05 | 000,001,550 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/29 16:01:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/29 16:01:36 | 000,000,452 | ---- | M] () -- C:\WINDOWS\tasks\RegCure Program Check.job
[2010/03/29 15:55:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/29 15:55:35 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/29 15:55:33 | 1341,771,776 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/29 14:27:36 | 002,097,152 | -H-- | M] () -- C:\Documents and Settings\Head user\NTUSER.DAT
[2010/03/29 14:27:36 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Head user\ntuser.ini
[2010/03/29 14:11:29 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/29 14:11:10 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/03/29 13:37:06 | 000,000,281 | RHS- | M] () -- C:\boot.ini
[2010/03/29 13:28:31 | 000,002,577 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2010/03/29 13:00:24 | 000,012,660 | -HS- | M] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\YGvcpA571Wx
[2010/03/29 13:00:24 | 000,012,660 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\YGvcpA571Wx
[2010/03/29 12:06:01 | 000,000,659 | ---- | M] () -- C:\WINDOWS\PDOXWIN.INI
[2010/03/26 16:47:29 | 000,012,656 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\1488701108
[2010/03/26 16:46:08 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Afijefayo.dat
[2010/03/26 11:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlilaxu.bin
[2010/03/25 04:05:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\tasks\RegCure.job
[2010/03/24 03:05:09 | 000,000,127 | ---- | M] () -- C:\WINDOWS\System32\MRT.INI
[2010/03/23 16:08:20 | 000,001,548 | ---- | M] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 15:52:56 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/03/23 03:28:00 | 000,521,766 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/03/23 03:28:00 | 000,441,124 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/03/23 03:28:00 | 000,071,060 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

