[Inactive] Another Win32/Zbot.G infection

Broni · Feb 24, 2011

Do not connected any external devices for now.

Drena Designs · Feb 24, 2011

OTL TEXT:

OTL logfile created on: 24/02/2011 23:26:08 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Swifter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 189.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.64 Gb Free Space | 55.41% Space Free | Partition Type: NTFS
Drive E: | 959.13 Mb Total Space | 958.84 Mb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: JULIANS | User Name: Swifter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/24 23:20:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2006/12/15 03:23:27 | 000,075,520 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe
PRC - [2006/04/18 08:32:00 | 000,561,568 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\eabservr.exe

========== Modules (SafeList) ==========

MOD - [2011/02/24 23:20:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
MOD - [2005/11/30 15:31:34 | 000,438,801 | ---- | M] (Hewlett-Packard ) -- C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [On_Demand | Stopped] -- -- (hpqwmi)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [Auto | Stopped] -- -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - File not found [Auto | Stopped] -- -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/25 14:27:54 | 000,421,255 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)

========== Driver Services (SafeList) ==========

DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/07 22:40:10 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2005/11/16 13:12:46 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/05/24 14:01:16 | 000,077,040 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 14:00:56 | 000,079,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 14:00:46 | 000,087,424 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 14:00:44 | 000,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 14:00:37 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/10 09:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/01/31 17:23:08 | 000,109,319 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/28 10:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/26 09:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/17 16:48:44 | 000,046,167 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003/03/27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/06/10 14:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-507921405-1659004503-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKU\S-1-5-21-507921405-1659004503-839522115-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKU\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q="
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.45.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=kTH8wFRKbs5AqNC5cxm5Ow&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="

FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\

[2009/07/26 16:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions
[2008/06/19 13:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/07/26 16:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/28 17:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions
[2010/07/21 21:11:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/21 21:11:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/21 21:11:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/14 21:58:54 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2009/12/17 20:39:09 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\searchplugins\mywebsearch.xml
[2011/01/29 09:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/12 11:30:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/06/04 16:38:46 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\FIREFOX
[2008/02/27 16:57:38 | 000,262,513 | ---- | M] (British Broadcasting Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2008/01/23 06:20:30 | 000,647,576 | ---- | M] (BitComet) -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2011/02/24 18:23:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_11\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe (Hewlett-Packard )
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_11\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_11\bin\NPJPI150_11.dll (Sun Microsystems, Inc.)
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_11-windows-i586.cab (Java Plug-in 1.5.0_11)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\Program Files\ayirbhrn\ifahlkbe.exe) - C:\Program Files\ayirbhrn\ifahlkbe.exe File not found
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Swifter/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Swifter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Swifter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/25 20:34:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/24 23:20:48 | 000,013,534 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\...com [@ = ComFile] -- Reg Error: Key error. File not found

NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.at3 - C:\WINDOWS\System32\atrac3.acm ()
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\DivXa32.acm (Hacked With Joy !)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.imc - C:\WINDOWS\System32\IMC32.ACM (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.lameacm - C:\WINDOWS\System32\lameACM.acm (http://www.mp3dev.org/)
Drivers32: msacm.lhacm - C:\WINDOWS\System32\lhacm.acm (Microsoft Corporation)
Drivers32: msacm.pcdv - C:\WINDOWS\System32\pcdv.acm (Canopus Co., Ltd.)
Drivers32: msacm.qmpeg - C:\WINDOWS\System32\qmpeg.acm (QDesign Corporation)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: msacm.vorbis - C:\WINDOWS\System32\vorbis.acm (HMS http://hp.vector.co.jp/authors/VA012897/)
Drivers32: msacm.voxacm160 - C:\WINDOWS\System32\vct3216.acm (Voxware, Inc.)
Drivers32: msacm.wrpr - C:\WINDOWS\System32\AVIWRAP.DLL ()
Drivers32: MSVideo - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.3ivx - C:\WINDOWS\System32\3ivxVfWCodec.dll (3ivx.com)
Drivers32: vidc.aasc - C:\WINDOWS\System32\AASC32.DLL (Autodesk, Inc.)
Drivers32: vidc.advs - C:\WINDOWS\System32\Dvc.dll (Adaptec)
Drivers32: vidc.aflc - C:\WINDOWS\System32\FLCCODEC32.DLL (Autodesk, Inc.)
Drivers32: vidc.afli - C:\WINDOWS\System32\FLCCODEC32.DLL (Autodesk, Inc.)
Drivers32: vidc.ap41 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.asv1 - C:\WINDOWS\System32\ASUSASV1.DLL ()
Drivers32: vidc.asv2 - C:\WINDOWS\System32\ASUSASV2.dll ()
Drivers32: vidc.avrn - C:\WINDOWS\System32\AvidAVICodec.dll (Avid Technology, Inc)
Drivers32: vidc.bt20 - C:\WINDOWS\System32\BTVVC32.DRV (Brooktree Corporation)
Drivers32: vidc.cdvc - C:\WINDOWS\System32\CSCCDVC.DLL (Canopus Co., Ltd.)
Drivers32: vidc.cscd - C:\WINDOWS\System32\camcodec.dll (RenderSoft Software.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Compression Technologies, Inc.)
Drivers32: vidc.dcmj - C:\WINDOWS\System32\mcmjpg32.dll (MainConcept)
Drivers32: vidc.ddvc - C:\WINDOWS\System32\CSCdvsd.DLL (Canopus Co., Ltd.)
Drivers32: vidc.div3 - C:\WINDOWS\System32\DivXc32.dll (Hacked with Joy !)
Drivers32: vidc.div4 - C:\WINDOWS\System32\DivXc32f.dll (Hacked with Joy !)
Drivers32: vidc.dmb1 - C:\WINDOWS\System32\M3JPEG32.DLL (Morgan Multimedia)
Drivers32: vidc.dps0 - C:\WINDOWS\System32\DpsAviCC.dll (Digital Processing Systems Inc.)
Drivers32: vidc.dv25 - C:\WINDOWS\System32\DigiVCap.dll (Matrox Electronic Systems)
Drivers32: vidc.dv50 - C:\WINDOWS\System32\DigiVCap.dll (Matrox Electronic Systems)
Drivers32: vidc.dvsd - C:\WINDOWS\System32\MCDVD_32.DLL (MainConcept)
Drivers32: vidc.dvx4 - C:\WINDOWS\System32\divx4.dll (DivXNetworks, Inc.)
Drivers32: vidc.em2v - C:\WINDOWS\System32\ETXCodec.dll (Etymonix Inc.)
Drivers32: VIDC.FFDS - ff_vfw.dll File not found
Drivers32: vidc.fljp - C:\WINDOWS\System32\MMTVMJ.dll (Morgan Multimedia)
Drivers32: vidc.frwd - C:\WINDOWS\System32\frwd.dll (Darim Vision Co.)
Drivers32: vidc.frwt - C:\WINDOWS\System32\frwt.dll (Darim Vision Co.)
Drivers32: vidc.frwu - C:\WINDOWS\System32\frwu.dll (Darim Vision Co.)
Drivers32: vidc.glzw - C:\WINDOWS\System32\Glzw.dll (Gabest)
Drivers32: vidc.gpeg - C:\WINDOWS\System32\Gpeg.dll (Gabest)
Drivers32: vidc.hfyu - C:\WINDOWS\System32\huffyuv.dll (Disappearing Inc.)
Drivers32: vidc.i263 - C:\WINDOWS\System32\i263_32.drv (Intel Corporation)
Drivers32: vidc.ipdv - C:\WINDOWS\System32\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.ir21 - C:\WINDOWS\System32\IR21_R.DLL ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.dll (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\Ir50_32.dll (Intel Corporation)
Drivers32: vidc.lead - C:\WINDOWS\System32\LCodcCMP.dll (LEAD Technologies, Inc.)
Drivers32: vidc.miro - C:\WINDOWS\System32\mirodv2avi.dll (Pinnacle Systems)
Drivers32: vidc.mj2c - C:\WINDOWS\System32\M3JP2K32.dll (Morgan Multimedia)
Drivers32: vidc.mjpa - C:\WINDOWS\System32\rtmjpgcdc.dll (Pinnacle Systems)
Drivers32: vidc.mjpg - C:\WINDOWS\System32\M3JPEG32.DLL (Morgan Multimedia)
Drivers32: vidc.mjpx - C:\WINDOWS\System32\pvmjpg21.dll (Pegasus Imaging Corporation)
Drivers32: vidc.mkvc - C:\WINDOWS\System32\KMVIDC32.DLL ()
Drivers32: vidc.mmes - C:\WINDOWS\System32\DigiVCap.dll (Matrox Electronic Systems)
Drivers32: vidc.mmjp - C:\WINDOWS\System32\DigiVCap.dll (Matrox Electronic Systems)
Drivers32: vidc.mp42 - C:\WINDOWS\System32\mpg4c32.dll ()
Drivers32: vidc.mp43 - C:\WINDOWS\System32\mpg4c32.dll ()
Drivers32: vidc.mpg4 - C:\WINDOWS\System32\mpg4c32.dll ()
Drivers32: vidc.msmc - C:\WINDOWS\System32\DigiVCap.dll (Matrox Electronic Systems)
Drivers32: VIDC.mszh - C:\WINDOWS\System32\AVIMSZH.DLL ()
Drivers32: vidc.mwv1 - C:\WINDOWS\System32\ICMW_32.DLL (Aware Inc.)
Drivers32: vidc.mxmc - MimicICM.DLL File not found
Drivers32: vidc.nt00 - C:\WINDOWS\System32\NTCodec.dll (NewTek, Inc)
Drivers32: vidc.pdvc - C:\WINDOWS\System32\idvcodec.dll (Matsushita Electric Industrial Co., Ltd. I-O DATA DEVICE,INC.)
Drivers32: vidc.pim1 - C:\WINDOWS\System32\pclepim1.dll (Pinnacle Systems)
Drivers32: vidc.pimj - C:\WINDOWS\System32\pvljpg20.dll (Pegasus Imaging Corporation)
Drivers32: vidc.pvw2 - C:\WINDOWS\System32\pvwv220.dll (Pegasus Imaging Corporation)
Drivers32: vidc.rmp4 - C:\WINDOWS\System32\rmp4.dll ()
Drivers32: vidc.rt21 - C:\WINDOWS\System32\IR21_R.DLL ()
Drivers32: vidc.rud0 - C:\WINDOWS\System32\Rududu.dll (nico)
Drivers32: vidc.s422 - C:\WINDOWS\System32\TEKYUV.DLL ()
Drivers32: vidc.sjpg - C:\WINDOWS\System32\pmjpeg32.dll (White Pine Software and Paradigm Matrix)
Drivers32: vidc.sony - C:\WINDOWS\System32\sonydv.dll (Sony Corporation)
Drivers32: vidc.tscc - C:\Program Files\MpcStar\Codecs\tscc\tsccvid.dll (TechSmith Corporation)
Drivers32: vidc.tvmj - C:\WINDOWS\System32\MMTVMJ.dll (Morgan Multimedia)
Drivers32: vidc.vcr1 - C:\WINDOWS\System32\ATIVCR1.DLL (ATI Technologies, Inc.)
Drivers32: vidc.vcr2 - C:\WINDOWS\System32\ativcr2.dll (ATI Technologies, Inc.)
Drivers32: vidc.vifp - C:\WINDOWS\System32\VFCodec.dll ()
Drivers32: vidc.vixl - C:\WINDOWS\System32\MIROXL32.DLL (Pinnacle Systems)
Drivers32: vidc.vp31 - C:\WINDOWS\System32\vp31vfw.dll (On2.com)
Drivers32: vidc.vssv - C:\WINDOWS\System32\vsscodec.dll (Vanguard Software Solutions, Inc.)
Drivers32: vidc.wnv1 - C:\WINDOWS\System32\WNVPLAY1.DLL (Winnov)
Drivers32: vidc.wrpr - C:\WINDOWS\System32\AVIWRAP.DLL ()
Drivers32: vidc.y41p - C:\WINDOWS\System32\BTVVC32.DRV (Brooktree Corporation)
Drivers32: vidc.zlib - C:\WINDOWS\System32\AVIZLIB.DLL ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (68412030092050432)

