Solved Appear to be infected eith expiro.x

Ok. here is the OTL file (in two parts)

OTL logfile created on: 11/21/2011 7:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Willy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.07% Memory free
4.83 Gb Paging File | 4.36 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 453.44 Gb Total Space | 311.55 Gb Free Space | 68.71% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: Willy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 19:49:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
PRC - [2011/11/19 09:05:10 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011/11/15 06:53:57 | 000,368,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
PRC - [2011/11/15 06:53:57 | 000,315,392 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
PRC - [2011/11/14 21:28:27 | 000,770,560 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
PRC - [2011/11/14 21:27:10 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2011/11/14 21:26:51 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/10/09 12:33:10 | 001,949,480 | ---- | M] (Apricorn) -- C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
PRC - [2007/10/09 12:20:04 | 001,169,264 | ---- | M] (Apricorn) -- C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
PRC - [2007/07/18 00:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe


========== Modules (No Company Name) ==========

MOD - [2007/10/09 11:12:18 | 000,050,408 | ---- | M] () -- C:\Program Files\Common Files\Apricorn\Common\gc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (mnmsrvc)
SRV - File not found [On_Demand | Stopped] -- -- (ClipSrv)
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (4035581drv)
DRV - File not found [Kernel | Unknown | Running] -- -- (36295225)
DRV - [2011/11/15 05:56:32 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\06344987.sys -- (06344987)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/05/04 21:37:27 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/05/04 21:37:27 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2010/05/04 21:37:27 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2010/05/04 21:37:27 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2010/05/04 21:37:27 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/04 21:37:27 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2010/05/04 21:37:26 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2010/05/04 21:37:26 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2010/05/04 21:37:26 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2010/05/04 21:37:25 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/05/04 21:37:25 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/05/04 21:37:25 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2010/05/04 21:37:25 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/05/04 21:37:24 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2010/05/04 18:00:54 | 000,400,560 | ---- | M] (Apricorn) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/05/04 18:00:54 | 000,039,376 | ---- | M] (Apricorn) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/05/04 18:00:52 | 000,120,688 | ---- | M] (Apricorn) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\