========== Files Created - No Company Name ==========

[2100/02/23 18:55:50 | 000,001,096 | ---- | C] () -- C:\WINDOWS\Lexmark_ICM.ini
[2010/03/29 13:37:06 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/03/29 13:36:59 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/29 13:35:09 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/29 13:35:09 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/29 13:35:09 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/29 13:35:09 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/29 13:35:09 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/26 16:45:00 | 000,012,660 | -HS- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\YGvcpA571Wx
[2010/03/26 16:45:00 | 000,012,656 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\1488701108
[2010/03/26 16:44:18 | 000,012,660 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\YGvcpA571Wx
[2010/03/26 16:44:18 | 000,009,772 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\YGvcpA571Wx
[2010/03/26 11:33:32 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Afijefayo.dat
[2010/03/26 11:33:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Vlilaxu.bin
[2010/03/23 16:08:20 | 000,001,548 | ---- | C] () -- C:\Documents and Settings\Head user\Desktop\CCleaner.lnk
[2010/03/23 14:54:08 | 1341,771,776 | -HS- | C] () -- C:\hiberfil.sys
[2010/02/23 18:38:06 | 000,000,127 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2010/02/21 00:17:28 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/02/01 22:55:11 | 000,000,151 | ---- | C] () -- C:\WINDOWS\PhotoSnapViewer.INI
[2009/10/14 16:01:15 | 000,000,295 | ---- | C] () -- C:\WINDOWS\AMIPRO2.INI
[2008/08/14 00:19:17 | 000,000,004 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/12/03 11:09:47 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2007/11/14 23:28:57 | 000,000,167 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2007/07/03 15:14:03 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\PROTOCOL.INI
[2007/06/06 10:57:53 | 000,000,109 | ---- | C] () -- C:\WINDOWS\PControl.ini
[2006/10/26 18:40:04 | 000,000,422 | ---- | C] () -- C:\WINDOWS\videoimp.ini
[2006/09/26 14:42:42 | 000,087,220 | ---- | C] () -- C:\WINDOWS\System32\Evbro2.dll
[2006/09/26 14:42:42 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\Evbro232.dll
[2005/12/20 18:12:42 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2005/10/17 15:22:25 | 000,000,859 | ---- | C] () -- C:\WINDOWS\OS.INI
[2005/09/24 00:13:40 | 000,000,081 | ---- | C] () -- C:\WINDOWS\upst.ini
[2005/04/14 11:20:20 | 000,777,728 | ---- | C] () -- C:\WINDOWS\System32\SSLSVC.DLL
[2005/04/14 11:20:20 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\xmltok.dll
[2005/04/14 11:20:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\cfmsg.dll
[2005/04/14 11:20:20 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\xmlparse.dll
[2005/04/14 11:20:18 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\lang_cfml.dll
[2005/04/14 11:20:18 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\xml_datagrove.dll
[2004/11/30 19:34:11 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2004/10/22 14:50:44 | 000,000,090 | ---- | C] () -- C:\WINDOWS\pd1util.INI
[2004/09/10 10:17:37 | 000,057,977 | ---- | C] () -- C:\Program Files\fl_detection_kit_en.zip
[2004/09/01 13:15:18 | 000,000,020 | ---- | C] () -- C:\WINDOWS\TemplateWizard.INI
[2004/09/01 13:02:17 | 000,002,514 | ---- | C] () -- C:\WINDOWS\my.ini
[2004/08/12 15:37:55 | 000,000,041 | ---- | C] () -- C:\WINDOWS\crw.ini
[2004/08/12 15:37:23 | 000,000,975 | ---- | C] () -- C:\WINDOWS\ECAT.INI
[2004/07/16 21:00:46 | 000,000,045 | ---- | C] () -- C:\WINDOWS\GJGJIINK.ini
[2004/05/21 15:40:09 | 000,000,049 | ---- | C] () -- C:\WINDOWS\upth.ini
[2004/05/21 15:40:09 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2004/05/21 12:06:58 | 000,000,045 | ---- | C] () -- C:\WINDOWS\igsaw.ini
[2004/04/03 16:23:16 | 000,000,050 | ---- | C] () -- C:\WINDOWS\System32\MSrev01.dll
[2004/02/11 13:11:53 | 000,000,093 | ---- | C] () -- C:\WINDOWS\System32\MSrev41.dll
[2003/12/25 00:16:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\MSREGUSR.INI
[2003/12/10 19:11:00 | 000,000,017 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2003/11/14 23:44:34 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameE.txt
[2003/11/14 12:55:18 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbfvs.dll
[2003/11/14 12:55:16 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBFLCNP.DLL
[2003/11/14 12:54:49 | 000,000,188 | ---- | C] () -- C:\WINDOWS\System32\lxbfcoin.ini
[2003/10/06 15:16:00 | 000,027,136 | ---- | C] () -- C:\WINDOWS\System32\nvcod.dll
[2003/10/02 11:41:55 | 000,000,026 | ---- | C] () -- C:\WINDOWS\UP9ASP.INI
[2003/08/14 15:20:03 | 000,000,012 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\DirectCDUserNameF.txt
[2003/08/06 11:37:10 | 000,000,028 | ---- | C] () -- C:\WINDOWS\spiemon.ini
[2003/07/26 00:05:02 | 000,000,174 | ---- | C] () -- C:\WINDOWS\System32\mcini.ini
[2003/06/19 14:19:15 | 000,000,659 | ---- | C] () -- C:\WINDOWS\PDOXWIN.INI
[2003/06/19 14:19:15 | 000,000,497 | ---- | C] () -- C:\WINDOWS\PXDLITE.INI
[2003/06/19 14:19:15 | 000,000,108 | ---- | C] () -- C:\WINDOWS\MULTIHLP.INI
[2003/05/15 22:31:33 | 000,028,559 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2003/04/14 15:19:25 | 000,004,722 | ---- | C] () -- C:\WINDOWS\AmiVISD.ini
[2003/04/14 14:39:59 | 000,000,703 | ---- | C] () -- C:\WINDOWS\lotus.ini