========== Files/Folders - Created Within 30 Days ==========

[2011/02/24 23:20:22 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
[2011/02/23 22:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Desktop\tdsskiller
[2011/02/23 21:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/23 20:19:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/23 20:16:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/23 20:16:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/23 20:16:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/23 20:16:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/23 20:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/23 19:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/23 19:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\Malwarebytes
[2011/02/23 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/23 18:53:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/23 18:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/23 18:53:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/23 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/18 21:04:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Swifter\Recent
[2011/02/18 12:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\AVG10
[2011/02/18 12:02:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/18 11:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/18 11:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\ayirbhrn
[2011/02/18 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\cs
[2011/02/18 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\blinkx beat
[2011/02/13 20:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/07 21:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\My Documents\FrostWire
[2011/02/07 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\FrostWire
[2011/02/07 21:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\FrostWire
[2011/02/07 21:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/02/07 21:25:23 | 008,310,726 | ---- | C] (FrostWire Team) -- C:\Documents and Settings\Swifter\My Documents\frostwire-4.21.3.windows.exe
[2011/02/07 21:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx
[2011/01/26 18:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\Rave
[2007/06/21 17:09:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Swifter\Application Data\pcouffin.sys
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/02/24 23:20:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
[2011/02/24 23:19:52 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/24 23:19:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/24 18:37:39 | 000,152,051 | ---- | M] () -- C:\WINDOWS\System32\notepadmgr.exe
[2011/02/24 18:23:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/24 18:14:39 | 004,274,341 | R--- | M] () -- C:\Documents and Settings\Swifter\Desktop\ComboFix.exe
[2011/02/24 18:11:49 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C5A829B-00FC-4AB1-BEFD-3BE4BA8BD8C6}.job
[2011/02/23 23:35:52 | 000,152,051 | ---- | M] () -- C:\WINDOWS\Explorermgr.exe
[2011/02/23 23:07:04 | 000,288,709 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\RKUnhookerLE.EXE
[2011/02/23 22:45:50 | 001,257,772 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\tdsskiller.zip
[2011/02/23 22:35:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 22:28:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (2) to Internet Explorer.lnk
[2011/02/23 21:57:30 | 000,152,051 | ---- | M] () -- C:\WINDOWS\System32\taskmgrmgr.exe
[2011/02/23 21:56:38 | 000,779,142 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\dds.scr
[2011/02/23 21:55:08 | 000,451,463 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\wvwx6fpx.exe
[2011/02/23 21:36:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut to Internet Explorer.lnk
[2011/02/23 20:19:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/23 19:32:30 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\rkill.com
[2011/02/23 18:53:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/18 12:37:19 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011/02/18 12:29:34 | 000,003,231 | ---- | M] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\gumlc.dat
[2011/02/15 20:35:19 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/02/15 09:38:00 | 000,444,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/15 09:38:00 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/07 21:25:21 | 008,310,726 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Swifter\My Documents\frostwire-4.21.3.windows.exe
[2011/02/07 21:12:10 | 000,208,464 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe
[2011/02/07 17:28:53 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\untitled.bmp
[2011/01/31 11:25:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for sandra.doc
[2011/01/31 11:19:19 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for us.doc
[2011/01/31 10:41:08 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 1 TRAINEES.doc
[2011/01/31 10:33:17 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 2 TRAINEES.doc
[2011/01/31 09:57:39 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Microsoft Word.lnk
[2011/01/31 09:56:41 | 000,424,448 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\invoice for us.doc
[2011/01/28 21:53:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/26 22:01:28 | 154,871,128 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Swifter\Desktop\avg_free_x86_all_2011_1204a3402.exe
[2011/01/26 12:37:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\FOOTBALL KITS ordered.doc
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/02/24 00:01:12 | 000,152,051 | ---- | C] () -- C:\WINDOWS\System32\notepadmgr.exe
[2011/02/23 23:08:26 | 000,288,709 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\RKUnhookerLE.EXE
[2011/02/23 22:46:29 | 001,257,772 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\tdsskiller.zip
[2011/02/23 22:28:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (2) to Internet Explorer.lnk
[2011/02/23 21:58:16 | 000,779,142 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\dds.scr
[2011/02/23 21:58:09 | 000,451,463 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\wvwx6fpx.exe
[2011/02/23 21:57:30 | 000,152,051 | ---- | C] () -- C:\WINDOWS\System32\taskmgrmgr.exe
[2011/02/23 21:36:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut to Internet Explorer.lnk
[2011/02/23 21:21:27 | 154,871,128 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\avg_free_x86_all_2011_1204a3402.exe
[2011/02/23 20:19:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/23 20:19:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/23 20:16:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/23 20:16:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/23 20:16:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/23 20:16:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/23 20:16:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/23 20:09:32 | 004,274,341 | R--- | C] () -- C:\Documents and Settings\Swifter\Desktop\ComboFix.exe
[2011/02/23 20:06:42 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\rkill.com
[2011/02/23 19:26:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 18:53:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/18 20:04:49 | 000,152,051 | ---- | C] () -- C:\WINDOWS\Explorermgr.exe
[2011/02/16 21:55:51 | 000,081,437 | ---- | C] () -- C:\Documents and Settings\Swifter\xrrwsxvt.log
[2011/02/16 21:55:51 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Swifter\vybagyrq.log
[2011/02/16 21:55:50 | 000,003,907 | ---- | C] () -- C:\Documents and Settings\Swifter\cgkmxhsr.log
[2011/02/16 21:55:18 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Swifter\jgdymjga.log
[2011/02/15 20:48:57 | 052,408,320 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\site1.wpp
[2011/02/13 20:39:39 | 000,003,510 | ---- | C] () -- C:\Documents and Settings\Swifter\commonpriv.log
[2011/02/13 20:39:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Swifter\commonpriv.log.lock
[2011/02/07 21:12:08 | 000,208,464 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe
[2011/02/07 17:28:53 | 001,166,454 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\untitled.bmp
[2011/01/31 11:25:20 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for sandra.doc
[2011/01/31 11:19:18 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for us.doc
[2011/01/31 09:56:39 | 000,424,448 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\invoice for us.doc
[2011/01/30 21:47:30 | 000,003,231 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\gumlc.dat
[2011/01/28 21:53:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/26 13:04:16 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 2 TRAINEES.doc
[2011/01/26 12:58:09 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 1 TRAINEES.doc
[2011/01/26 12:37:10 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\FOOTBALL KITS ordered.doc
[2011/01/24 23:48:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/01/22 12:29:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/12 00:58:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/10 19:04:13 | 000,040,372 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\FASTWiz.log
[2008/05/26 16:02:50 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/03/01 12:19:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\ezpinst.exe
[2008/01/02 13:29:05 | 000,001,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/07 22:40:08 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/06/21 17:09:36 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.log
[2007/06/21 17:09:24 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.cat
[2007/06/21 17:09:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.inf
[2007/01/27 19:52:25 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2007/01/27 19:50:55 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/27 19:50:51 | 000,000,536 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/13 09:32:15 | 000,011,264 | R--- | C] () -- C:\WINDOWS\System32\TEKYUV.DLL
[2006/05/13 09:32:14 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\rmp4.dll
[2006/05/13 09:32:14 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\dsrmp4.dll
[2006/05/13 09:32:13 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\mpegdecoder.dll
[2006/05/13 09:32:12 | 000,023,552 | R--- | C] () -- C:\WINDOWS\System32\pdi.dll
[2006/05/13 09:32:11 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/05/13 09:32:11 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/05/13 09:32:11 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/05/13 09:32:11 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/05/13 09:32:11 | 000,000,702 | R--- | C] () -- C:\WINDOWS\MMTVMJ.INI
[2006/05/13 09:32:10 | 000,000,761 | R--- | C] () -- C:\WINDOWS\M3JP2K.INI
[2006/05/13 09:32:09 | 000,000,714 | R--- | C] () -- C:\WINDOWS\m3jpeg.ini
[2006/05/13 09:32:05 | 000,413,760 | R--- | C] () -- C:\WINDOWS\System32\mpg4c32.dll
[2006/05/13 09:32:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/05/13 09:32:00 | 000,077,664 | R--- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[2006/05/13 09:32:00 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006/05/13 09:31:59 | 000,152,064 | R--- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/05/13 09:31:54 | 000,092,672 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV2.dll
[2006/05/13 09:31:54 | 000,071,680 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV1.DLL
[2006/05/13 09:31:54 | 000,066,560 | R--- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2006/05/13 09:31:53 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2006/05/13 09:31:52 | 000,482,816 | R--- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2006/05/13 09:31:52 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/05/13 09:31:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AVIWRAP.DLL
[2006/05/13 09:31:46 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\AVIZLIB.DLL
[2006/05/13 09:31:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\AVIMSZH.DLL
[2006/05/13 09:31:39 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/05/13 09:31:39 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2006/04/25 13:24:42 | 000,000,163 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/04/17 11:52:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\gnucleus.INI
[2006/03/22 21:46:10 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/12 15:06:09 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2006/03/09 21:14:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\fusioncache.dat
[2006/02/28 20:23:06 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/28 19:07:16 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/28 13:37:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/27 18:48:18 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/02/27 18:48:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2006/02/27 18:48:09 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2006/02/27 18:48:09 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2006/02/25 21:57:24 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/25 20:44:28 | 000,000,936 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006/02/25 20:24:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/03 12:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