O1 HOSTS File: ([2011/11/20 22:16:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe (Apricorn)
O4 - HKLM..\Run: [EZGigMonitor.exe] C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe (Apricorn)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005..\Run: [SansaDispatch] C:\Documents and Settings\Willy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_10417114.lnk = C:\Documents and Settings\Willy\Local Settings\temp\_uninst_10417114.bat ()
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_86641713.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB558CA-7A14-4544-831F-81392933243A}: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Willy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Willy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Apricorn)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/04 21:30:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/04 18:32:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT~LEK4NGI7 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 19:49:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
[2011/11/21 19:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/21 06:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/21 06:25:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/21 06:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/20 22:46:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/20 22:20:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/20 20:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Willy\Desktop\wscntfy
[2011/11/14 22:49:56 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06344987.sys
[2011/11/13 23:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/13 20:17:11 | 000,000,000 | ---D | C] -- C:\ff73cd1785e82edb873a9ba1864eec01
[2011/11/13 16:12:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/13 16:10:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/13 16:10:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/13 16:10:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/13 16:10:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/13 16:10:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/13 16:09:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/13 16:06:31 | 004,303,229 | R--- | C] (Swearware) -- C:\Documents and Settings\Willy\Desktop\ComboFix.exe
[2011/11/13 12:25:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Willy\Desktop\aswMBR.exe
[2011/11/13 10:17:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Willy\Start Menu\Programs\Administrative Tools
[2011/11/13 10:15:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Willy\Desktop\dds.scr
[2011/11/13 08:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Willy\Application Data\Malwarebytes
[2011/11/13 08:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/12 20:48:26 | 000,134,608 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/11/12 20:48:26 | 000,024,272 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
[2011/11/12 20:48:26 | 000,023,120 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2011/11/12 20:48:25 | 000,016,720 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
[2011/11/12 20:48:24 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/11/12 20:48:23 | 000,040,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/11/12 20:48:20 | 000,230,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/11/12 20:48:20 | 000,032,592 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/11/12 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/12 20:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/22 20:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Willy\My Documents\yes
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 19:49:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
[2011/11/21 19:41:39 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\Microsoft Word 2007.lnk
[2011/11/21 19:40:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/11/21 19:10:39 | 000,347,999 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/11/21 19:10:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/21 19:09:50 | 3219,189,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 18:56:02 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_10417114.lnk
[2011/11/21 09:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job~S09TTUSO
[2011/11/21 09:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 06:25:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 22:16:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/20 22:09:10 | 004,303,229 | R--- | M] (Swearware) -- C:\Documents and Settings\Willy\Desktop\ComboFix.exe
[2011/11/20 20:51:47 | 000,006,994 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\wscntfy.zip
[2011/11/19 09:06:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\SystemLook.exe
[2011/11/19 09:02:30 | 000,414,398 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\19 todayTemp.zip
[2011/11/17 05:03:19 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Willy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 07:57:35 | 000,281,088 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/11/15 07:53:13 | 001,503,232 | ---- | M] () -- C:\WINDOWS\System32\ptj.exe
[2011/11/15 07:52:42 | 001,339,392 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/11/15 07:52:38 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/11/15 07:51:25 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2011/11/15 07:50:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2011/11/15 07:49:38 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/11/15 07:23:04 | 000,086,016 | ---- | M] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2011/11/15 07:23:01 | 000,077,824 | ---- | M] () -- C:\WINDOWS\setpwr32.exe
[2011/11/15 06:03:41 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_86641713.lnk
[2011/11/15 05:56:32 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06344987.sys
[2011/11/14 21:26:45 | 001,626,112 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2011/11/14 21:21:38 | 101,750,176 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\setup_11.0.0.1245.x01_2011_11_15_05_56.exe
[2011/11/13 23:19:44 | 000,159,232 | ---- | M] () -- C:\WINDOWS\System32\winmsd.exe
[2011/11/13 23:19:21 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\tlntadmn.exe
[2011/11/13 23:18:58 | 000,170,496 | ---- | M] () -- C:\WINDOWS\System32\setup.exe
[2011/11/13 23:18:24 | 000,168,960 | ---- | M] () -- C:\WINDOWS\System32\rcp.exe
[2011/11/13 23:18:05 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\nwscript.exe
[2011/11/13 23:17:56 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nddeapir.exe
[2011/11/13 23:13:20 | 000,155,648 | ---- | M] () -- C:\WINDOWS\System32\cidaemon.exe
[2011/11/13 22:33:27 | 000,686,080 | ---- | M] () -- C:\WINDOWS\System32\spider.exe
[2011/11/13 22:33:27 | 000,267,264 | ---- | M] () -- C:\WINDOWS\System32\winmine.exe
[2011/11/13 22:33:20 | 000,286,208 | ---- | M] () -- C:\WINDOWS\System32\sndvol32.exe
[2011/11/13 21:12:26 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\rkill.com
[2011/11/13 20:41:50 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/13 16:12:30 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/11/13 15:35:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\MBR.dat
[2011/11/13 12:25:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Willy\Desktop\aswMBR.exe
[2011/11/13 10:15:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Willy\Desktop\dds.scr
[2011/11/13 09:03:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\g5wc9831.exe
[2011/11/13 08:14:48 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\Audacity.lnk
[2011/11/13 07:42:51 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\HiJackThis.lnk
[2011/11/13 07:24:35 | 000,061,136 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111113_072422.reg
[2011/11/12 20:48:18 | 109,555,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/12 20:39:43 | 000,203,952 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111112_203935.reg