[2003/04/14 14:39:58 | 000,000,185 | ---- | C] () -- C:\WINDOWS\AMISMART.INI
[2003/04/14 14:39:57 | 000,008,283 | ---- | C] () -- C:\WINDOWS\AMIDW.INI
[2003/04/14 14:39:57 | 000,000,898 | ---- | C] () -- C:\WINDOWS\AMIEQN.INI
[2003/04/14 14:39:57 | 000,000,104 | ---- | C] () -- C:\WINDOWS\AMIIMAGE.INI
[2003/04/14 14:39:56 | 000,023,822 | ---- | C] () -- C:\WINDOWS\AMIOW.INI
[2003/04/14 14:39:56 | 000,002,846 | ---- | C] () -- C:\WINDOWS\AMICALC.INI
[2003/04/14 14:39:55 | 000,011,208 | ---- | C] () -- C:\WINDOWS\AMIENV.DLL
[2003/04/14 14:39:55 | 000,010,014 | ---- | C] () -- C:\WINDOWS\AMILABEL.INI
[2003/04/14 14:39:55 | 000,005,909 | ---- | C] () -- C:\WINDOWS\AMIWP.INI
[2003/04/14 14:39:55 | 000,004,384 | ---- | C] () -- C:\WINDOWS\AMIPRO.INI
[2003/04/14 14:39:55 | 000,001,993 | ---- | C] () -- C:\WINDOWS\AMIIWP.INI
[2003/04/14 14:39:55 | 000,000,332 | ---- | C] () -- C:\WINDOWS\AMIFONT.INI
[2003/04/02 04:45:42 | 000,086,528 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2003/04/02 01:22:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2003/03/31 19:52:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\vstudio.INI
[2003/03/31 19:39:33 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsrex.INI
[2003/03/31 19:39:11 | 000,001,016 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2003/03/31 19:39:11 | 000,000,259 | ---- | C] () -- C:\WINDOWS\vidwiz.ini
[2003/03/31 19:20:36 | 000,000,208 | ---- | C] () -- C:\WINDOWS\DmmYuv.ini
[2003/03/24 01:23:00 | 000,000,294 | ---- | C] () -- C:\WINDOWS\spipcl4a.ini
[2003/03/24 01:23:00 | 000,000,185 | ---- | C] () -- C:\WINDOWS\SHSFTSET.INI
[2003/03/02 02:14:41 | 000,000,116 | ---- | C] () -- C:\WINDOWS\POWERBAR.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\MIDIPLAY.INI
[2003/03/02 02:14:41 | 000,000,047 | ---- | C] () -- C:\WINDOWS\CDPLAY.INI
[2003/03/02 02:14:41 | 000,000,046 | ---- | C] () -- C:\WINDOWS\WAVPLAY.INI
[2003/03/02 02:14:24 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AUDIOMIX.INI
[2003/03/02 02:14:21 | 000,000,113 | ---- | C] () -- C:\WINDOWS\ORCH.INI
[2003/03/02 02:14:14 | 000,000,109 | ---- | C] () -- C:\WINDOWS\AUDIOVIW.ini
[2003/02/11 15:16:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ATIMMC.INI
[2003/02/02 04:40:32 | 000,000,078 | ---- | C] () -- C:\WINDOWS\psuite.ini
[2003/02/02 04:13:52 | 000,196,096 | ---- | C] () -- C:\WINDOWS\System32\MACD32.DLL
[2003/02/02 04:13:52 | 000,138,752 | ---- | C] () -- C:\WINDOWS\System32\MASE32.DLL
[2003/02/02 04:13:52 | 000,136,192 | ---- | C] () -- C:\WINDOWS\System32\MAMC32.DLL
[2003/02/02 04:13:52 | 000,057,856 | ---- | C] () -- C:\WINDOWS\System32\MASD32.DLL
[2003/02/02 04:13:52 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\MA32.DLL
[2003/02/01 23:26:35 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2003/02/01 22:15:03 | 000,066,560 | ---- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2003/02/01 22:15:03 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2003/02/01 22:14:55 | 000,009,136 | ---- | C] () -- C:\WINDOWS\System32\INETWH16.DLL
[2003/01/31 16:40:01 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2003/01/31 16:37:39 | 000,181,760 | ---- | C] () -- C:\WINDOWS\System32\patchw32.dll
[2003/01/31 16:36:13 | 000,000,757 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2003/01/31 08:19:32 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\atitunep.sys
[2003/01/31 08:19:31 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtcap.sys
[2003/01/31 08:19:30 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\drivers\atirtsnd.sys
[2003/01/31 08:19:28 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativxbar.sys
[2003/01/31 08:19:27 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\drivers\ativmdcd.sys
[2003/01/31 08:19:26 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\drivers\atipcxxx.sys
[2001/12/14 12:46:44 | 000,000,049 | ---- | C] () -- C:\WINDOWS\XEROXTW.INI
[2001/10/22 20:15:26 | 000,000,190 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2001/10/15 09:53:26 | 000,000,091 | ---- | C] () -- C:\WINDOWS\System32\XE88STMN.INI
[2001/09/17 17:14:02 | 000,032,592 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinxsxx.sys
[2001/09/17 17:13:50 | 000,020,960 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinttxx.sys
[2001/09/17 17:13:42 | 000,011,760 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinpdxx.sys
[2001/09/17 17:13:38 | 000,011,280 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinmdxx.sys
[2001/09/17 17:13:32 | 000,032,848 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinraxx.sys
[2001/09/17 17:13:08 | 000,060,464 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinbtxx.sys
[2001/09/17 17:12:02 | 000,065,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\atinrvxx.sys
[2001/09/17 17:11:06 | 000,032,336 | ---- | C] () -- C:\WINDOWS\System32\drivers\atintuxx.sys
[2001/08/23 14:00:00 | 000,022,400 | ---- | C] () -- C:\WINDOWS\System32\drivers\SbcpHid.sys
[2001/08/03 20:22:00 | 000,182,896 | ---- | C] () -- C:\WINDOWS\System32\drivers\NAVAP.SYS
[2001/05/13 17:18:34 | 000,000,209 | ---- | C] () -- C:\WINDOWS\X63_DS.ini
[2000/10/24 09:08:36 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2000/10/24 09:08:33 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[1999/01/22 21:46:58 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 10:00:00 | 000,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL
[1997/10/24 14:56:36 | 000,001,998 | ---- | C] () -- C:\WINDOWS\LEXSTAT.INI