Drena Designs · Feb 24, 2011

continued......

[2011/02/23 21:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/18 11:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/02/18 12:02:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/07 21:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/02/04 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2011/01/22 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/06 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/02/24 23:31:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/02/18 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/28 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/07 11:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/02/07 20:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/02/13 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/21 00:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/06/19 02:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/01/22 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/06/22 08:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/02/24 12:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/23 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/02/18 12:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\AVG10
[2011/02/07 22:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\CometPlayer
[2008/02/04 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\eBay
[2011/01/23 09:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Epson
[2011/02/17 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\FrostWire
[2008/09/06 14:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Grisoft
[2006/02/25 22:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Leadertech
[2009/11/28 18:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\LimeWire
[2006/03/04 19:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\MSNInstaller
[2011/02/04 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Ninu
[2011/02/03 20:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Qoircy
[2008/10/12 19:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Serif
[2007/04/12 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\SignupShield
[2008/08/29 12:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Sony
[2010/11/14 22:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TigerPlayer
[2008/06/19 13:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TomTom
[2008/06/19 02:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TuneUp Software
[2008/03/01 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Vso
[2007/06/20 10:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\WholeSecurity
[2006/03/09 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Windows Desktop Search
[2011/02/18 12:37:19 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2011/02/24 18:11:49 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C5A829B-00FC-4AB1-BEFD-3BE4BA8BD8C6}.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2008/06/19 21:33:11 | 000,000,000 | ---- | M] () -- C:\700.log
[2006/02/25 21:49:54 | 000,020,372 | ---- | M] () -- C:\adobelog.txt
[2006/02/25 20:34:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/02/25 20:28:14 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/02/23 20:19:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2006/02/25 22:11:35 | 000,000,090 | ---- | M] () -- C:\chpst.log
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/02/24 18:29:05 | 000,010,152 | ---- | M] () -- C:\ComboFix.txt
[2006/02/25 20:34:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/02/25 22:10:26 | 003,223,204 | ---- | M] () -- C:\DNSP1.LOG
[2008/06/04 20:57:56 | 000,033,666 | ---- | M] () -- C:\dvdfabexpress_burn.log
[2008/03/24 21:31:00 | 000,009,371 | ---- | M] () -- C:\dvdfab_burn.log
[2007/01/31 17:44:55 | 000,001,096 | ---- | M] () -- C:\hdd.log
[2006/02/25 21:57:24 | 000,000,171 | ---- | M] () -- C:\HSC.log
[2008/06/26 17:46:44 | 000,000,132 | ---- | M] () -- C:\ICSYSINF.log
[2007/05/14 21:29:18 | 000,000,374 | ---- | M] () -- C:\INSTALL.LOG
[2006/02/25 20:34:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/09/08 10:08:50 | 000,000,985 | -H-- | M] () -- C:\IPH.PH
[2007/01/27 19:47:53 | 000,000,183 | ---- | M] () -- C:\LogiSetup.log
[2006/02/25 22:15:16 | 000,000,161 | ---- | M] () -- C:\mscuxp.log
[2006/02/25 20:34:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 12:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/09/09 15:45:51 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/02/24 23:19:23 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2011/02/23 20:08:06 | 000,000,408 | ---- | M] () -- C:\rkill.log
[2006/02/25 22:15:11 | 000,000,196 | ---- | M] () -- C:\sedinst2.log
[2006/02/25 22:07:20 | 000,000,171 | ---- | M] () -- C:\setup.log
[2008/05/01 12:01:14 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2008/05/01 12:01:14 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2006/02/25 22:06:50 | 000,020,958 | ---- | M] () -- C:\sunjava.log
[2011/02/23 22:56:43 | 000,045,132 | ---- | M] () -- C:\TDSSKiller.2.4.18.0_23.02.2011_22.55.31_log.txt
[2006/02/25 21:47:24 | 000,000,032 | ---- | M] () -- C:\ticrdbus.log
[2008/06/05 18:47:21 | 000,000,146 | ---- | M] () -- C:\YServer.txt

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/02/25 20:34:02 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 12:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 10:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2008/07/22 14:54:29 | 000,001,586 | -H-- | M] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/02/25 20:20:00 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/02/25 20:20:00 | 000,634,880 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/02/25 20:20:00 | 000,880,640 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2008/09/09 15:54:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2008/02/28 13:01:24 | 000,774,144 | ---- | M] () -- C:\WINDOWS\system32\NEROINSTAEC43759.DB
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2006/02/25 20:42:37 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2006/02/25 20:42:36 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/01/26 22:01:28 | 154,871,128 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Swifter\Desktop\avg_free_x86_all_2011_1204a3402.exe
[2011/02/24 18:14:39 | 004,274,341 | R--- | M] () -- C:\Documents and Settings\Swifter\Desktop\ComboFix.exe
[2010/11/09 11:47:20 | 021,499,328 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\mpcstar_4.9_setup.exe
[2011/02/24 23:20:18 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
[2011/02/23 23:07:04 | 000,288,709 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\RKUnhookerLE.EXE
[2011/02/18 21:17:28 | 012,390,344 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Swifter\Desktop\windows-kb890830-v3.16.exe
[2011/02/23 21:55:08 | 000,451,463 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\wvwx6fpx.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >
[2010/07/15 19:11:10 | 044,089,904 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\avira_antivir_personal_en.exe
[2011/02/07 21:25:21 | 008,310,726 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Swifter\My Documents\frostwire-4.21.3.windows.exe
[2011/02/07 21:12:10 | 000,208,464 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2006/02/25 20:42:36 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Swifter\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2009/06/29 18:05:07 | 000,000,067 | -HS- | M] () -- C:\Documents and Settings\Swifter\Cookies\desktop.ini
[2011/02/24 23:19:48 | 000,032,768 | -HS- | M] () -- C:\Documents and Settings\Swifter\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/14 00:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2007/04/02 18:07:22 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/04/13 17:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/14 00:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2007/04/02 18:07:23 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2007/04/02 18:07:23 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2007/04/02 18:07:24 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2007/04/02 18:07:27 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2007/04/02 18:04:01 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[2002/07/17 15:22:34 | 000,004,672 | ---- | M] (Adaptec) -- C:\WINDOWS\system\WOWPOST.EXE

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Alternate Data Streams ==========