[2011/11/12 20:38:33 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/12 20:20:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/12 20:20:56 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/11 08:16:10 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 08:16:10 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/11 07:29:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/08 18:35:30 | 000,347,999 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/11/06 20:16:52 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/06 20:15:18 | 000,438,110 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111112-203302.backup
[2011/10/29 17:29:59 | 000,159,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/28 18:38:59 | 000,504,072 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\What is this redo.wav
[2011/10/28 17:28:12 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111028_182804.reg
[2011/10/26 21:08:24 | 000,437,876 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111106-201518.backup
[2011/10/23 11:55:41 | 000,029,324 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111023_125532.reg
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 18:56:02 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_10417114.lnk
[2011/11/21 06:25:18 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 20:51:47 | 000,006,994 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\wscntfy.zip
[2011/11/19 09:06:06 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\SystemLook.exe
[2011/11/19 09:02:29 | 000,414,398 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\19 todayTemp.zip
[2011/11/15 06:03:40 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_86641713.lnk
[2011/11/15 06:01:02 | 3219,189,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/14 21:21:36 | 101,750,176 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\setup_11.0.0.1245.x01_2011_11_15_05_56.exe
[2011/11/13 21:12:26 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\rkill.com
[2011/11/13 16:12:30 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/11/13 16:12:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/13 16:10:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/13 16:10:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/13 16:10:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/13 16:10:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/13 16:10:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/13 15:35:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\MBR.dat
[2011/11/13 09:03:04 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\g5wc9831.exe
[2011/11/13 07:24:26 | 000,061,136 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111113_072422.reg
[2011/11/12 20:39:38 | 000,203,952 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111112_203935.reg
[2011/11/12 20:38:33 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/12 20:20:56 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/08 18:56:30 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/10/28 18:38:59 | 000,504,072 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\What is this redo.wav
[2011/10/28 17:28:07 | 000,000,504 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111028_182804.reg
[2011/10/23 11:55:35 | 000,029,324 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111023_125532.reg
[2010/09/08 18:52:19 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/09/08 18:52:19 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/09/08 18:52:19 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/05/05 16:48:45 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll~SPJIRR30
[2010/05/05 00:17:22 | 000,347,999 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/04 21:38:13 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2010/05/04 21:38:13 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2010/05/04 21:37:33 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2010/05/04 21:37:32 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2010/05/04 21:37:32 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2010/05/04 21:37:06 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll~LBAMFCUB
[2010/05/04 21:31:19 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Willy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 21:31:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2010/05/04 18:52:12 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll~PMSUHTHR
[2010/05/04 18:52:00 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin~88ROK6JV
[2010/05/04 18:52:00 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin~MPE8VDS6
[2010/05/04 18:51:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat~GFMPP1LE
[2010/05/04 18:51:53 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll~DEM7DIPO
[2010/05/04 18:51:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat~3IO08NPU
[2010/05/04 18:51:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat~J2K36SN2
[2010/05/04 18:51:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat~6RIEAFCJ
[2010/05/04 18:51:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin~GRG44GPK
[2010/05/04 18:51:46 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe~VQ80USM9
[2010/05/04 18:51:45 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll~TIUE3V1H
[2010/05/04 18:51:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll~OQT81LD6
[2010/05/04 18:51:45 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll~V9IDQ73R
[2010/05/04 18:51:44 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll~MJKTBUK4
[2010/05/04 18:51:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe~GB4S3421
[2010/05/04 18:51:43 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe~SCHJKB0U
[2010/05/04 18:51:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat~F6IPVMR9
[2010/05/04 18:51:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat~484RR6G4
[2010/05/04 18:51:30 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin~DP7GL420
[2010/05/04 18:51:28 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll~3U3TMMFB
[2010/05/04 18:51:27 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe~B5GE33TR
[2010/05/04 18:51:24 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini~BF33GTRV
[2010/05/04 18:51:23 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini~4V6VT35A
[2010/05/04 18:51:23 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini~VV961L3R
[2010/05/04 18:51:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini~RR2FLK4R
[2010/05/04 18:51:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat~N70ITUKI
[2010/05/04 18:51:19 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat~PE987NNI
[2010/05/04 18:51:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE~VUR5ITGC
[2010/05/04 18:50:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin~HI4VA4QA
[2010/05/04 18:50:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll~C3EEC6RG
[2010/05/04 18:50:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll~A5N17R0T
[2010/05/04 18:50:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe~CUM0EJP4
[2010/05/04 18:50:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI~PPDK8VVT
[2010/05/04 18:34:15 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Willy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini~5E8J6BV9
[2010/05/04 18:33:52 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT~G7DMU5CC
[2010/05/04 17:33:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/04 17:30:25 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/05/04 17:28:38 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/03 11:23:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2010/05/03 11:20:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/05/03 11:20:49 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/05/03 11:20:49 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/05/03 11:20:49 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/05/03 11:20:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/05/03 11:20:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/05/03 11:20:49 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe
 