========== LOP Check ==========

[2009/04/13 17:18:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\1Click DVD Copy
[2008/07/21 16:02:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/03/29 13:28:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2008/01/31 16:16:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\COMMON FILES
[2008/09/02 22:35:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2009/11/06 04:02:10 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Memeo
[2005/12/26 18:27:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2004/02/28 02:06:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBT
[2006/09/15 15:19:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Start stupid bone online
[2010/01/25 15:10:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2007/01/18 14:52:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/11/06 04:00:47 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\WD
[2010/01/25 15:27:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ZILLAbar
[2010/03/29 12:11:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Head user\Application Data\Leadertech
[2010/02/01 18:07:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Head user\Application Data\Viewpoint
[2010/02/20 12:50:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Head user\Application Data\Vso
[2010/03/29 16:01:36 | 000,000,452 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure Program Check.job
[2010/03/25 04:05:00 | 000,000,386 | ---- | M] () -- C:\WINDOWS\Tasks\RegCure.job
[2003/02/01 22:01:57 | 000,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Registration reminder 3.job

========== Purity Check ==========


< End of report >

If I am virus free, do you have any suggestions as how to avoid this again? thank you.
Mark

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Tue Mar 30, 2010 2:26 am

You gave me several scanning programs to check for viruses. Should I scan the system regularily? Which program do I use on a regular basis to scan and repair viruses?
Thank you
Mark

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Tue Mar 30, 2010 10:56 pm

Hello.
That's OTL.txt log, I need to see Extras.txt log.

Thanks.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Wed Mar 31, 2010 6:10 am

Here is the extras.txt log you asked for. You have been very helpful, I will spread the word.

OTL Extras logfile created on: 2/10/2010 2:51:48 PM - Run 1
OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\MARK STEFFEN\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 55.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 72.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.63 Gb Total Space | 5.78 Gb Free Space | 8.18% Space Free | Partition Type: NTFS
Drive D: | 3.89 Gb Total Space | 1.78 Gb Free Space | 45.72% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
Drive G: | 97.66 Gb Total Space | 59.63 Gb Free Space | 61.06% Space Free | Partition Type: NTFS
Drive H: | 70.02 Gb Total Space | 36.98 Gb Free Space | 52.81% Space Free | Partition Type: NTFS
I: Drive not present or media not loaded