@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41FA22AC

< End of report >

Drena Designs · Feb 24, 2011

EXTRAS TEXT

OTL Extras logfile created on: 24/02/2011 23:26:08 - Run 1
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Swifter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 189.00 Mb Available Physical Memory | 38.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 79.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.64 Gb Free Space | 55.41% Space Free | Partition Type: NTFS
Drive E: | 959.13 Mb Total Space | 958.84 Mb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: JULIANS | User Name: Swifter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- Reg Error: Key error. File not found
.cmd [@ = cmdfile] -- Reg Error: Key error. File not found
.com [@ = ComFile] -- Reg Error: Key error. File not found
.hta [@ = htafile] -- Reg Error: Key error. File not found
.url [@ = InternetShortcut] -- Reg Error: Key error. File not found
.vbs [@ = VBSFile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- Reg Error: Key error.
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"FirewallOverride" = 0
"AntiVirusOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabledxpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"17166:TCP" = 17166:TCP:*:Enabled:BitComet 17166 TCP
"17166:UDP" = 17166:UDP:*:Enabled:BitComet 17166 UDP
"1900:UDP" = 1900:UDP:LocalSubNet:Enabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabledxpsp2res.dll,-22008
"22136:TCP" = 22136:TCP:*:Enabled:BitComet 22136 TCP
"22136:UDP" = 22136:UDP:*:Enabled:BitComet 22136 UDP
"139:TCP" = 139:TCP:LocalSubNet:Enabledxpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabledxpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabledxpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabledxpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\msnmsgr.exe" = C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Kontiki\KService.exe" = C:\Program Files\Kontiki\KService.exe:*:Enabledelivery Manager Service -- (Kontiki Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Epson Software\Event Manager\EEventManager.exe" = C:\Program Files\Epson Software\Event Manager\EEventManager.exe:*:Enabled:EEventManager Application -- (SEIKO EPSON CORPORATION)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{075473F5-846A-448B-BCB3-104AA1760205}" = Sonic Data Module
"{15EE79F4-4ED1-4267-9B0F-351009325D7D}" = HP Software Update
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD Plus
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10
"{3248F0A8-6813-11D6-A77B-00B0D0150110}" = J2SE Runtime Environment 5.0 Update 11
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4302B2DD-D958-40E3-BAF3-B07FFE1978CE}" = HP Wireless Assistant 1.01 A3
"{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"{48F22622-1CC2-4A83-9C1E-644DD96F832D}" = Epson Event Manager
"{4AE3A0CB-87B0-4F51-BECD-3D1F8DFDD62F}" = SAGEM F@st 800-840
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{612DC38A-B36A-4699-88EB-12C7394DE2FC}" = TIxx21
"{6675CA7F-E51B-4F6A-99D4-F8F0124C6EAA}" = Sonic Express Labeler
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6A5FE305-1147-400D-9795-8B80E693476A}" = Serif WebPlus SE
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7F14F68C-17FA-4F88-B3FD-7F449C1EBF32}" = EPSON Web-To-Page
"{87C2248A-C7DD-49ED-9BCD-B312A9D0819E}" = Epson Easy Photo Print 2
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{900A92BA-19EF-4A34-86CF-7B6C85BDD971}" = VC_MergeModuleToMSI
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{94FB906A-CF42-4128-A509-D353026A607E}" = REALTEK Gigabit and Fast Ethernet NIC Driver
"{976C2B2A-CE59-4AB3-83FB-BF895E28F2E6}" = Apple Mobile Device Support
"{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}" = ALPS Touch Pad Driver
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A654A805-41D9-40C7-AA46-4AF04F044D61}" = Adobe® Photoshop® Album Starter Edition 3.2
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A93C4E94-1005-489D-BEAA-B873C1AA6CFC}" = HP Help and Support
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Sonic Audio Module
"{AC76BA86-7AD7-1033-7B44-A81300000003}" = Adobe Reader 8.1.3
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Sonic Copy Module
"{B6A98E5F-D6A7-46FB-9E9D-1F7BF4434001}" = Epson Printer Software Downloader
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEB326EC-8F40-47B2-BA22-BB092565D66F}" = Quick Launch Buttons 5.20 H1
"{D466F3D9-510C-4729-B7D4-2E70490E4CDF}" = BBC iPlayer Download Manager
"{DB518BA6-CB74-4EB6-9ABD-880B6D6E1F38}" = HpSdpAppCoreApp
"{DDDE0BE3-0CBE-4BF6-B75A-E3F69C947843}" = iTunes
"{ECA1A3B6-898F-4DCE-9F04-714CF3BA126B}" = Adobe Flash Player 10 Plugin
"{F0A37341-D692-11D4-A984-009027EC0A9C}" = SoundMAX
"{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}" = Microsoft SQL Server 2005 Compact Edition [ENU]
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe® Photoshop® Album Starter Edition 3.2" = Adobe® Photoshop® Album Starter Edition 3.2
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Wireless LAN Adapter
"CCleaner" = CCleaner (remove only)
"Epson Printer Software Downloader" = Epson Printer Software Downloader
"EPSON Scanner" = EPSON Scan
"Epson Stylus SX110_TX110 User’s Guide" = Epson Stylus SX110_TX110 Manual
"EPSON SX110 Series" = EPSON SX110 Series Printer Uninstall
"FrostWire" = FrostWire 4.21.3
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{48B0F38D-1913-44F3-99AA-D4C55A2B038E}" = Drive Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MpcStar" = MpcStar 4.9
"mplibwiz.inf" = Media Library Management Wizard
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"blinkx beat" = blinkx beat

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 08/07/2010 07:32:16 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

Error - 09/07/2010 04:17:45 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3725, faulting module
unknown, version 0.0.0.0, fault address 0x000028d6.

Error - 09/07/2010 08:59:41 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

Error - 09/07/2010 11:11:31 | Computer Name = DIAMOND | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3725, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 10/07/2010 10:31:33 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

Error - 11/07/2010 15:14:16 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3725, faulting module
unknown, version 0.0.0.0, fault address 0x000028d6.

Error - 11/07/2010 15:34:51 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

Error - 12/07/2010 12:39:32 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

Error - 13/07/2010 11:33:03 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

Error - 14/07/2010 12:30:50 | Computer Name = DIAMOND | Source = Application Error | ID = 1000
Description = Faulting application KService.exe, version 5.12.707.160, faulting
module KService.exe, version 5.12.707.160, fault address 0x0021215a.

[ System Events ]
Error - 24/02/2011 14:08:40 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 24/02/2011 14:08:40 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The EPSON V5 Service4(01) service failed to start due to the following
error: %%2

Error - 24/02/2011 14:08:40 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The EPSON V3 Service4(01) service failed to start due to the following
error: %%2

Error - 24/02/2011 17:32:36 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 24/02/2011 17:32:36 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The EPSON V5 Service4(01) service failed to start due to the following
error: %%2

Error - 24/02/2011 17:32:36 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The EPSON V3 Service4(01) service failed to start due to the following
error: %%2

Error - 24/02/2011 19:19:42 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The General Purpose USB Driver (adildr.sys) service failed to start
due to the following error: %%1058

Error - 24/02/2011 19:19:42 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The EPSON V5 Service4(01) service failed to start due to the following
error: %%2

Error - 24/02/2011 19:19:42 | Computer Name = JULIANS | Source = Service Control Manager | ID = 7000
Description = The EPSON V3 Service4(01) service failed to start due to the following
error: %%2

Error - 24/02/2011 19:24:11 | Computer Name = JULIANS | Source = BROWSER | ID = 8032
Description = The browser service has failed to retrieve the backup list too many
times on transport \Device\NetBT_Tcpip_{C60218AD-0F74-447E-9F78-A047BF2017ED}. The
backup browser is stopping.

< End of report >

Broni · Feb 24, 2011

You need to reinstall AVG.

==========================================================================

Unless you willingly installed Kontiki Player....
Go Start>Control Panel>Add\Remove ("Programs and Features" in Vista), and uninstall Sky Anytime (if present).
Download, and run KClean.exe: http://static.sky.com/kclean/KClean.exe to remove Kontiki from your computer.
NOTE: Kontiki is a known resource hog.

======================================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.

Accept any prompts.

========================================================================

Run OTL
Under the Custom Scans/Fixes box at the bottom, paste in the following
Code:
:OTL
IE - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
FF - prefs.js..browser.search.defaultenginename: "Web Search"
FF - prefs.js..browser.search.defaulturl: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q="
FF - prefs.js..extensions.enabledItems: m3ffxtbr@mywebsearch.com:1.1
FF - prefs.js..keyword.URL: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=kTH8wFRKbs5AqNC5cxm5Ow&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor="
FF - HKLM\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com: C:\Program Files\MyWebSearch\bar\firefox\
[2009/12/17 20:39:09 | 000,009,941 | ---- | M] () -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\searchplugins\mywebsearch.xml
File not found (No name found) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\FIREFOX
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - No CLSID value found.
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - No CLSID value found.
O2 - BHO: (no name) - {E99421FB-68DD-40F0-B4AC-B7027CAE2F1A} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {9421DD08-935F-4701-A9CA-22DF90AC4EA6} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {ED4BD629-C1B6-4399-8A34-02CCAA921DC9} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EE5D279F-081B-4404-994D-C6B60AAEBA6D} - No CLSID value found.
O3 - HKU\S-1-5-21-507921405-1659004503-839522115-1004\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O9 - Extra Button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O9 - Extra 'Tools' menuitem : PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - File not found
O20 - HKLM Winlogon: UserInit - (C:\Program Files\ayirbhrn\ifahlkbe.exe) - C:\Program Files\ayirbhrn\ifahlkbe.exe File not found
O18 - Protocol\Handler\cdo {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2011/02/16 21:55:51 | 000,081,437 | ---- | C] () -- C:\Documents and Settings\Swifter\xrrwsxvt.log
[2011/02/16 21:55:51 | 000,000,806 | ---- | C] () -- C:\Documents and Settings\Swifter\vybagyrq.log
[2011/02/16 21:55:50 | 000,003,907 | ---- | C] () -- C:\Documents and Settings\Swifter\cgkmxhsr.log
[2011/02/16 21:55:18 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Swifter\jgdymjga.log
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:41FA22AC


:Files
C:\Program Files\MyWebSearch


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
Then click the Run Fix button at the top

Let the program run unhindered, reboot the PC when it is done

You will get a log that shows the results of the fix. Please post it.

Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

Drena Designs · Feb 24, 2011

Do I need to update and run a scan in AVG or just install it for now?

I'll leave Kontiki for now (not sure if they use it or not) and skip straight to the Java.

Broni · Feb 24, 2011

Run all steps from my previous reply first.
Then, reinstall AVG and....fresh scan won't hurt.
Let me know of any findings.

Drena Designs · Feb 24, 2011

Is the JAVA install and uninstall essential at this point? I download the launcher but it crashes when trying to download the main installation.

EDIT: IGNORE. I've managed to download a different version and install it. I'm now attempting to get JavaRa. Everything is working VERY slowly.

Broni · Feb 24, 2011

Go on......

Drena Designs · Feb 24, 2011

I ran the fix in OTL and rebooted as instructed. When Windows reopened, an error came up for OTL saying it could not be accessed. I tried to click on the program (on the desktop) and a second error message came up. AVG then popped up with a load of virus warnings (which I healed) and OTL had disappeared from the desktop.

I reinstalled OTL and on opening, the following log popped up, which I assume is from the fix.

All processes killed
========== OTL ==========
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\URLSearchHooks\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ deleted successfully.
Prefs.js: "Web Search" removed from browser.search.defaultenginename
Prefs.js: "http://search.conduit.com/ResultsExt.aspx?ctid=CT1640187&SearchSource=3&q=" removed from browser.search.defaulturl
Prefs.js: m3ffxtbr@mywebsearch.com:1.1 removed from extensions.enabledItems
Prefs.js: "http://www.mywebsearch.com/jsp/cfg_redir2.jsp?id=ZRfox000&fl=0&ptb=kTH8wFRKbs5AqNC5cxm5Ow&url=http://search.mywebsearch.com/mywebsearch/dft_redir.jhtml&st=kwd&searchfor=" removed from keyword.URL
Registry value HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\m3ffxtbr@mywebsearch.com deleted successfully.
File C:\Program Files\MyWebSearch\bar\firefox not found.
C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\searchplugins\mywebsearch.xml moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AA58ED58-01DD-4d91-8333-CF10577473F7}\ not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{AF69DE43-7D58-4638-B6FA-CE66B5AD205D}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E99421FB-68DD-40F0-B4AC-B7027CAE2F1A}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{2318C2B1-4965-11d4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11d4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{9421DD08-935F-4701-A9CA-22DF90AC4EA6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9421DD08-935F-4701-A9CA-22DF90AC4EA6}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\ShellBrowser\\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{ED4BD629-C1B6-4399-8A34-02CCAA921DC9}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EE5D279F-081B-4404-994D-C6B60AAEBA6D} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EE5D279F-081B-4404-994D-C6B60AAEBA6D}\ not found.
Registry value HKEY_USERS\S-1-5-21-507921405-1659004503-839522115-1004\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{B7FE5D70-9AA2-40F1-9C6B-12A255F085E1}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\\UserInit:C:\Program Files\ayirbhrn\ifahlkbe.exe deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\cdo\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CD00020A-8B95-11D1-82DB-00C04FB1625D}\ not found.
File {CD00020A-8B95-11D1-82DB-00C04FB1625D} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\livecall\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\PROTOCOLS\Handler\msnim\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{828030A1-22C1-4009-854F-8E305202313F}\ not found.
File {828030A1-22C1-4009-854F-8E305202313F} - Reg Error: Key error. File not found not found.
C:\WINDOWS\002985_.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\WINDOWS\_wiC7.tmp deleted successfully.
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\Documents and Settings\Swifter\xrrwsxvt.log moved successfully.
C:\Documents and Settings\Swifter\vybagyrq.log moved successfully.
C:\Documents and Settings\Swifter\cgkmxhsr.log moved successfully.
C:\Documents and Settings\Swifter\jgdymjga.log moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:41FA22AC deleted successfully.
========== FILES ==========
File\Folder C:\Program Files\MyWebSearch not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 671878 bytes
->Flash cache emptied: 27454 bytes

User: Swifter
->Temp folder emptied: 11544201 bytes
->Temporary Internet Files folder emptied: 42835737 bytes
->Java cache emptied: 1900 bytes
->FireFox cache emptied: 6153098 bytes
->Flash cache emptied: 6500 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 860 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 58.00 mb

[EMPTYFLASH]

User: Administrator

User: All Users

User: Default User

User: LocalService

User: NetworkService
->Flash cache emptied: 0 bytes

User: Swifter
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.21.0 log created on 02252011_013136

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

Drena Designs · Feb 24, 2011

OTL Quick Scan log...

OTL logfile created on: 25/02/2011 01:49:59 - Run 2
OTL by OldTimer - Version 3.2.21.0 Folder = C:\Documents and Settings\Swifter\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000809 | Country: United Kingdom | Language: ENG | Date Format: dd/MM/yyyy

502.00 Mb Total Physical Memory | 68.00 Mb Available Physical Memory | 14.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 67.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.25 Gb Total Space | 20.99 Gb Free Space | 56.35% Space Free | Partition Type: NTFS
Drive E: | 959.13 Mb Total Space | 958.84 Mb Free Space | 99.97% Space Free | Partition Type: FAT

Computer Name: JULIANS | User Name: Swifter | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/25 01:43:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
PRC - [2011/01/07 01:22:54 | 002,747,744 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgtray.exe
PRC - [2011/01/07 01:22:44 | 001,084,256 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgnsx.exe
PRC - [2011/01/06 15:23:20 | 000,737,872 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSMonitor.exe
PRC - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe
PRC - [2010/12/05 16:26:40 | 000,654,176 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgrsx.exe
PRC - [2010/12/05 16:26:12 | 000,650,592 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgchsvx.exe
PRC - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgwdsvc.exe
PRC - [2010/10/22 04:56:58 | 000,845,664 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG10\avgcsrvx.exe
PRC - [2009/04/07 09:13:10 | 000,673,616 | ---- | M] (SEIKO EPSON CORPORATION) -- C:\Program Files\Epson Software\Event Manager\EEventManager.exe
PRC - [2008/04/14 00:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) -- C:\Program Files\Kontiki\KService.exe
PRC - [2007/10/09 16:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe

========== Modules (SafeList) ==========

MOD - [2011/02/25 01:43:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (IDriverT)
SRV - File not found [Auto | Stopped] -- -- (hpqwmiex)
SRV - File not found [On_Demand | Stopped] -- -- (hpqwmi)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (gusvc)
SRV - File not found [Auto | Stopped] -- -- (EPSON_PM_RPCV4_01) EPSON V3 Service4(01)
SRV - File not found [Auto | Stopped] -- -- (EPSON_EB_RPCV4_01) EPSON V5 Service4(01)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/01/06 15:23:18 | 006,128,720 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\Identity Protection\Agent\Bin\AVGIDSAgent.exe -- (AVGIDSAgent)
SRV - [2010/10/22 04:58:18 | 000,265,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Auto | Running] -- C:\Program Files\AVG\AVG10\avgwdsvc.exe -- (avgwd)
SRV - [2008/02/27 16:56:54 | 003,072,184 | ---- | M] (Kontiki Inc.) [Auto | Running] -- C:\Program Files\Kontiki\KService.exe -- (KService)
SRV - [2007/10/25 14:27:54 | 000,421,255 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/09 16:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2006/10/18 19:05:24 | 001,068,543 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Windows Media Player\wmpnetwk.exe -- (WMPNetworkSvc)