Here is part 2

[2010/05/03 11:20:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/05/03 11:20:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/05/03 11:20:22 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/05/03 11:18:31 | 000,001,151 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:26:35 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\sndvol32.exe
[2008/04/25 16:26:33 | 000,267,264 | ---- | C] () -- C:\WINDOWS\System32\winmine.exe
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:26:28 | 000,686,080 | ---- | C] () -- C:\WINDOWS\System32\spider.exe
[2008/04/25 11:16:28 | 000,159,232 | ---- | C] () -- C:\WINDOWS\System32\winmsd.exe
[2008/04/25 11:16:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\tlntadmn.exe
[2008/04/25 11:16:24 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\setup.exe
[2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 11:16:22 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 11:16:22 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\rcp.exe
[2008/04/25 11:16:22 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 11:16:21 | 000,273,920 | ---- | C] () -- C:\WINDOWS\System32\nwscript.exe
[2008/04/25 11:16:20 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nddeapir.exe
[2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 11:16:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\cidaemon.exe
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 000,153,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/05/17 14:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 14:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/04 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/05/04 18:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apricorn
[2011/11/13 08:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/03 08:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/03 08:50:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/04 18:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/11/13 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/07/25 16:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/05/23 19:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/04 18:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/05/04 18:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2011/10/01 09:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\AVG2012
[2011/10/19 20:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\NCH Swift Sound
[2010/05/04 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\Nikon
[2011/01/08 15:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\SanDisk
[2010/05/04 18:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\Windows Desktop Search
[2010/05/04 18:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\Windows Search
[2011/11/21 19:40:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/04 21:30:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 18:32:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT~LEK4NGI7
[2011/05/22 20:37:24 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/11/13 16:12:30 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/20 22:20:14 | 000,014,500 | ---- | M] () -- C:\ComboFix.txt
[2010/05/04 21:30:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/04 18:32:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS~V9KG1E69
[2010/05/03 11:23:16 | 000,006,794 | RH-- | M] () -- C:\dell.sdr
[2011/11/21 19:09:50 | 3219,189,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/04 21:33:13 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/05/04 18:39:18 | 000,000,000 | -H-- | M] () -- C:\IO.SYS~GG7RM9LG
[2010/07/25 13:15:35 | 000,421,346 | ---- | M] ( ) -- C:\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/05/04 21:33:13 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2010/05/04 18:39:18 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS~SQQ08PQA
[2010/05/03 11:23:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/03 11:23:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/21 19:09:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/11/13 21:14:56 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010/05/11 22:48:10 | 000,000,195 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/11/20 20:52:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\wscntfy.exe

< %systemroot%\Fonts\*.com >
[2006/04/18 22:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 21:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 22:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 21:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/05/04 21:35:49 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
[2010/05/04 18:48:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini~QRJP21SG

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/05/04 21:38:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll~4FMF9UP5
[2010/05/05 16:48:59 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll~HLVBHD0H
[2010/05/04 18:51:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll~K68V7OHV
[2010/05/04 21:38:11 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/05/04 18:51:58 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll~DV1TTALO
[2011/11/15 08:00:55 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2010/05/04 18:51:58 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe~8QF6ED90

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/05/04 21:37:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/05/04 18:50:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav~BTHF3K9V
[2010/05/04 21:37:10 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/05/04 18:50:53 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav~GT5TN7IJ
[2010/05/04 21:37:10 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2010/05/04 18:50:53 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav~DCCB8AFS

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/04 21:31:07 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2010/05/04 18:33:55 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini~9V4L8F6E

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/04 17:44:47 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Willy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/05/04 21:31:15 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Willy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/05/04 18:34:03 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Willy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf~80QVGIHG

< %USERPROFILE%\Desktop\*.exe >
[2011/11/13 12:25:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Willy\Desktop\aswMBR.exe
[2011/11/20 22:09:10 | 004,303,229 | R--- | M] (Swearware) -- C:\Documents and Settings\Willy\Desktop\ComboFix.exe
[2011/11/13 09:03:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\g5wc9831.exe
[2011/11/21 19:49:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
[2011/11/14 21:21:38 | 101,750,176 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\setup_11.0.0.1245.x01_2011_11_15_05_56.exe
[2011/11/19 09:06:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2010/05/04 21:35:34 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf
[2010/05/04 18:48:20 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf~NJOJ9VGI

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/04 17:44:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Willy\Favorites\Desktop.ini
[2010/07/25 16:10:06 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Willy\Favorites\NCH Audio and Telephony Software.lnk
[2010/07/25 16:09:55 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Willy\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/21 19:48:47 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\Willy\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2011/11/13 23:09:09 | 000,464,896 | ---- | M] () -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2010/05/04 21:36:42 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2010/05/04 18:50:07 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe~BKOJ5KNO

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2010/05/04 21:34:19 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2010/05/04 18:42:05 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll~5P39HRQG
[2010/05/04 21:34:19 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2010/05/04 18:42:05 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif~498D3GJ3
[2010/05/04 21:34:19 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2010/05/04 18:42:05 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif~8DVSMC8P
[2010/05/04 21:34:19 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2010/05/04 18:42:05 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll~T7I9Q1HR
[2010/05/04 21:34:19 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2010/05/04 18:42:05 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll~EU2I2IKL
[2010/05/04 18:42:05 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe~GFKE3TB8
[2010/05/04 21:34:19 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2010/05/04 18:42:05 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav~S9RHEVIL
[2010/05/04 21:34:19 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2010/05/04 18:42:05 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav~GT2EU5RG
[2010/05/04 21:34:19 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2010/05/04 18:42:05 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav~7BDUJR1C
[2010/05/04 21:34:19 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2010/05/04 18:42:05 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav~7MOPA9J7
[2010/05/04 21:34:19 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2010/05/04 18:42:05 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm~TJA8AB5N

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >
 
Now here is the extras file

OTL Extras logfile created on: 11/21/2011 7:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Willy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.07% Memory free
4.83 Gb Paging File | 4.36 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 453.44 Gb Total Space | 311.55 Gb Free Space | 68.71% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: Willy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*:Disabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:mad:xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:mad:xpsp2res.dll,-22019


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Apricorn*EZ*Gig*II
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"KoRE 10-Bit Librarian" = KoRE 10-Bit Librarian
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"Stamp" = Stamp ID3 Tag Editor
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Dell Touchpad
"ToolBox" = NCH Toolbox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2011 1:38:23 PM | Computer Name = XPS | Source = MsiInstaller | ID = 11719
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 11/13/2011 1:39:09 PM | Computer Name = XPS | Source = MsiInstaller | ID = 11719
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 11/13/2011 5:13:53 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application cf14139.3xe, version 5.1.2600.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/13/2011 10:44:40 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application cf13784.3xe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/14/2011 8:49:36 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/14/2011 8:49:48 PM | Computer Name = XPS | Source = Application Error | ID = 1001
Description = Fault bucket 775758334.

Error - 11/14/2011 11:06:47 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x00009584.

Error - 11/14/2011 11:06:54 PM | Computer Name = XPS | Source = Application Error | ID = 1001
Description = Fault bucket 1705418192.

Error - 11/21/2011 7:55:30 PM | Computer Name = XPS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: Access is denied.

Error - 11/21/2011 7:55:42 PM | Computer Name = XPS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: Access is denied.

[ System Events ]
Error - 11/21/2011 8:10:36 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:10:36 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:10:49 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:11:10 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:11:10 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:11:10 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:12:07 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:12:08 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:12:08 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:55:02 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding


< End of report >
 
Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code: 
    :OTL
DRV - File not found [File_System | Unknown | Running] -- -- (4035581drv)
DRV - File not found [Kernel | Unknown | Running] -- -- (36295225)
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_10417114.lnk = C:\Documents and Settings\Willy\Local Settings\temp\_uninst_10417114.bat ()
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_86641713.lnk = File not found
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.

==========================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.

============================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.
  • Double-click SecurityCheck.exe
  • Follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.


2. Download Temp File Cleaner (TFC)
  • Double click on TFC.exe to run the program.
  • Click on Start button to begin cleaning process.
  • TFC will close all running programs, and it may ask you to restart computer.


3. Please run a free online scan with the ESET Online Scanner

  • Disable your antivirus program
  • Tick the box next to YES, I accept the Terms of Use
  • Click Start
  • Accept any security warnings from your browser.
  • Check Scan archives
  • Click Start
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click on List of found threats
  • Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • NOTE. If Eset won't find any threats, it won't produce any log.
 
hello
I ran OTL with the pasted content and ran Run Fix. The computer asked me to reboot to finish the process. I did reboot. i don't see any OTL file on the desktop. I am working on the Java update now.
 
ok
Java won't load. i get an error message that some file in documents and settings does not exist.