Computer Name: SHERRIS
Current User Name: MARK STEFFEN
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.inf [@ = inffile] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe (Macromedia, Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [edit] -- Reg Error: Key error.
batfile [open] -- "%1" %*
batfile [print] -- Reg Error: Key error.
cmdfile [edit] -- Reg Error: Key error.
cmdfile [open] -- "%1" %*
cmdfile [print] -- Reg Error: Key error.
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
inffile [open] -- Reg Error: Key error.
inffile [print] -- Reg Error: Key error.
inifile [print] -- Reg Error: Key error.
jsfile [edit] -- Reg Error: Key error.
jsfile [open] -- "C:\Program Files\Macromedia\Dreamweaver MX 2004\Dreamweaver.exe" "%1" (Macromedia, Inc.)
jsfile [print] -- Reg Error: Key error.
jsefile [edit] -- Reg Error: Key error.
jsefile [print] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [edit] -- Reg Error: Key error.
regfile [merge] -- Reg Error: Key error.
regfile [print] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [print] -- Reg Error: Key error.
txtfile [printto] -- Reg Error: Key error.
vbefile [edit] -- Reg Error: Key error.
vbefile [print] -- Reg Error: Key error.
vbsfile [edit] -- Reg Error: Key error.
vbsfile [print] -- Reg Error: Key error.
wsffile [edit] -- Reg Error: Key error.
wsffile [print] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Namo\WebBoard\Server\Apache\Apache.exe" = C:\Program Files\Namo\WebBoard\Server\Apache\Apache.exe:*:Disabled:Apache -- ()
"C:\Program Files\Namo\WebBoard\Server\MySQL\bin\mysqld.exe" = C:\Program Files\Namo\WebBoard\Server\MySQL\bin\mysqld.exe:*:Disabled:mysqld -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Disabled:AOL Instant Messenger -- File not found
"C:\Program Files\Microsoft Office\Office\FRONTPG.EXE" = C:\Program Files\Microsoft Office\Office\FRONTPG.EXE:*:Enabled:Microsoft FrontPage -- (Microsoft Corporation)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1161651213\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1161651213\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1161651213\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1161651213\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Real\RealPlayer\realplay.exe" = C:\Program Files\Real\RealPlayer\realplay.exe:*:Disabled:RealPlayer -- (RealNetworks, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1161651213\ee\AOLOpenRide.exe" = C:\Program Files\Common Files\AOL\1161651213\ee\AOLOpenRide.exe:*:Enabled:AOL OpenRide -- File not found
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon -- File not found
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL -- File not found
"C:\Program Files\America Online 9.0a\waol.exe" = C:\Program Files\America Online 9.0a\waol.exe:*:Enabled:America Online 9.0a -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)
"C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe" = C:\Program Files\Nero\Nero 7\Nero ShowTime\ShowTime.exe:*:Enabled:Nero ShowTime Essentials -- (Nero AG)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe" = C:\Program Files\Intuit\QuickBooks 2008\QBDBMgrN.exe:*:Enabled:QuickBooks 2008 Data Manager -- (iAnywhere Solutions, Inc.)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1218734308\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1218734308\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Windows Live\Messenger\wlcsdk.exe" = C:\Program Files\Windows Live\Messenger\wlcsdk.exe:*:Enabled:Windows Live Call -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe" = C:\Program Files\Windows Live\Sync\WindowsLiveSync.exe:*:Enabled:Windows Live Sync -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Premium
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{05BB2EC5-6BEF-4DDC-9E75-BEE7B161157A}" = Macromedia Dreamweaver MX 2004
"{08F41E5D-2615-4DF3-8972-78044BFA1033}" = Nero 7 Essentials
"{0AB76F69-E761-4CFA-B9B0-A1906B4E9E4B}" = WD Diagnostics
"{11C762F9-95EA-486A-A8E7-683A50C231C1}" = SmartFTP
"{178832DE-9DE0-4C87-9F82-9315A9B03985}" = Windows Live Writer
"{18388EF8-E0A3-442B-8BFE-E2F1B3D05C91}" = iTunes
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26CE07F6-E85C-473D-833C-E8C83118D0C2}" = PlexTools Professional V2.01
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{43DCF766-6838-4F9A-8C91-D92DA586DFA7}" = Microsoft Windows Journal Viewer
"{4405C026-0FC3-4AB1-9B96-B66724ABA2B4}" =
"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant
"{4817189D-1785-4627-A33C-39FD90919300}" = The Sims 2 Pets
"{4BDFD2CE-6329-42E4-9801-9B3D1F10D79B}" = Adobe® Photoshop® Album Starter Edition 3.0
"{4C643986-DE3C-4737-8472-CCEC36CCC267}" = Studio Content CD
"{4CBA3D4C-8F51-4D60-B27E-F6B641C571E7}" = Microsoft Search Enhancement Pack
"{53EF6570-21A4-47ED-A40A-E6470A5677A3}" = Studio 8
"{55D3CCCC-3C69-45FC-B1CD-F31790F0C3EF}" =
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5A3F6A80-7913-475E-8B96-477A952CFA43}" = SupportSoft Assisted Service
"{5C648FDB-0138-4619-B66E-230EF53E8E2C}" = The Sims™ 2 Teen Style Stuff
"{607CE53B-0999-4F3B-8FF1-DB1AA47548A8}" = Roxio PhotoSuite 5
"{6412CECE-8172-4BE5-935B-6CECACD2CA87}" = Windows Live Mail
"{716E0306-8318-4364-8B8F-0CC4E9376BAC}" = MSXML 4.0 SP2 Parser and SDK
"{73811215-3D2D-4F60-8C6F-24464907A18E}" =
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7ADB852F-A380-4C9C-84FC-BD961AE5F69D}" = Song Download Manager
"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials
"{82C87FF2-763A-414B-A2FD-084891990BE5}" =
"{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}" = Windows Live Sync
"{85D3CC30-8859-481A-9654-FD9B74310BEF}" = Musicmatch® Jukebox
"{870F1750-BA89-11DA-A94D-0800200C9A66}_is1" = VSO CopyToDVD 4
"{8851E12C-0EF9-11D4-A788-009027ABA5D0}" = Easy CD Creator 5 Platinum
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A55DFA8-747B-431F-9CF1-E31FD6C94FF2}" = Namo WebUtilities