========== Driver Services (SafeList) ==========

DRV - [2010/12/08 04:12:38 | 000,251,728 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2010/11/12 13:19:38 | 000,299,984 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2010/09/13 15:27:24 | 000,025,680 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2010/09/07 03:48:56 | 000,034,384 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2010/09/07 03:48:50 | 000,026,064 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2010/08/03 15:23:36 | 000,026,192 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2010/08/03 15:23:34 | 000,123,472 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/08/03 15:23:32 | 000,030,288 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2010/02/11 12:02:15 | 000,226,880 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\tcpip6.sys -- (Tcpip6)
DRV - [2008/04/13 18:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbaudio.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2007/08/07 22:40:10 | 000,685,816 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2007/06/25 09:43:38 | 000,098,344 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117obex.sys -- (s117obex)
DRV - [2007/06/25 09:43:36 | 000,108,456 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdm.sys -- (s117mdm)
DRV - [2007/06/25 09:43:36 | 000,100,264 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mgmt.sys -- (s117mgmt) Sony Ericsson Device 117 USB WMC Device Management Drivers (WDM)
DRV - [2007/06/25 09:43:36 | 000,098,856 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117unic.sys -- (s117unic) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (WDM)
DRV - [2007/06/25 09:43:36 | 000,022,952 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117nd5.sys -- (s117nd5) Sony Ericsson Device 117 USB Ethernet Emulation SEMC117 (NDIS)
DRV - [2007/06/25 09:43:26 | 000,014,888 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117mdfl.sys -- (s117mdfl)
DRV - [2007/06/25 09:43:22 | 000,082,984 | ---- | M] (MCCI Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\s117bus.sys -- (s117bus) Sony Ericsson Device 117 driver (WDM)
DRV - [2005/11/16 13:12:46 | 001,066,278 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2005/05/24 14:01:16 | 000,077,040 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800obex.sys -- (w800obex)
DRV - [2005/05/24 14:00:56 | 000,079,216 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mgmt.sys -- (w800mgmt)
DRV - [2005/05/24 14:00:46 | 000,087,424 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdm.sys -- (w800mdm)
DRV - [2005/05/24 14:00:44 | 000,006,096 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800mdfl.sys -- (w800mdfl)
DRV - [2005/05/24 14:00:37 | 000,052,384 | R--- | M] (MCCI) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\w800bus.sys -- (w800bus) Sony Ericsson W800 driver (WDM)
DRV - [2005/05/05 10:04:08 | 000,007,936 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\eabfiltr.sys -- (eabfiltr)
DRV - [2005/05/05 10:04:04 | 000,005,760 | ---- | M] (Hewlett-Packard Development Company, L.P.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EabUsb.sys -- (eabusb)
DRV - [2005/03/10 09:41:52 | 000,371,712 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/01/31 17:23:08 | 000,109,319 | R--- | M] (Alps Electric Co., Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Apfiltr.sys -- (ApfiltrService)
DRV - [2004/08/03 22:31:34 | 000,020,992 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RTL8139.sys -- (rtl8139) Realtek RTL8139(A/B/C)
DRV - [2004/06/28 10:35:24 | 000,069,760 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtlnicxp.sys -- (RTL8023xp)
DRV - [2004/04/26 09:49:56 | 000,381,056 | R--- | M] (Sensaura) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/07/17 16:48:44 | 000,046,167 | ---- | M] (Analog Deivces) [Kernel | Auto | Stopped] -- C:\WINDOWS\system32\drivers\adildr.sys -- (ADILOADER) General Purpose USB Driver (adildr.sys)
DRV - [2003/03/27 13:38:44 | 000,127,145 | ---- | M] (Analog Devices Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adiusbaw.sys -- (adiusbaw)
DRV - [2002/07/17 07:53:02 | 000,016,877 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2002/06/10 14:16:34 | 000,371,766 | ---- | M] (Philips Semiconductors) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CamDrL21.sys -- (PhilCam8116) Logitech QuickCam Pro 3000(PID_08B0)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: ""
FF - prefs.js..browser.startup.homepage: "http://www.google.com"
FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429
FF - prefs.js..extensions.enabledItems: ""
FF - prefs.js..extensions.enabledItems: {7c5c0f58-e061-457d-9033-77307f5ed00c}:1.5.45.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.3.20100310105313

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG10\Firefox\ [2011/02/25 00:19:04 | 000,000,000 | ---D | M]

[2009/07/26 16:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions
[2008/06/19 13:36:35 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions\home2@tomtom.com
[2009/07/26 16:16:36 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/01/28 17:34:30 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions
[2010/07/21 21:11:33 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/07/21 21:11:23 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/07/21 21:11:39 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2008/09/14 21:58:54 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Documents and Settings\Swifter\Application Data\Mozilla\Firefox\Profiles\9g4z1utt.default\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
[2011/01/29 09:32:43 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2008/06/12 11:30:37 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2008/06/04 16:38:46 | 000,000,000 | ---D | M] (TorrentMan Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{7c5c0f58-e061-457d-9033-77307f5ed00c}
File not found (No name found) -- C:\PROGRAM FILES\AVG\AVG8\FIREFOX
File not found (No name found) -- C:\PROGRAM FILES\MYWEBSEARCH\BAR\FIREFOX
[2008/02/27 16:57:38 | 000,262,513 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npBBCPlugin.dll
[2008/01/23 06:20:30 | 000,647,576 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npBitCometAgent.dll

O1 HOSTS File: ([2011/02/24 18:23:59 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (dsWebAllowBHO Class) - {2F85D76C-0569-466F-A488-493E6BD0E955} - C:\Program Files\Windows Desktop Search\dsWebAllow.dll (Microsoft Corporation)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG10\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AVG_TRAY] C:\Program Files\AVG\AVG10\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Cpqset] C:\Program Files\HPQ\Default Settings\Cpqset.exe ()
O4 - HKLM..\Run: [eabconfg.cpl] File not found
O4 - HKLM..\Run: [EEventManager] C:\Program Files\Epson Software\Event Manager\EEventManager.exe (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [HP Software Update] File not found
O4 - HKLM..\Run: [hpWirelessAssistant] File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\RunOnce: [AvgUninstallURL] C:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG10\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 () - file:///C:/DOCUME~1/Swifter/LOCALS~1/Temp/msohtml1/01/clip_image001.jpg
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Swifter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Swifter\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/02/25 20:34:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/02/24 23:20:48 | 000,013,534 | RHS- | M] () - E:\autorun.inf -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgchsvx.exe /sync) - C:\Program Files\AVG\AVG10\avgchsvx.exe (AVG Technologies CZ, s.r.o.)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG10\avgrsx.exe /sync /restart) - C:\Program Files\AVG\AVG10\avgrsx.exe (AVG Technologies CZ, s.r.o.)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...com [@ = ComFile] -- Reg Error: Key error. File not found

========== Files/Folders - Created Within 30 Days ==========

[2011/02/25 01:43:33 | 000,577,024 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
[2011/02/25 01:40:47 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/02/25 01:32:26 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/02/25 01:31:36 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/02/25 01:27:23 | 000,641,473 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Swifter\Desktop\JavaRa.exe
[2011/02/25 01:18:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Sun
[2011/02/25 01:16:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2011/02/25 00:37:51 | 000,000,000 | -H-D | C] -- C:\$AVG
[2011/02/25 00:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\drivers\AVG
[2011/02/23 22:55:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Desktop\tdsskiller
[2011/02/23 21:43:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\AVG 2011
[2011/02/23 21:21:27 | 154,871,128 | ---- | C] (AVG Technologies) -- C:\Documents and Settings\Swifter\Desktop\avg_free_x86_all_2011_1204a3402.exe
[2011/02/23 20:19:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/02/23 20:16:14 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/02/23 20:16:14 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/02/23 20:16:14 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/02/23 20:16:13 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/02/23 20:14:01 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/02/23 19:40:59 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/02/23 19:17:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\Malwarebytes
[2011/02/23 18:53:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/02/23 18:53:16 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/02/23 18:53:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/02/23 18:53:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/02/23 18:53:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/18 21:04:18 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Swifter\Recent
[2011/02/18 12:04:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\AVG10
[2011/02/18 12:02:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/02/18 11:57:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/18 11:15:51 | 000,000,000 | ---D | C] -- C:\Program Files\ayirbhrn
[2011/02/18 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\cs
[2011/02/18 11:15:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\blinkx beat
[2011/02/13 20:39:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/07 21:28:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\My Documents\FrostWire
[2011/02/07 21:27:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Application Data\FrostWire
[2011/02/07 21:27:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\FrostWire
[2011/02/07 21:26:13 | 000,000,000 | ---D | C] -- C:\Program Files\FrostWire
[2011/02/07 21:25:23 | 008,310,726 | ---- | C] (FrostWire Team) -- C:\Documents and Settings\Swifter\My Documents\frostwire-4.21.3.windows.exe
[2011/02/07 21:10:19 | 000,000,000 | ---D | C] -- C:\Program Files\Blinkx
[2011/01/26 18:32:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Swifter\Start Menu\Programs\Rave
[2007/06/21 17:09:24 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Swifter\Application Data\pcouffin.sys

========== Files - Modified Within 30 Days ==========

[2011/02/25 01:43:44 | 000,577,024 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Swifter\Desktop\OTL.exe
[2011/02/25 01:38:26 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/02/25 01:36:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/25 01:26:31 | 000,205,540 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\JavaRa.zip
[2011/02/25 01:24:34 | 000,011,882 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\download.htm
[2011/02/25 00:51:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{6C5A829B-00FC-4AB1-BEFD-3BE4BA8BD8C6}.job
[2011/02/25 00:44:23 | 035,416,322 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/02/25 00:38:23 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (3) to Internet Explorer.lnk
[2011/02/25 00:23:49 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/25 00:21:20 | 104,854,394 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/02/24 18:37:39 | 000,152,051 | ---- | M] () -- C:\WINDOWS\System32\notepadmgr.exe
[2011/02/24 18:23:59 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/02/24 18:14:39 | 004,274,341 | R--- | M] () -- C:\Documents and Settings\Swifter\Desktop\ComboFix.exe
[2011/02/23 22:45:50 | 001,257,772 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\tdsskiller.zip
[2011/02/23 22:35:06 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 22:28:17 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (2) to Internet Explorer.lnk
[2011/02/23 21:57:30 | 000,152,051 | ---- | M] () -- C:\WINDOWS\System32\taskmgrmgr.exe
[2011/02/23 21:36:12 | 000,000,104 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut to Internet Explorer.lnk
[2011/02/23 20:19:37 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/02/23 19:32:30 | 000,721,324 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\rkill.com
[2011/02/23 18:53:19 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/18 12:37:19 | 000,000,244 | ---- | M] () -- C:\WINDOWS\tasks\Epson Printer Software Downloader.job
[2011/02/18 12:29:34 | 000,003,231 | ---- | M] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\gumlc.dat
[2011/02/15 20:35:19 | 000,000,435 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.ics
[2011/02/15 09:38:00 | 000,444,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/02/15 09:38:00 | 000,072,488 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/02/07 21:25:21 | 008,310,726 | ---- | M] (FrostWire Team) -- C:\Documents and Settings\Swifter\My Documents\frostwire-4.21.3.windows.exe
[2011/02/07 21:12:10 | 000,208,464 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe
[2011/02/07 17:28:53 | 001,166,454 | ---- | M] () -- C:\Documents and Settings\All Users\Documents\untitled.bmp
[2011/01/31 11:25:20 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for sandra.doc
[2011/01/31 11:19:19 | 000,022,016 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for us.doc
[2011/01/31 10:41:08 | 000,020,480 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 1 TRAINEES.doc
[2011/01/31 10:33:17 | 000,020,992 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 2 TRAINEES.doc
[2011/01/31 09:57:39 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\Swifter\Desktop\Microsoft Word.lnk
[2011/01/31 09:56:41 | 000,424,448 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\invoice for us.doc
[2011/01/28 21:53:40 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/26 22:01:28 | 154,871,128 | ---- | M] (AVG Technologies) -- C:\Documents and Settings\Swifter\Desktop\avg_free_x86_all_2011_1204a3402.exe
[2011/01/26 12:37:10 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\Swifter\My Documents\FOOTBALL KITS ordered.doc

========== Files Created - No Company Name ==========

[2011/02/25 01:27:23 | 000,351,259 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\JavaRa.def
[2011/02/25 01:27:23 | 000,003,127 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Nederlands.lng
[2011/02/25 01:27:23 | 000,002,553 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Suomi.lng
[2011/02/25 01:27:22 | 000,003,027 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Français.lng
[2011/02/25 01:27:22 | 000,002,946 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Español.lng
[2011/02/25 01:27:22 | 000,002,920 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Italiano.lng
[2011/02/25 01:27:22 | 000,002,758 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Deutsch.lng
[2011/02/25 01:26:31 | 000,205,540 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\JavaRa.zip
[2011/02/25 01:24:37 | 000,011,882 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\download.htm
[2011/02/25 00:42:45 | 035,416,322 | ---- | C] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm.prepare
[2011/02/25 00:38:23 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (3) to Internet Explorer.lnk
[2011/02/25 00:23:49 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AVG 2011.lnk
[2011/02/24 00:01:12 | 000,152,051 | ---- | C] () -- C:\WINDOWS\System32\notepadmgr.exe
[2011/02/23 23:08:26 | 000,288,709 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\RKUnhookerLE.EXE
[2011/02/23 22:46:29 | 001,257,772 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\tdsskiller.zip
[2011/02/23 22:28:17 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut (2) to Internet Explorer.lnk
[2011/02/23 21:58:16 | 000,779,142 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\dds.scr
[2011/02/23 21:58:09 | 000,451,463 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\wvwx6fpx.exe
[2011/02/23 21:57:30 | 000,152,051 | ---- | C] () -- C:\WINDOWS\System32\taskmgrmgr.exe
[2011/02/23 21:36:12 | 000,000,104 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\Shortcut to Internet Explorer.lnk
[2011/02/23 20:19:36 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/02/23 20:19:29 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/02/23 20:16:14 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/02/23 20:16:14 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/02/23 20:16:14 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/02/23 20:16:14 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/02/23 20:16:14 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/02/23 20:09:32 | 004,274,341 | R--- | C] () -- C:\Documents and Settings\Swifter\Desktop\ComboFix.exe
[2011/02/23 20:06:42 | 000,721,324 | ---- | C] () -- C:\Documents and Settings\Swifter\Desktop\rkill.com
[2011/02/23 19:26:14 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/02/23 18:53:19 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/02/16 21:55:18 | 000,000,024 | ---- | C] () -- C:\Documents and Settings\Swifter\jgdymjga.log
[2011/02/15 20:48:57 | 052,408,320 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\site1.wpp
[2011/02/13 20:39:39 | 000,003,510 | ---- | C] () -- C:\Documents and Settings\Swifter\commonpriv.log
[2011/02/13 20:39:38 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Swifter\commonpriv.log.lock
[2011/02/07 21:12:08 | 000,208,464 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe
[2011/02/07 17:28:53 | 001,166,454 | ---- | C] () -- C:\Documents and Settings\All Users\Documents\untitled.bmp
[2011/01/31 11:25:20 | 000,021,504 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for sandra.doc
[2011/01/31 11:19:18 | 000,022,016 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\RECEIPT for us.doc
[2011/01/31 09:56:39 | 000,424,448 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\invoice for us.doc
[2011/01/30 21:47:30 | 000,003,231 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\gumlc.dat
[2011/01/28 21:53:40 | 000,000,792 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Outlook.lnk
[2011/01/26 13:04:16 | 000,020,992 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 2 TRAINEES.doc
[2011/01/26 12:58:09 | 000,020,480 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\MONDAY GROUP 1 TRAINEES.doc
[2011/01/26 12:37:10 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\Swifter\My Documents\FOOTBALL KITS ordered.doc
[2011/01/24 23:48:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\EEventManager.INI
[2011/01/22 12:29:13 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/06/12 00:58:43 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/06/10 19:04:13 | 000,040,372 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\FASTWiz.log
[2008/05/26 16:02:50 | 000,000,048 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/03/01 12:19:00 | 000,087,608 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\ezpinst.exe
[2008/01/02 13:29:05 | 000,001,111 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2007/08/07 22:40:08 | 000,685,816 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2007/06/21 17:09:36 | 000,000,034 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.log
[2007/06/21 17:09:24 | 000,007,824 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.cat
[2007/06/21 17:09:24 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Swifter\Application Data\pcouffin.inf
[2007/01/27 19:52:25 | 000,000,241 | ---- | C] () -- C:\WINDOWS\QSync.INI
[2007/01/27 19:50:55 | 000,005,187 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2007/01/27 19:50:51 | 000,000,536 | ---- | C] () -- C:\WINDOWS\_delis32.ini
[2006/05/13 09:32:15 | 000,011,264 | R--- | C] () -- C:\WINDOWS\System32\TEKYUV.DLL
[2006/05/13 09:32:14 | 000,266,240 | R--- | C] () -- C:\WINDOWS\System32\rmp4.dll
[2006/05/13 09:32:14 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\dsrmp4.dll
[2006/05/13 09:32:13 | 000,143,360 | ---- | C] () -- C:\WINDOWS\System32\mpegdecoder.dll
[2006/05/13 09:32:12 | 000,023,552 | R--- | C] () -- C:\WINDOWS\System32\pdi.dll
[2006/05/13 09:32:11 | 000,921,600 | R--- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2006/05/13 09:32:11 | 000,237,568 | R--- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2006/05/13 09:32:11 | 000,188,416 | R--- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2006/05/13 09:32:11 | 000,045,056 | R--- | C] () -- C:\WINDOWS\System32\ogg.dll
[2006/05/13 09:32:11 | 000,000,702 | R--- | C] () -- C:\WINDOWS\MMTVMJ.INI
[2006/05/13 09:32:10 | 000,000,761 | R--- | C] () -- C:\WINDOWS\M3JP2K.INI
[2006/05/13 09:32:09 | 000,000,714 | R--- | C] () -- C:\WINDOWS\m3jpeg.ini
[2006/05/13 09:32:05 | 000,413,760 | R--- | C] () -- C:\WINDOWS\System32\mpg4c32.dll
[2006/05/13 09:32:01 | 000,019,968 | ---- | C] () -- C:\WINDOWS\System32\cpuinf32.dll
[2006/05/13 09:32:00 | 000,077,664 | R--- | C] () -- C:\WINDOWS\System32\IR21_R.DLL
[2006/05/13 09:32:00 | 000,056,832 | R--- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll
[2006/05/13 09:31:59 | 000,152,064 | R--- | C] () -- C:\WINDOWS\System32\unrar.dll
[2006/05/13 09:31:54 | 000,092,672 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV2.dll
[2006/05/13 09:31:54 | 000,071,680 | R--- | C] () -- C:\WINDOWS\System32\ASUSASV1.DLL
[2006/05/13 09:31:54 | 000,066,560 | R--- | C] () -- C:\WINDOWS\System32\atiyuv12.dll
[2006/05/13 09:31:53 | 000,507,904 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2006/05/13 09:31:52 | 000,482,816 | R--- | C] () -- C:\WINDOWS\System32\VFCodec.dll
[2006/05/13 09:31:52 | 000,047,104 | R--- | C] () -- C:\WINDOWS\System32\KMVIDC32.DLL
[2006/05/13 09:31:52 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\AVIWRAP.DLL
[2006/05/13 09:31:46 | 000,114,688 | R--- | C] () -- C:\WINDOWS\System32\AVIZLIB.DLL
[2006/05/13 09:31:46 | 000,069,632 | R--- | C] () -- C:\WINDOWS\System32\AVIMSZH.DLL
[2006/05/13 09:31:39 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2006/05/13 09:31:39 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\libfaad.dll
[2006/04/25 13:24:42 | 000,000,163 | ---- | C] () -- C:\WINDOWS\DVDFabGold.INI
[2006/04/17 11:52:26 | 000,000,030 | ---- | C] () -- C:\WINDOWS\gnucleus.INI
[2006/03/22 21:46:10 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/03/12 15:06:09 | 000,373,248 | ---- | C] () -- C:\WINDOWS\EyeCand3.INI
[2006/03/09 21:14:47 | 000,000,130 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\fusioncache.dat
[2006/02/28 20:23:06 | 000,163,840 | ---- | C] () -- C:\Documents and Settings\Swifter\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/02/28 19:07:16 | 000,000,952 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/02/28 13:37:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/02/27 18:48:18 | 000,000,154 | ---- | C] () -- C:\WINDOWS\adidsl.ini
[2006/02/27 18:48:18 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Fast800.ini
[2006/02/27 18:48:09 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\coclassfast.dll
[2006/02/27 18:48:09 | 000,046,892 | ---- | C] () -- C:\WINDOWS\System32\adadix16.dll
[2006/02/25 21:57:24 | 000,015,669 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/02/25 20:44:28 | 000,000,936 | ---- | C] () -- C:\WINDOWS\adiras.ini
[2006/02/25 20:24:16 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/03 12:33:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2011/02/25 01:37:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG10
[2011/02/18 11:15:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\boost_interprocess
[2011/02/18 12:02:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/03/07 21:33:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Documents
[2008/02/04 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\eBay
[2011/01/22 12:44:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EPSON
[2008/09/06 14:23:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2011/02/25 01:57:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Kontiki
[2011/02/18 11:52:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2006/02/28 16:19:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2008/03/07 11:26:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/02/07 20:47:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2011/02/13 20:38:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/06/21 00:11:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2008/06/19 02:17:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TuneUp Software
[2011/01/22 12:36:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\UDL
[2007/06/22 08:01:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2007/02/24 12:22:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity
[2008/10/23 18:18:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/02/18 12:04:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\AVG10
[2011/02/07 22:09:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\CometPlayer
[2008/02/04 13:20:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\eBay
[2011/01/23 09:59:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Epson
[2011/02/17 12:31:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\FrostWire
[2008/09/06 14:24:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Grisoft
[2006/02/25 22:53:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Leadertech
[2009/11/28 18:40:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\LimeWire
[2006/03/04 19:03:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\MSNInstaller
[2011/02/04 09:38:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Ninu
[2011/02/03 20:02:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Qoircy
[2008/10/12 19:17:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Serif
[2007/04/12 17:13:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\SignupShield
[2008/08/29 12:32:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Sony
[2010/11/14 22:21:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TigerPlayer
[2008/06/19 13:36:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TomTom
[2008/06/19 02:17:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\TuneUp Software
[2008/03/01 12:19:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Vso
[2007/06/20 10:49:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\WholeSecurity
[2006/03/09 21:17:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Swifter\Application Data\Windows Desktop Search
[2011/02/18 12:37:19 | 000,000,244 | ---- | M] () -- C:\WINDOWS\Tasks\Epson Printer Software Downloader.job
[2011/02/25 00:51:20 | 000,000,426 | -H-- | M] () -- C:\WINDOWS\Tasks\User_Feed_Synchronization-{6C5A829B-00FC-4AB1-BEFD-3BE4BA8BD8C6}.job

========== Purity Check ==========

< End of report >

FYI, AVG is going crazy finding Win32/Zbot.G infections and asking me to heal them. Its also refusing to update itself, just sticking in the 'checking for new updates' phase without getting anywhere. I'm still accessing the web via Windows Exploer because IE won't launch either. Is this still to be expected at this point?

Broni · Feb 24, 2011

AVG is going crazy finding Win32/Zbot.G

I need more info on this.
What file is affected and where it's located.

Drena Designs · Feb 25, 2011

I boot up the laptop and get the following popup immediately...

apdproxy.exe - Unable to Locate Component
This application has failed to start because apdboot.dll was not found. Re-installing the application may fix this problem.

The following files (typed out by hand so excuse any spelling mistakes) are all logged AVG’s Virus Vault as an Infection by Win32/Zbot.G. All of which have happened today.

C:\Program Files\WinRAR\WinRAR.exe
C:\Program Files\iTunes\iTunesHelper.Resources\iTunesHelper.dll
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\HPQ\Quick Launch Buttonszeabservr.exe
C:\Program Files\HPQ\HP Wireless Assistant\HP Wireless Assistant.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Epson Software\Event Manager\EPNSM.dll
C:\Program Files\Epson Software\Event Manager\Assistants\Scan Assistant\ScanEngine.dll
C:\Program Files\HPQ\Quick Launch Buttons\cpqinfo.dll
C:\Documents and Settings/Swifter\Desktop\OTL.exe
C:\Program Files\Windows Media Components\Encoder\WMEX.dll
C:\Program Files\Movie Maker\moviemk.exe
C:\Program Files\Common Files\System\msadc\msadce.dll
C:\Program Files\Outlook Express\msoe.dll
C:\Program Files\Windows Media Components\Encoder\WMEncEng.dll
C:\Program Files\Windows NT\Accessories\wordpad.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\Windows Live\Installer\WLSetupSvc.exe
C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll
C:\Program Files\npDivxPlayerPlugin.dll
C:\Program Files\npBitCometAgent.dll
C:\Program Files\npBBCPlugin.dll
C:\Documents and Settings/Swifter\Desktop\wvwx6fpx.exe
C:\Documents and Settings/Swifter\Desktop\RKUnhookerLE.exe
C:\Documents and Settings/Swifter\Desktop\dds.scr
C:\Program Files\AVG\AVG10\Htmlayout.dll
C:\Program Files\Windows Media Components\Encoder\wmencagt.exe
C:\Program Files\Windows Media Components\Encoder\WNEnc.exe

The last two appeared most recently in an AVG Resident Shield Alert multiple threat detection popup.

Under both of these in this popup, it also said…

Process Name: C:\Windows\system32\svchost.exe
Process ID: 1368
Detected as open

I ‘Remove all unhealed’ and then ‘Close’.

These are basically the faults that were coming up right at the start of the problem before I'd run anything. It's like the malware has just sprung back up.

EDIT:
I've run (3hrs) a full scan with AVG and the laptop is still riddled with viruses. There were 2470 threats found, a mix of 'VBS/Generic' and 'Win32/Zbot.G', mostly in dll files but also in html, html and exe files. They were supposedly removed but it's still not working at all.

This seems a bit fatal to me. Any ideas?

Broni · Feb 25, 2011

Please run a free online scan with the ESET Online Scanner

Disable your antivirus program

Tick the box next to YES, I accept the Terms of Use

Click Start

IMPORTANT! UN-check Remove found threats

Accept any security warnings from your browser.

Check Scan archives

Click Start

ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

When the scan completes, push List of found threats

Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.

Drena Designs · Feb 25, 2011

Heres the log after 80% of the ESET scan (its taken over 2hrs and I need to go out so can't complete it).

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\ifahlkbe.exe a variant of Win32/Kryptik.KTD trojan
C:\Documents and Settings\Swifter\My Documents\LimeWireSetup.exe a variant of Win32/Adware.HotBar.H application
C:\Program Files\BitLord\Downloads\Nero 8 Ultra Edition 8.3.0 Multilanguage FULL Retail\Nero 8.3.0.iso Win32/Toolbar.AskSBar application
C:\Program Files\SoccerInfernoEI\Installr\6.bin\j2EIPlug.dll a variant of Win32/Toolbar.MyWebSearch application
C:\Qoobox\Quarantine\C\WINDOWS\system32\f3PSSavr.scr.vir Win32/Toolbar.MyWebSearch application
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0048932.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0048933.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0048971.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049643.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049827.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049828.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049829.exe a variant of Win32/Kryptik.KTD trojan
C:\System Volume Information\_restore{33B9BC0D-95DA-4796-B2A9-C8ABB387DFCC}\RP179\A0049834.exe a variant of Win32/Kryptik.KTD trojan

Can we reasonably expect to resolve this in the next 6hrs? If not, I'm probably going to give up and the owner can get it wiped and Windows reinstalled. Whatever the outcome, I really appreciate the help you have given.

Broni · Feb 25, 2011

There is no way for me to predict, when this computer will be considered clean, so please let me know, what you want to do.

Drena Designs · Feb 28, 2011

I've spoken with the owner and he has agreed to get it wiped and to start over with fresh install.

Thanks again for the help!

Broni · Feb 28, 2011

Not a problem.
Thank you for letting me know

TechSpot

[Inactive] Another Win32/Zbot.G infection

Broni Malware Annihilator

Drena Designs Newcomer, in training

Drena Designs Newcomer, in training

Drena Designs Newcomer, in training

Broni Malware Annihilator

Drena Designs Newcomer, in training

Broni Malware Annihilator

Drena Designs Newcomer, in training

Broni Malware Annihilator

Drena Designs Newcomer, in training

Drena Designs Newcomer, in training

Broni Malware Annihilator

Drena Designs Newcomer, in training

Broni Malware Annihilator

Drena Designs Newcomer, in training

Broni Malware Annihilator

Drena Designs Newcomer, in training

Broni Malware Annihilator