Should i run Java ra to remove old fragments of Java before installing the newest version?
 
Ok
java update won't load. I get after the click install a pop up window saying abort install refresh web page to install, but it doesn't get past that point.
What do i do now?
 
hello
Ok. ran OTL again. Still didn't get any log at conclusion of program running.
I ran JavaRa. i think it removed Java, but am not sure.
I ran the Java offline install. Am not sure that Java is loaded.
At least when I ran Security check,it produced a log. Here it is

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
AVG 2012
ESET Online Scanner v3
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 20
Java(TM) 6 Update 7
Out of date Java installed!
Adobe Reader X (10.1.1)
````````````````````````````````
Process Check:
objlist.exe by Laurent
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
AVG avgrsx.exe
AVG avgemc.exe
``````````End of Log````````````
 
Ok...well maybe not okay.
Can't get OTL to produce a log file.
Really not sure that either JavaRa removed the old Java remnants or that the latest java version got installed.
The ESET scan keeps dosen't load- I get unexpected error 101
Now what do I do now?
 
What happened when you started Java installer?

Instead of Eset....

Please, run F-Secure Online Scanner

  • Disable your Antivirus program.
  • Checkmark I have read and accepted the license terms.
  • Click on Run Check button.
  • Quick scan (recommended) option will come pre-checked. Don't change it.
  • Click on Start button.
  • When scan is done, in Step 3: Clean the files, leave all settings as they're.
  • Click Next button.
  • Click Full report... button.
  • Copy report's content and paste it into your next reply.
 
When I try to install Java, the program runs for 10-15 seconds and then a popup titled "Abort- Java(TM) Installer". in the box below the title is the message "To restart the Java(TM) installer, please refresh the web page."

i guess this keeps me from running F-secure at this time.
 
You shouldn't be getting "refresh the web page" message if you're running OFFLINE installer.
Are you sure you downloaded "offline" installer?
 
Well...
I tried to install Java offline from the manual download site.
The window popsup asking do I want to install, click install, Then the window dissapears and nothing more happens, no hard drive activity light flashing,. nothing.

You can send me my next instructions, but I'm singing off for tonight. Thank you for your attention in trying to exise this menace from my laptop.
 
Hello
After some rest i am hopelly better focused to the task at hand.

Was able to run ESET from google chrome.

Here is the found threats log from ESET

C:\Qoobox\Quarantine\C\WINDOWS\system32\wscntfy.exe.vir Win32/Expiro.X virus
 
Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code: 
:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

  • Double-click OTL.exe to start the program.
  • Close all other programs apart from OTL as this step will require a reboot
  • On the OTL main screen, press the CLEANUP button
  • Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.
 
Hello
Thank you
Yeah, the programs and shortcuts that were not working are still lost.

Now that expiro has left the building, if I run recovery from my hard drive backup thats located on an external hard drive, do I have a chance of recovering those lost shortcuts and programs?
 
I'm not sure.

Previously I gave you instructions how to recreate those things manually.

Make sure your backup is clean!

Any other issues?
 
Hello
Here is an update.
Couldn't get the Easy-gig backup to load onto the laptop. Apricorn Easy-gig had problems operating.

I did a repair install of XP with the other XP disc from another computer.
The two Microsoft updates that wouldn't download before still wouldn't download.
Contacted Microsoft re: MS updates that wouldn't download. E-mail replies from MS resolved that issue.

Secunia still kept seing old versions of Java after repeated JavaRa applications.
I downdloded Revo Uninstaller. It found the other version of Java and removed it.

Uninstalled other programs tha weren't operating properly (Audacity, Picture Project, Apricorn Easy-gig, Java)

Result...everything appears to be as it was before the infection.

Thanks again for the help in exorising the demon from the laptop.
Live long and prosper.
 
You must log in or register to reply here.

Similar threads

wshknwntlprtmn
  • Locked
Inactive Not sure what's going on here....
Replies
12
Views
2K
Broni
Broni
S
  • Locked
Inactive Am I infected?
Replies
8
Views
3K
Broni
Broni
E
Solved Svchost.exe launching multiple iexplore.exe - unknown cause
Replies
23
Views
3K
Broni
Broni

Latest posts

Back