"{8A74E887-8F0F-4017-AF53-CBA42211AAA5}" = Microsoft Sync Framework Runtime Native v1.0 (x86)
"{8AA24FF0-5BD1-430F-9E44-97733F0382F8}" = Namo WebBoard
"{8AAA3C86-80DB-47AE-8862-34EF000A0516}" = DDMP
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{8D3562E7-C795-4B5D-A091-6DAA3FF0DF3B}" = Macromedia HomeSite+
"{8ECB8220-F419-4BEB-9596-97033C533702}" = QuickBooks Simple Start 2008
"{8ECB8220-F422-4BEB-9596-97033C533702}" = QuickBooks Pro 2008
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{8FD3F4BA-A4A6-4380-00A6-CC6853AB2DC2}" = The Sims 2 University
"{91130409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Small Business
"{93539D60-1817-11D1-9504-00805F26A89C}" = Easy Access Button Support
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{95CBA0F7-C01D-47C0-A749-9B934E197D32}" = Namo WebCanvas
"{995F1E2E-F542-4310-8E1D-9926F5A279B3}" = Windows Live Toolbar
"{99D34763-7E45-4FE5-8424-28DBC3A5F0BF}" = GUIDE PLUS+(TM) for Windows® System
"{9E712DBA-6B5C-4FEC-BC53-2EAA71E3A90A}}_is1" = 3B Ad Blocker Pro
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3752427-9AAA-4B1C-B428-01723E0E9FFA}" = 2x1/4x1 USB Peripheral Switch
"{A5BA14E0-7384-11D4-BAE7-00409631A2C8}" = Macromedia Extension Manager
"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B5C209B1-8DDB-4642-A573-375B951514CB}" = Apple Mobile Device Support
"{B74F042E-E1B9-4A5B-8D46-387BB172F0A4}" = Apple Software Update
"{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{BD276A72-3778-44C5-82B8-7C55F7446E33}" =
"{BD64AF4A-8C80-4152-AD77-FCDDF05208AB}" = Microsoft Sync Framework Services Native v1.0 (x86)
"{BDE90251-93EB-4F6A-89D8-086E2D91DC56}" = Coloreal
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C4C1AFCD-2C72-48B4-AE2E-A7354A525E87}" = Compaq Advisor
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF2606C7-63AF-40F4-8919-F2EC654ACC91}" = Napster for Windows Media Player
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D6C75F0B-3BC1-4FC9-B8C5-3F7E8ED059CA}" = Windows Live Photo Gallery
"{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II
"{DFEF49D9-FC95-4301-99B9-2FB91C6ABA06}" = The Sims™ 2 Seasons
"{E064390A-2F64-4195-9A55-30D4B20B865A}" = WDCSAM Driver
"{E0D51394-1D45-460A-B62D-383BC4F8B335}" = QuickTime
"{E2DFE069-083E-4631-9B6C-43C48E991DE5}" = Junk Mail filter update
"{E7E12FD4-3C01-4381-AEDC-5C2CE937B137}" =
"{E853B3F7-3392-4FA0-827A-A1906A3844C2}" = ATI Multimedia Center
"{EB2C054D-0EF5-4DA4-AF0B-367C93BD0667}" =
"{ED00D08A-3C5F-488D-93A0-A04F21F23956}" = Windows Live Communications Platform
"{EF3FA287-2622-4340-AAF6-0AD29F21A691}" = Namo WebEditor 6
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F248ADFA-64E0-4b03-8A83-059078BED6A0}" = The Sims™ 2 Bon Voyage
"{F6BD194C-4190-4D73-B1B1-C48C99921BFE}" = Windows Live Call
"{F7529650-B9DB-481B-0089-A2AC3C2821C1}" = The Sims 2 Nightlife
"{FCE65C4E-B0E8-4FBD-AD16-EDCBE6CD591F}" = HighMAT Extension to Microsoft Windows XP CD Writing Wizard
"{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"1Click DVD Copy 5_is1" = 1Click DVD Copy 5.3.0.0
"8A1D0449E9CBCC93DCB0CF47934D695423632CA7" = Windows Driver Package - Western Digital Technologies (WDC_SAM) WDC_SAM (12/05/2006 1.0.0007.0)
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM Toolbar" = AIM Toolbar 5.0
"AIM_6" = AIM 6
"AIMToolbar" = AIM Toolbar
"AOL Toolbar" = AOL Toolbar
"AOL Toolbar 5.0" =
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"avast5" = avast! Free Antivirus
"DXTXTRA" = Microsoft DirectX Transform optional components
"Google Chrome" = Google Chrome
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"Hollywood FX 4.6" = Pinnacle Hollywood FX 4.6
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InterActual Player" = InterActual Player
"LetterheadEmail2003" = LetterheadEmail2003
"Lexmark X6100 Series" = Lexmark X6100 Series
"LiveReg" = LiveReg (Symantec Corporation)
"Macromedia Shockwave Player" = Macromedia Shockwave Player
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MGI_PHOTOSUITE_V806" = MGI PhotoSuite 8.1 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft NetShow Tools 2.0" = NetShow Tools 3.0
"Microsoft PhotoDraw 2000" = Microsoft PhotoDraw 2000
"Mozilla Firefox (2.0)" = Mozilla Firefox (2.0)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"MSN Toolbar" = MSN Toolbar
"MySpaceIM" = MySpaceIM
"MyWebSearch bar Uninstall" = My Web Search (Smiley Central)
"Netscape 6 (6.1)" = Netscape 6 (6.1)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Display Driver" = NVIDIA Display Driver
"Online Bridal Shows" = Online Bridal Shows
"PartyPokerNet" = PartyPokerNet
"PCDJ Red VRM" = PCDJ Red VRM
"PCDJ.CO.UK EasyASPI1.1" = PCDJ.CO.UK EasyASPI
"PConPoint_is1" = PConPoint v3.5
"Picasa2" = Picasa 2
"Plaxo" = Plaxo Toolbar for Outlook and Outlook Express
"PrintMaster Gold 4.00" = PrintMaster Gold 4.00
"RealPlayer 12.0" = RealPlayer
"RegCure" = RegCure 1.5.2.7
"RegistryCleaner1.0" = RegistryCleaner
"SDCUSBPorts" = USB-DEVICE
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Sun(TM) Download Manager 2.0" = Sun(TM) Download Manager 2.0
"TopStyle Lite (Version 3.0)" = TopStyle Lite (Version 3.0)
"Ulead VideoStudio 4.0" = Ulead VideoStudio version 4.0 SE
"Viewpoint Manager" = Viewpoint Manager (Remove Only)
"Viewpoint Toolbar" = Viewpoint Toolbar
"ViewpointMediaPlayer" = Viewpoint Media Player
"WeatherBug" = WeatherBug
"WildTangent CDA" = WildTangent Web Driver
"WinActive" = Window Active
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Registry Repair Pro_is1" = Windows Registry Repair Pro
"Windows SR 2.0" = Windows SR 2.0
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinLiveSuite_Wave3" = Windows Live Essentials
"WinMX" = WinMX
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"InstallShield_{B9A81070-616D-4E93-BE02-CEE651343204}" = WD Anywhere Backup
"InstallShield_{FECA6067-869C-4F32-9F6E-574E1496CE44}" = Memeo AutoSync
"Move Rect Owns" = Zone Media

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/10/2010 5:19:10 AM | Computer Name = SHERRIS | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2/10/2010 5:20:51 AM | Computer Name = SHERRIS | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2/10/2010 5:20:58 AM | Computer Name = SHERRIS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.62, faulting
module ViewpointService.exe, version 2.0.0.62, fault address 0x00002250.

Error - 2/10/2010 5:29:26 AM | Computer Name = SHERRIS | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2/10/2010 5:29:39 AM | Computer Name = SHERRIS | Source = Application Error | ID = 1004
Description = Faulting application ViewpointService.exe, version 2.0.0.62, faulting
module ViewpointService.exe, version 2.0.0.62, fault address 0x00002250.

Error - 2/10/2010 5:29:43 AM | Computer Name = SHERRIS | Source = Application Error | ID = 1004
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2/10/2010 5:29:48 AM | Computer Name = SHERRIS | Source = Application Error | ID = 1004
Description = Faulting application ViewpointService.exe, version 2.0.0.62, faulting
module ViewpointService.exe, version 2.0.0.62, fault address 0x00002250.

Error - 2/10/2010 4:26:26 PM | Computer Name = SHERRIS | Source = Application Error | ID = 1000
Description = Faulting application smss32.exe, version 0.0.0.0, faulting module
wininet.dll, version 7.0.6000.16981, fault address 0x00023bb1.

Error - 2/10/2010 4:43:57 PM | Computer Name = SHERRIS | Source = Application Error | ID = 1000
Description = Faulting application GoogleUpdate.exe, version 1.2.131.7, faulting
module GoogleUpdate.exe, version 1.2.131.7, fault address 0x00006eef.

Error - 2/10/2010 4:45:03 PM | Computer Name = SHERRIS | Source = Application Error | ID = 1000
Description = Faulting application ViewpointService.exe, version 2.0.0.62, faulting
module ViewpointService.exe, version 2.0.0.62, fault address 0x00002250.

[ System Events ]
Error - 2/10/2010 4:45:54 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7000
Description = The Google Update Service (gupdate1ca6968a4056454) service failed
to start due to the following error: %%1053

Error - 2/10/2010 4:45:54 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized MVD Codec service failed to start due to the
following error: %%1058

Error - 2/10/2010 4:45:54 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7000
Description = The ATI WDM Specialized PCD Codec service failed to start due to the
following error: %%1058

Error - 2/10/2010 4:45:54 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Viewpoint Manager Service
service to connect.

Error - 2/10/2010 4:45:54 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7000
Description = The Viewpoint Manager Service service failed to start due to the following
error: %%1053

Error - 2/10/2010 4:45:54 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
szkg

Error - 2/10/2010 4:46:30 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/10/2010 4:46:30 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053

Error - 2/10/2010 4:46:33 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the IMAPI CD-Burning COM
Service service to connect.

Error - 2/10/2010 4:46:33 PM | Computer Name = SHERRIS | Source = Service Control Manager | ID = 7000
Description = The IMAPI CD-Burning COM Service service failed to start due to the
following error: %%1053


< End of report >

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Wed Mar 31, 2010 4:00 pm

Hello.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

    Adobe Reader 7.0.9
    My Web Search (Smiley Central)
    Viewpoint Manager (Remove Only)
    Viewpoint Toolbar
    Viewpoint Media Player

Please run OTL.exe.

  • Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose CopyCrying


    :OTL
    [2010/03/29 13:00:24 | 000,012,660 | -HS- | M] () -- C:\Documents and Settings\Head user\Local Settings\Application Data\YGvcpA571Wx
    [2010/03/29 13:00:24 | 000,012,660 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\YGvcpA571Wx
    C:\Documents and Settings\All Users\Application Data\1488701108
    [2010/03/26 16:46:08 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Afijefayo.dat
    [2010/03/26 11:33:32 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Vlilaxu.bin


  • Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.

  • Click the red Run Fix button.
  • A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTL.exe
If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Wed Mar 31, 2010 5:01 pm

When I went to the programs list I could not locate the MY Web Search (smiley central) or the Viewpoint Toolbar or Viewpoint Media Player. I did a search of Drive C: to attempt to locate. All others were uninstalled. The following is the log that you requested: Please advise Thank you


========== OTL ==========
C:\Documents and Settings\Head user\Local Settings\Application Data\YGvcpA571Wx moved successfully.
C:\Documents and Settings\All Users\Application Data\YGvcpA571Wx moved successfully.
C:\WINDOWS\Afijefayo.dat moved successfully.
C:\WINDOWS\Vlilaxu.bin moved successfully.

OTL by OldTimer - Version 3.1.28.0 log created on 03312010_115605

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Wed Mar 31, 2010 9:52 pm

Click Start > Run and copy/paste the following bolded text into the Run box and click OK:

ComboFix /uninstall

This will also reset your restore points.

How is the machine running now?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Thu Apr 01, 2010 12:05 am

I did all that you have suggested and instructed and the system is so much better and faster than I can remember it being. Thank you. I did do a Malwarebytes scan earlier today and still found two infections. I proceeded to repair those. Below is that log. I have since run Malwarebytes with no infections found. Again, Thank you. I will now reinstall my Avasti virus software, do you recommend anything else that I should do to protect the system? Also, I want to upgrade my system, will this system handle windows 7 or do you recommend a a better version of XP. I will offer a donation to your cause, and I will tell all my friends about you guys. You have been excellent. Keep up the good work.

Is there anything I can do for you?
Thanks again.
Mark

Malwarebytes' Anti-Malware 1.45
[You must be registered and logged in to see this link.]

Database version: 3938

Windows 5.1.2600 Service Pack 3
Internet Explorer 7.0.5730.13

3/31/2010 12:13:15 PM
mbam-log-2010-03-31 (12-13-15).txt

Scan type: Quick scan
Objects scanned: 164342
Time elapsed: 8 minute(s), 22 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\toolbar_setup10.exe (Spyware.Passwords) -> Quarantined and deleted successfully.
C:\toolbar_setup11.exe (Spyware.Passwords) -> Quarantined and deleted successfully.

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Thu Apr 01, 2010 12:12 am

Hello.

Please download and install [You must be registered and logged in to see this link.]

This should be fine now.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Thu Apr 01, 2010 11:07 pm

Thank you again for your help, much appreciated, the system is working better than I can remember. I went to your donations page and noticed that you are currently working on your paypal so I will stop back to contribute.

I have reloaded the AVAST antivirus software. Do you recommend a different antivirus software? Also do you recommend a certain Firewall software?
I was thinking about upgrading this system to windows 7 - can it handle it or do you recommend a different vesion of XP.
When I upload a new version do you recommend a clean install, or will the upgrade automatically save my data files to the new operating system.
Thanks again Belahzur, you have been quite helpful.

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Thu Apr 01, 2010 11:26 pm

Run ESET Online Scan
Please do an online scan with [You must be registered and logged in to see this link.]. Please use Internet Explorer as it uses ActiveX.

  • Check (tick) this box: YES, I accept the Terms of Use.
  • Click on the Start button next to it.
  • When prompted to run ActiveX. click Yes.
  • You will be asked to install an ActiveX. Click Install.
  • Once installed, the scanner will be initialized.
  • After the scanner is initialized, click Start.
  • Check (tick) Remove found threats box.
  • Check (tick) Scan unwanted applications.
  • Click on Scan.
  • It will start scanning. Please be patient.
  • Once the scan is done, the log will be saved here: C:\Program Files\esetonlinescanner\log.txt.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by iplo4fun on Fri Apr 02, 2010 10:40 pm

The program will not run. It gets through the active x selection and to the run selection then it hangs up. I left it attempt to run for over an hour. Please advise.
Thank you.

iplo4fun
Novice
Novice

Posts Posts : 27
Joined Joined : 2010-01-18
OS OS : windows xp
Points Points : 25443
# Likes # Likes : 0

View user profile

Back to top Go down

Re: Anti Malware Defender Removal - Please help

Post by Belahzur on Sat Apr 03, 2010 12:34 am

Try this.

Please use the Internet Explorer browser, and do an online scan with [You must be registered and logged in to see this link.]

Note: If you have used this particular scanner before, you MAY HAVE TO UNINSTALL the program through Add/Remove Programs before downloading the new ActiveX component

Click Accept, when prompted to download and install the program files and database of malware definitions.

  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.

    **Note**

    To optimize scanning time and produce a more sensible report for review:

  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245069
# Likes # Likes : 1

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum