Appear to be infected eith expiro.x

Hello
I am not sure that I did what you requested. I just select all and copied the whole deal.

VT Community Sign in ▼ My account ▼ Sign out Signing out... Languages ▼

VirusTotal's website has changed, we need new translations, do you feel like helping the community?
info@virustotal.com
Sign in to VT CommunitySafety ratings and user comments (disinfection, in-the-wild locations, reverse engineering reports, etc.) on malware and URLs, free and easy.
email
password
Keep me logged in
Sign in Signing in, please wait...
Login failed, please try again
Forgot your password? Create an account

Edit my profile
View my profile
Inbox

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

1 VT Community user(s) with a total of 1 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: 06344987.sys
Submission date: 2011-11-21 03:52:30 (UTC)
Current status: queued queued analysing finished


Result: 0/ 41 (0.0%)
VT Community

goodware
Safety score: 100.0%
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.11.20.00 2011.11.20 -
AntiVir 7.11.17.237 2011.11.21 -
Antiy-AVL 2.0.3.7 2011.11.21 -
Avast 6.0.1289.0 2011.11.20 -
AVG 10.0.0.1190 2011.11.20 -
BitDefender 7.2 2011.11.20 -
ByteHero 1.0.0.1 2011.11.14 -
ClamAV 0.97.3.0 2011.11.20 -
Commtouch 5.3.2.6 2011.11.20 -
Comodo 10780 2011.11.18 -
DrWeb 5.0.2.03300 2011.11.21 -
Emsisoft 5.1.0.11 2011.11.21 -
eSafe 7.0.17.0 2011.11.20 -
eTrust-Vet 37.0.9576 2011.11.19 -
F-Prot 4.6.5.141 2011.11.20 -
F-Secure 9.0.16440.0 2011.11.21 -
Fortinet 4.3.370.0 2011.11.21 -
GData 22 2011.11.21 -
Ikarus T3.1.1.109.0 2011.11.21 -
Jiangmin 13.0.900 2011.11.16 -
K7AntiVirus 9.119.5497 2011.11.19 -
Kaspersky 9.0.0.837 2011.11.21 -
McAfee 5.400.0.1158 2011.11.21 -
McAfee-GW-Edition 2010.1D 2011.11.20 -
Microsoft 1.7801 2011.11.20 -
NOD32 6646 2011.11.21 -
Norman 6.07.13 2011.11.20 -
nProtect 2011-11-20.01 2011.11.20 -
Panda 10.0.3.5 2011.11.20 -
PCTools 8.0.0.5 2011.11.21 -
Prevx 3.0 2011.11.21 -
Rising 23.84.04.02 2011.11.18 -
Sophos 4.71.0 2011.11.20 -
SUPERAntiSpyware 4.40.0.1006 2011.11.19 -
Symantec 20111.2.0.82 2011.11.21 -
TheHacker 6.7.0.1.345 2011.11.21 -
TrendMicro 9.500.0.1008 2011.11.21 -
TrendMicro-HouseCall 9.500.0.1008 2011.11.21 -
VIPRE 11102 2011.11.21 -
ViRobot 2011.11.21.4784 2011.11.21 -
VirusBuster 14.1.74.0 2011.11.20 -
Additional informationShow all
MD5 : 186b54479d98e48aee0e9ada4b3c4d31
SHA1 : bbf664068f0613d864b9107ce48a70b5f9171076
SHA256: a8c1577876cf16186610f26d7d859f8fda4057aafc33e8212339f56da6a5f874
ssdeep: 1536:mRsWc6M6h7eKmRi66uk1yRjRIRorRe2VCN3CgHx4NqctXos+pk1ilC2DP:mRsXnKv1yRjK
+FCVTx4McposQk+D
File size : 133208 bytes
First seen: 2011-03-18 19:50:19
Last seen : 2011-11-21 03:52:30
TrID:
Win64 Executable Generic (95.5%)
Generic Win/DOS Executable (2.2%)
DOS Executable Generic (2.2%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Kaspersky Lab ZAO
copyright....: (c) 1997-2011 Kaspersky Lab ZAO.
product......: Kaspersky Anti-Virus
description..: Kaspersky Unified Driver
original name: KL1.SYS
internal name: KL1
file version.: 6.6.0.10
comments.....: n/a
signers......: Kaspersky Lab
VeriSign Class 3 Code Signing 2009-2 CA
Class 3 Public Primary Certification Authority
signing date.: 10:23 04/03/2011
verified.....: -

PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x36F0
timedatestamp....: 0x4D70AE22 (Fri Mar 04 09:17:22 2011)
machinetype......: 0x14c (I386)

[[ 6 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1789C, 0x17A00, 6.40, 794a5360eb4e20ccf239c18c6451d366
.4lulz, 0x19000, 0x500000, 0x0, 0.00, d41d8cd98f00b204e9800998ecf8427e
.data, 0x519000, 0x2F3C, 0x3000, 2.63, 9f754f34e66ff10b7e03246ee06345fe
INIT, 0x51C000, 0x5B8, 0x600, 5.25, 833bad5a3134fabc3763390213dcc1f8
.rsrc, 0x51D000, 0x410, 0x600, 2.47, 580c3fbc5f2ab30735cbbaf4a984bb42
.reloc, 0x51E000, 0x3360, 0x3400, 1.48, 962b9d130a712fd5ee4585bda528e896

[[ 2 import(s) ]]
ntoskrnl.exe: _purecall, sprintf, ExFreePool, ExAllocatePoolWithTag, ZwClose, ZwCreateFile, RtlInitUnicodeString, swprintf, ZwReadFile, ZwQueryInformationFile, memcpy, RtlAnsiStringToUnicodeString, RtlInitAnsiString, RtlAppendUnicodeStringToString, RtlFreeUnicodeString, strncmp, KeWaitForSingleObject, ObfDereferenceObject, ObReferenceObjectByHandle, PsCreateSystemThread, RtlFreeAnsiString, RtlUnicodeStringToAnsiString, InitSafeBootMode, RtlEqualUnicodeString, RtlCopyUnicodeString, RtlAppendUnicodeToString, KeReleaseMutex, PsSetLoadImageNotifyRoutine, IoRegisterBootDriverReinitialization, memset, IoDeleteDevice, IoCreateSymbolicLink, IoCreateDevice, PsGetVersion, _except_handler3, ZwQueryValueKey, RtlPrefixUnicodeString, _stricmp, strchr, IoAllocateIrp, _strnicmp, ZwQuerySystemInformation, IoGetRelatedDeviceObject, KeInitializeSpinLock, InterlockedIncrement, InterlockedDecrement, ZwOpenKey, ZwSetValueKey, ZwEnumerateValueKey, DbgPrint, IofCompleteRequest, KeInitializeMutex, rand, srand, memmove
HAL.dll: KfAcquireSpinLock, HalGetAdapter, KfReleaseSpinLock

ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 98304
CompanyName: Kaspersky Lab ZAO
EntryPoint: 0x36f0
FileDescription: Kaspersky Unified Driver
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 130 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 6.6.0.10
FileVersionNumber: 6.6.0.10
ImageVersion: 0.0
InitializedDataSize: 27136
InternalName: KL1
LanguageCode: English (U.S.)
LegalCopyright: 1997-2011 Kaspersky Lab ZAO.
LegalTrademarks: Kaspersky Anti-Virus is registered trademark of Kaspersky Lab ZAO.
LinkerVersion: 8.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 4.0
ObjectFileType: Executable application
OriginalFilename: KL1.SYS
PEType: PE32
ProductName: Kaspersky Anti-Virus
ProductVersion: 1.0.0.0
ProductVersionNumber: 1.0.0.0
Subsystem: Native
SubsystemVersion: 4.0
TimeStamp: 2011:03:04 10:17:22+01:00
UninitializedDataSize: 5242880



VT Community

1
User:Anonymous

Reputation:1 credits

Comment date:2011-09-14 05:56:37 (UTC)
Kaspersky Unified Driver (Antivirus)
Tags: Goodware,
Was this comment helpful? Yes (0) | No (0) | Report abuse Reported as abuseful
User:Anonymous
Reputation:1 credits
Comment date:2011-09-14 05:56:37 (UTC) Kaspersky Unified Driver (Antivirus) Tags: Goodware, Was this comment helpful? Yes (0) | No (0) | Report abuse Reported as abuseful
Loading...


Prev1Next



Add your comment... Remember that when you write comments as an anonymous user they receive the lowest possible reputation. So if you have not signed in yet don't forget to do so. How to markup your comments?

You can add basic styles to your comments using the following accepted bbcode tags:

text -- bold
text -- italics
text -- underline
text -- strikethrough

Code:

text

-- preformatted text

You can also address comments to particular users using the "@" twitter-like mode. By prepending a "#" symbol to a word you can add custom tags to your comment, tags that can then be searched for.

Goodware Malware Spam attachment/link
P2P download Propagating via IM Network worm
Drive-by-download



Anonymous limit exceeded: anonymous users can only make one comment per file or URL, either sign in or register in order to continue making reviews on this item. Note that anonymous user discrimination is based on IP addresses, hence, it may be possible that another user behind your same proxy or NAT connection already made a review.

Preview commentEdit comment Post comment Posting comment...
Comment successfully posted







ATTENTION: VirusTotal is a free service offered by Hispasec Sistemas. There are no guarantees about the availability and continuity of this service. Although the detection rate afforded by the use of multiple antivirus engines is far superior to that offered by just one product, these results DO NOT guarantee the harmlessness of a file. Currently, there is not any solution that offers a 100% effectiveness rate for detecting viruses and malware.
VirusTotal © Hispasec Sistemas - Blog - Twitter - Contact: info@virustotal.com- TOS & Privacy Policy

Hello
Got your PM.
The laptop is having problems launching windows media player, AVG 2012,CCleaner and Audacity.
A popup claims problem with shortcut moved or no longer working properly.
The desktop icons are changed to a generic icon except Audacity.
Audacity desktop icon is changed. When I click on the changed audicity icon to start audicity,I am asked only do i want to uninstall audacity and all of its components?

When I try to start Microsoft Word, a popup box appears saying ther is a problem and I should go to setup and click repair. If i click outside of that popup, Word comes up without problems.
I can't seem to open any of the XP installed games either (like space cadet pinball).

Otherwise things seem fine.

I will run Malwarebytes again and post the log.

Hello
Here is the latest Malwarebytes log

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8206

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/21/2011 6:32:42 AM
mbam-log-2011-11-21 (06-32-42).txt

Scan type: Quick scan
Objects scanned: 173052
Time elapsed: 3 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 7
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 91

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Windows Media Player (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{1B16CE61-2406-412F-969E-21BC082F76E8} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{35B9A4B1-7CA6-4AEC-8762-1B590056C05D} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{D61A27C0-8F53-11D0-BFA0-00A024151983} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{8DE06D9A-7FB0-4A94-A7A3-33B5A1BF90D1} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{87E403C2-6DAA-4C76-A3CD-FB6E344B86B8} (Virus.Expiro) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\TypeLib\{204810B3-73B2-11D4-BF42-00B0D0118B56} (Virus.Expiro) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\program files\common files\microsoft shared\MSInfo\msinfo32.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\internet explorer\iedw.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\netmeeting\conf.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\outlook express\oemig50.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\outlook express\setup50.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\outlook express\wabmig.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\windows media player\migrate.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\windows media player\setup_wm.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\program files\windows nt\dialer.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\makecab.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rexec.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\accwiz.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\diantz.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dumprep.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\eventtriggers.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fxssend.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ipsec6.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\netsetup.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mplay32.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ntsd.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\packager.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ping6.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\proxycfg.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rdsaddin.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rdshost.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rsm.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rsmsink.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rsmui.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rsnotify.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\setupn.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\spiisupd.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\stimon.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sysocmgr.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tlntsess.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\winchat.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wpabaln.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\actmovie.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\asr_fmt.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\asr_pfu.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\blastcln.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ckcnv.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\clipbrd.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ddeshare.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\dpvsetup.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\freecell.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fxsclnt.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\fxscover.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ipv6.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ipxroute.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lpq.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\lpr.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mqbkup.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mqtgsvc.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mshearts.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ntbackup.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\regini.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\routemon.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rsh.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\rtcshare.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\savedump.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\shmgrate.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\skeys.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sndrec32.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\sol.exe (Trojan.FakeMS) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\syncapp.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tcpsvcs.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\telnet.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tftp.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\tracert6.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\upnpcont.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\usrmlnka.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\usrprbda.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\usrshuta.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wpnpinst.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wuauclt1.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\xcopy.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\ahui.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\mmcperf.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\Com\comrepl.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\oobe\oobebaln.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\mofcomp.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\unsecapp.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\wbemtest.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\winmgmt.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\wmiadap.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\wmiprvse.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\scrcons.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\system32\wbem\wmic.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\twunk_32.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\winhlp32.exe (Virus.Expiro) -> Quarantined and deleted successfully.
c:\WINDOWS\hh.exe (Virus.Expiro) -> Quarantined and deleted successfully.

Hello
Adobe Flash player would like to update.
Windows is asking to install security updates in automatic updates.
I have none neither awaiting your approval to do so.

Hello
More questions...
Is it alright to reinstall AVG onto the laptop now?

Hello
Windows security update KB981997 and KB952069 refuses to load.

Here is today's MBAM log. I will run Kaspersky again per instructions.

Malwarebytes' Anti-Malware 1.51.2.1300
www.malwarebytes.org

Database version: 8211

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

11/21/2011 6:40:03 PM
mbam-log-2011-11-21 (18-40-03).txt

Scan type: Quick scan
Objects scanned: 172944
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Hello
Here is the Kaspersky file. I hope I copied it correctly.
http://www.filedropper.com/kp21

Hello
I forgot to mention that the Kaspersky scan stopped with a BSOD.
the screen mentioned a stop:0X000000F4 (0X00000003, OX86915B28, OX86915C9C, OX8O5D29B4)
I hard rebooted and continued the scan.

The computer is still as it was in reply#63 (13 Hours ago). I noticed that i don't have quicktime player or Picture Project (Nikon photo magement program) either. Just more damage from the virus I guess. i will run OTL now.

Ok. here is the OTL file (in two parts)

OTL logfile created on: 11/21/2011 7:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Willy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.07% Memory free
4.83 Gb Paging File | 4.36 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 453.44 Gb Total Space | 311.55 Gb Free Space | 68.71% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: Willy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/11/21 19:49:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
PRC - [2011/11/19 09:05:10 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2011/11/15 06:53:57 | 000,368,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDMedia.exe
PRC - [2011/11/15 06:53:57 | 000,315,392 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDPOP3.exe
PRC - [2011/11/14 21:28:27 | 000,770,560 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe
PRC - [2011/11/14 21:27:10 | 000,823,296 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Wireless\Bin\ZCfgSvc.exe
PRC - [2011/11/14 21:26:51 | 000,036,864 | ---- | M] (Creative Technology Ltd.) -- C:\WINDOWS\OEM02Mon.exe
PRC - [2011/09/08 19:53:26 | 000,743,264 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgrsx.exe
PRC - [2011/08/31 17:00:48 | 000,449,608 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2011/08/15 05:21:40 | 000,337,760 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Program Files\AVG\AVG2012\avgcsrvx.exe
PRC - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe
PRC - [2007/10/09 12:33:10 | 001,949,480 | ---- | M] (Apricorn) -- C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe
PRC - [2007/10/09 12:20:04 | 001,169,264 | ---- | M] (Apricorn) -- C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe
PRC - [2007/07/18 00:26:24 | 000,203,024 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\LCD Manager\Applets\LCDClock.exe


========== Modules (No Company Name) ==========

MOD - [2007/10/09 11:12:18 | 000,050,408 | ---- | M] () -- C:\Program Files\Common Files\Apricorn\Common\gc.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- -- (mnmsrvc)
SRV - File not found [On_Demand | Stopped] -- -- (ClipSrv)
SRV - File not found [On_Demand | Stopped] -- -- (CiSvc)
SRV - [2011/08/31 17:00:48 | 000,366,152 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2008/04/24 12:26:18 | 000,202,560 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Comcast\Desktop Doctor\bin\sprtsvc.exe -- (sprtsvc_ddoctorv2) SupportSoft Sprocket Service (ddoctorv2)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Unknown | Running] -- -- (4035581drv)
DRV - File not found [Kernel | Unknown | Running] -- -- (36295225)
DRV - [2011/11/15 05:56:32 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\06344987.sys -- (06344987)
DRV - [2011/10/07 06:23:48 | 000,230,608 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgldx86.sys -- (Avgldx86)
DRV - [2011/10/04 06:21:42 | 000,016,720 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSShim.sys -- (AVGIDSShim)
DRV - [2011/09/13 05:30:10 | 000,032,592 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\avgrkx86.sys -- (Avgrkx86)
DRV - [2011/08/31 17:00:50 | 000,022,216 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2011/08/08 05:08:58 | 000,040,016 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\avgmfx86.sys -- (Avgmfx86)
DRV - [2011/07/11 00:14:38 | 000,295,248 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\avgtdix.sys -- (Avgtdix)
DRV - [2011/07/11 00:14:28 | 000,024,272 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSFilter.sys -- (AVGIDSFilter)
DRV - [2011/07/11 00:14:28 | 000,023,120 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\AVGIDSEH.Sys -- (AVGIDSEH)
DRV - [2011/07/11 00:14:26 | 000,134,608 | ---- | M] (AVG Technologies CZ, s.r.o. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\AVGIDSDriver.sys -- (AVGIDSDriver)
DRV - [2010/05/04 21:37:27 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2010/05/04 21:37:27 | 000,056,832 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2010/05/04 21:37:27 | 000,039,936 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2010/05/04 21:37:27 | 000,037,376 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2010/05/04 21:37:27 | 000,012,416 | ---- | M] (Intel Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\s24trans.sys -- (s24trans)
DRV - [2010/05/04 21:37:27 | 000,007,424 | ---- | M] (EyePower Games Pte. Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Vfx.sys -- (OEM02Vfx)
DRV - [2010/05/04 21:37:26 | 002,211,456 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NETw4x32.sys -- (NETw4x32) Intel(R)
DRV - [2010/05/04 21:37:26 | 000,235,520 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\OEM02Dev.sys -- (OEM02Dev)
DRV - [2010/05/04 21:37:26 | 000,141,376 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\OEM02Afx.sys -- (OEM02Afx)
DRV - [2010/05/04 21:37:25 | 000,876,384 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\btkrnl.sys -- (BTKRNL)
DRV - [2010/05/04 21:37:25 | 000,161,792 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\b57xp32.sys -- (b57w2k)
DRV - [2010/05/04 21:37:25 | 000,103,168 | ---- | M] (Knowles Acoustics) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\dxec02.sys -- (DXEC02)
DRV - [2010/05/04 21:37:25 | 000,067,960 | ---- | M] (Broadcom Corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\btwusb.sys -- (BTWUSB)
DRV - [2010/05/04 21:37:24 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2010/05/04 18:00:54 | 000,400,560 | ---- | M] (Apricorn) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2010/05/04 18:00:54 | 000,039,376 | ---- | M] (Apricorn) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2010/05/04 18:00:52 | 000,120,688 | ---- | M] (Apricorn) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Help_Page = http://support.dell.com/support/index.aspx?c=us&l=en&s=gen


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG2012\Firefox4\


O1 HOSTS File: ([2011/11/20 22:16:54 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG2012\avgssie.dll (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [AcronisTimounterMonitor] C:\Program Files\Apricorn\EZ Gig II\TimounterMonitor.exe (Apricorn)
O4 - HKLM..\Run: [EZGigMonitor.exe] C:\Program Files\Apricorn\EZ Gig II\EZGigMonitor.exe (Apricorn)
O4 - HKLM..\Run: [IntelZeroConfig] C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe (Intel Corporation)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Common Files\Logitech\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NVHotkey] C:\WINDOWS\System32\nvhotkey.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [OEM02Mon.exe] C:\WINDOWS\OEM02Mon.exe (Creative Technology Ltd.)
O4 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005..\Run: [SansaDispatch] C:\Documents and Settings\Willy\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk = File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk = File not found
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk = File not found
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_10417114.lnk = C:\Documents and Settings\Willy\Local Settings\temp\_uninst_10417114.bat ()
O4 - Startup: C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_86641713.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft.com/fwlink/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_20-windows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444552440000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.73.246 68.87.71.230
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{7CB558CA-7A14-4544-831F-81392933243A}: DhcpNameServer = 68.87.73.246 68.87.71.230
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG2012\avgpp.dll (AVG Technologies CZ, s.r.o.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Willy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Willy\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (relog_ap) -C:\WINDOWS\System32\relog_ap.dll (Apricorn)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/05/04 21:30:46 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/05/04 18:32:31 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT~LEK4NGI7 -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *)
O34 - HKLM BootExecute: (C:\PROGRA~1\AVG\AVG2012\avgrsx.exe /sync /restart)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error creating restore point.

========== Files/Folders - Created Within 30 Days ==========

[2011/11/21 19:49:13 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
[2011/11/21 19:10:55 | 000,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2011/11/21 06:25:18 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/11/21 06:25:13 | 000,022,216 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/11/21 06:25:13 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/11/20 22:46:35 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/11/20 22:20:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2011/11/20 20:52:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Willy\Desktop\wscntfy
[2011/11/14 22:49:56 | 000,133,208 | ---- | C] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06344987.sys
[2011/11/13 23:07:10 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/11/13 20:17:11 | 000,000,000 | ---D | C] -- C:\ff73cd1785e82edb873a9ba1864eec01
[2011/11/13 16:12:26 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/11/13 16:10:30 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/11/13 16:10:30 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/11/13 16:10:30 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/11/13 16:10:30 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/11/13 16:10:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/11/13 16:09:28 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/11/13 16:06:31 | 004,303,229 | R--- | C] (Swearware) -- C:\Documents and Settings\Willy\Desktop\ComboFix.exe
[2011/11/13 12:25:25 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Willy\Desktop\aswMBR.exe
[2011/11/13 10:17:34 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Willy\Start Menu\Programs\Administrative Tools
[2011/11/13 10:15:44 | 000,607,260 | R--- | C] (Swearware) -- C:\Documents and Settings\Willy\Desktop\dds.scr
[2011/11/13 08:28:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Willy\Application Data\Malwarebytes
[2011/11/13 08:28:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/11/12 20:48:26 | 000,134,608 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSDriver.sys
[2011/11/12 20:48:26 | 000,024,272 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSFilter.sys
[2011/11/12 20:48:26 | 000,023,120 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSEH.sys
[2011/11/12 20:48:25 | 000,016,720 | ---- | C] (AVG Technologies CZ, s.r.o. ) -- C:\WINDOWS\System32\drivers\AVGIDSShim.sys
[2011/11/12 20:48:24 | 000,295,248 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgtdix.sys
[2011/11/12 20:48:23 | 000,040,016 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgmfx86.sys
[2011/11/12 20:48:20 | 000,230,608 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgldx86.sys
[2011/11/12 20:48:20 | 000,032,592 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\WINDOWS\System32\drivers\avgrkx86.sys
[2011/11/12 20:38:33 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner
[2011/11/12 20:38:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/10/22 20:21:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Willy\My Documents\yes
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/11/21 19:49:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
[2011/11/21 19:41:39 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\Microsoft Word 2007.lnk
[2011/11/21 19:40:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/11/21 19:10:39 | 000,347,999 | ---- | M] () -- C:\WINDOWS\System32\nvModes.001
[2011/11/21 19:10:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/11/21 19:09:50 | 3219,189,760 | -HS- | M] () -- C:\hiberfil.sys
[2011/11/21 18:56:02 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_10417114.lnk
[2011/11/21 09:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job~S09TTUSO
[2011/11/21 09:06:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/11/21 06:25:18 | 000,000,786 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 22:16:54 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/11/20 22:09:10 | 004,303,229 | R--- | M] (Swearware) -- C:\Documents and Settings\Willy\Desktop\ComboFix.exe
[2011/11/20 20:51:47 | 000,006,994 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\wscntfy.zip
[2011/11/19 09:06:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\SystemLook.exe
[2011/11/19 09:02:30 | 000,414,398 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\19 todayTemp.zip
[2011/11/17 05:03:19 | 000,004,608 | ---- | M] () -- C:\Documents and Settings\Willy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/11/15 07:57:35 | 000,281,088 | ---- | M] (Cinematronics) -- C:\WINDOWS\System32\dllcache\pinball.exe
[2011/11/15 07:53:13 | 001,503,232 | ---- | M] () -- C:\WINDOWS\System32\ptj.exe
[2011/11/15 07:52:42 | 001,339,392 | ---- | M] () -- C:\WINDOWS\System32\nvdspsch.exe
[2011/11/15 07:52:38 | 000,442,368 | ---- | M] () -- C:\WINDOWS\System32\nvappbar.exe
[2011/11/15 07:51:25 | 000,425,984 | ---- | M] () -- C:\WINDOWS\System32\keystone.exe
[2011/11/15 07:50:31 | 000,024,576 | ---- | M] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2011/11/15 07:49:38 | 000,356,352 | ---- | M] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2011/11/15 07:23:04 | 000,086,016 | ---- | M] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2011/11/15 07:23:01 | 000,077,824 | ---- | M] () -- C:\WINDOWS\setpwr32.exe
[2011/11/15 06:03:41 | 000,000,812 | ---- | M] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_86641713.lnk
[2011/11/15 05:56:32 | 000,133,208 | ---- | M] (Kaspersky Lab ZAO) -- C:\WINDOWS\System32\drivers\06344987.sys
[2011/11/14 21:26:45 | 001,626,112 | ---- | M] () -- C:\WINDOWS\System32\nwiz.exe
[2011/11/14 21:21:38 | 101,750,176 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\setup_11.0.0.1245.x01_2011_11_15_05_56.exe
[2011/11/13 23:19:44 | 000,159,232 | ---- | M] () -- C:\WINDOWS\System32\winmsd.exe
[2011/11/13 23:19:21 | 000,208,896 | ---- | M] () -- C:\WINDOWS\System32\tlntadmn.exe
[2011/11/13 23:18:58 | 000,170,496 | ---- | M] () -- C:\WINDOWS\System32\setup.exe
[2011/11/13 23:18:24 | 000,168,960 | ---- | M] () -- C:\WINDOWS\System32\rcp.exe
[2011/11/13 23:18:05 | 000,273,920 | ---- | M] () -- C:\WINDOWS\System32\nwscript.exe
[2011/11/13 23:17:56 | 000,151,552 | ---- | M] () -- C:\WINDOWS\System32\nddeapir.exe
[2011/11/13 23:13:20 | 000,155,648 | ---- | M] () -- C:\WINDOWS\System32\cidaemon.exe
[2011/11/13 22:33:27 | 000,686,080 | ---- | M] () -- C:\WINDOWS\System32\spider.exe
[2011/11/13 22:33:27 | 000,267,264 | ---- | M] () -- C:\WINDOWS\System32\winmine.exe
[2011/11/13 22:33:20 | 000,286,208 | ---- | M] () -- C:\WINDOWS\System32\sndvol32.exe
[2011/11/13 21:12:26 | 001,008,092 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\rkill.com
[2011/11/13 20:41:50 | 000,001,761 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader X.lnk
[2011/11/13 16:12:30 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2011/11/13 15:35:36 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\MBR.dat
[2011/11/13 12:25:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Willy\Desktop\aswMBR.exe
[2011/11/13 10:15:45 | 000,607,260 | R--- | M] (Swearware) -- C:\Documents and Settings\Willy\Desktop\dds.scr
[2011/11/13 09:03:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\g5wc9831.exe
[2011/11/13 08:14:48 | 000,000,632 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\Audacity.lnk
[2011/11/13 07:42:51 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\HiJackThis.lnk
[2011/11/13 07:24:35 | 000,061,136 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111113_072422.reg
[2011/11/12 20:48:18 | 109,555,420 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\incavi.avm
[2011/11/12 20:39:43 | 000,203,952 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111112_203935.reg
[2011/11/12 20:38:33 | 000,000,684 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/12 20:20:57 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/11/12 20:20:56 | 000,000,873 | ---- | M] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/11 08:16:10 | 000,443,482 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/11/11 08:16:10 | 000,072,582 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/11/11 07:29:03 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/11/08 18:35:30 | 000,347,999 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat
[2011/11/06 20:16:52 | 000,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AVG 2012.lnk
[2011/11/06 20:15:18 | 000,438,110 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111112-203302.backup
[2011/10/29 17:29:59 | 000,159,184 | ---- | M] () -- C:\WINDOWS\System32\drivers\AVG\iavichjg.avm
[2011/10/28 18:38:59 | 000,504,072 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\What is this redo.wav
[2011/10/28 17:28:12 | 000,000,504 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111028_182804.reg
[2011/10/26 21:08:24 | 000,437,876 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20111106-201518.backup
[2011/10/23 11:55:41 | 000,029,324 | ---- | M] () -- C:\Documents and Settings\Willy\My Documents\cc_20111023_125532.reg
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/11/21 18:56:02 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_10417114.lnk
[2011/11/21 06:25:18 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/11/20 20:51:47 | 000,006,994 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\wscntfy.zip
[2011/11/19 09:06:06 | 000,139,264 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\SystemLook.exe
[2011/11/19 09:02:29 | 000,414,398 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\19 todayTemp.zip
[2011/11/15 06:03:40 | 000,000,812 | ---- | C] () -- C:\Documents and Settings\Willy\Start Menu\Programs\Startup\_uninst_86641713.lnk
[2011/11/15 06:01:02 | 3219,189,760 | -HS- | C] () -- C:\hiberfil.sys
[2011/11/14 21:21:36 | 101,750,176 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\setup_11.0.0.1245.x01_2011_11_15_05_56.exe
[2011/11/13 21:12:26 | 001,008,092 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\rkill.com
[2011/11/13 16:12:30 | 000,000,245 | ---- | C] () -- C:\Boot.bak
[2011/11/13 16:12:27 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/11/13 16:10:30 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/11/13 16:10:30 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/11/13 16:10:30 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/11/13 16:10:30 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/11/13 16:10:30 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/11/13 15:35:36 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\MBR.dat
[2011/11/13 09:03:04 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\g5wc9831.exe
[2011/11/13 07:24:26 | 000,061,136 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111113_072422.reg
[2011/11/12 20:39:38 | 000,203,952 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111112_203935.reg
[2011/11/12 20:38:33 | 000,000,684 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\CCleaner.lnk
[2011/11/12 20:20:56 | 000,000,873 | ---- | C] () -- C:\WINDOWS\System32\spupdsvc.inf
[2011/11/08 18:56:30 | 000,000,278 | ---- | C] () -- C:\WINDOWS\tasks\switchShakeIcon.job
[2011/10/28 18:38:59 | 000,504,072 | ---- | C] () -- C:\Documents and Settings\Willy\Desktop\What is this redo.wav
[2011/10/28 17:28:07 | 000,000,504 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111028_182804.reg
[2011/10/23 11:55:35 | 000,029,324 | ---- | C] () -- C:\Documents and Settings\Willy\My Documents\cc_20111023_125532.reg
[2010/09/08 18:52:19 | 004,369,408 | ---- | C] () -- C:\WINDOWS\System32\pdftk.exe
[2010/09/08 18:52:19 | 001,503,232 | ---- | C] () -- C:\WINDOWS\System32\ptj.exe
[2010/09/08 18:52:19 | 001,103,360 | ---- | C] () -- C:\WINDOWS\System32\cidfont.dll
[2010/05/05 16:48:45 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll~SPJIRR30
[2010/05/05 00:17:22 | 000,347,999 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat
[2010/05/04 21:38:13 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2010/05/04 21:38:13 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2010/05/04 21:37:33 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2010/05/04 21:37:32 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2010/05/04 21:37:32 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2010/05/04 21:37:06 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll~LBAMFCUB
[2010/05/04 21:31:19 | 000,004,608 | ---- | C] () -- C:\Documents and Settings\Willy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/04 21:31:06 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT
[2010/05/04 18:52:12 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll~PMSUHTHR
[2010/05/04 18:52:00 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin~88ROK6JV
[2010/05/04 18:52:00 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin~MPE8VDS6
[2010/05/04 18:51:54 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat~GFMPP1LE
[2010/05/04 18:51:53 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll~DEM7DIPO
[2010/05/04 18:51:49 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat~3IO08NPU
[2010/05/04 18:51:49 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat~J2K36SN2
[2010/05/04 18:51:47 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat~6RIEAFCJ
[2010/05/04 18:51:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin~GRG44GPK
[2010/05/04 18:51:46 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe~VQ80USM9
[2010/05/04 18:51:45 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll~TIUE3V1H
[2010/05/04 18:51:45 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll~OQT81LD6
[2010/05/04 18:51:45 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll~V9IDQ73R
[2010/05/04 18:51:44 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll~MJKTBUK4
[2010/05/04 18:51:44 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe~GB4S3421
[2010/05/04 18:51:43 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe~SCHJKB0U
[2010/05/04 18:51:42 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat~F6IPVMR9
[2010/05/04 18:51:30 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat~484RR6G4
[2010/05/04 18:51:30 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin~DP7GL420
[2010/05/04 18:51:28 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll~3U3TMMFB
[2010/05/04 18:51:27 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe~B5GE33TR
[2010/05/04 18:51:24 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini~BF33GTRV
[2010/05/04 18:51:23 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini~4V6VT35A
[2010/05/04 18:51:23 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini~VV961L3R
[2010/05/04 18:51:22 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini~RR2FLK4R
[2010/05/04 18:51:20 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat~N70ITUKI
[2010/05/04 18:51:19 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat~PE987NNI
[2010/05/04 18:51:19 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE~VUR5ITGC
[2010/05/04 18:50:59 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin~HI4VA4QA
[2010/05/04 18:50:50 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll~C3EEC6RG
[2010/05/04 18:50:49 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll~A5N17R0T
[2010/05/04 18:50:28 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe~CUM0EJP4
[2010/05/04 18:50:21 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI~PPDK8VVT
[2010/05/04 18:34:15 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Willy\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini~5E8J6BV9
[2010/05/04 18:33:52 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLec.DAT~G7DMU5CC
[2010/05/04 17:33:27 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2010/05/04 17:30:25 | 000,198,144 | ---- | C] () -- C:\WINDOWS\System32\_psisdecd.dll
[2010/05/04 17:28:38 | 000,356,352 | ---- | C] () -- C:\WINDOWS\System32\AegisI5Installer.exe
[2010/05/03 11:23:14 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\DSRIRREM.EXE
[2010/05/03 11:20:49 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2010/05/03 11:20:49 | 001,626,112 | ---- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2010/05/03 11:20:49 | 001,478,656 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2010/05/03 11:20:49 | 001,339,392 | ---- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2010/05/03 11:20:49 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2010/05/03 11:20:49 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2010/05/03 11:20:49 | 000,442,368 | ---- | C] () -- C:\WINDOWS\System32\nvappbar.exe

Here is part 2

[2010/05/03 11:20:49 | 000,425,984 | ---- | C] () -- C:\WINDOWS\System32\keystone.exe
[2010/05/03 11:20:26 | 000,077,824 | ---- | C] () -- C:\WINDOWS\setpwr32.exe
[2010/05/03 11:20:22 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2010/05/03 11:18:31 | 000,001,151 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2008/04/25 16:31:41 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/04/25 16:27:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/04/25 16:26:35 | 000,286,208 | ---- | C] () -- C:\WINDOWS\System32\sndvol32.exe
[2008/04/25 16:26:33 | 000,267,264 | ---- | C] () -- C:\WINDOWS\System32\winmine.exe
[2008/04/25 16:26:32 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2008/04/25 16:26:28 | 000,686,080 | ---- | C] () -- C:\WINDOWS\System32\spider.exe
[2008/04/25 11:16:28 | 000,159,232 | ---- | C] () -- C:\WINDOWS\System32\winmsd.exe
[2008/04/25 11:16:26 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\tlntadmn.exe
[2008/04/25 11:16:24 | 000,170,496 | ---- | C] () -- C:\WINDOWS\System32\setup.exe
[2008/04/25 11:16:24 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/04/25 11:16:22 | 000,443,482 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2008/04/25 11:16:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2008/04/25 11:16:22 | 000,168,960 | ---- | C] () -- C:\WINDOWS\System32\rcp.exe
[2008/04/25 11:16:22 | 000,072,582 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2008/04/25 11:16:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2008/04/25 11:16:22 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2008/04/25 11:16:21 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2008/04/25 11:16:21 | 000,273,920 | ---- | C] () -- C:\WINDOWS\System32\nwscript.exe
[2008/04/25 11:16:20 | 000,151,552 | ---- | C] () -- C:\WINDOWS\System32\nddeapir.exe
[2008/04/25 11:16:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2008/04/25 11:16:18 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2008/04/25 11:16:18 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2008/04/25 11:16:13 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2008/04/25 11:16:11 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2008/04/25 11:16:09 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\cidaemon.exe
[2008/04/25 04:22:39 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/04/25 04:21:52 | 000,153,176 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/05/17 14:52:30 | 002,842,624 | ---- | C] () -- C:\WINDOWS\System32\btwicons.dll
[2007/05/17 14:23:20 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\btprn2k.dll
[2001/11/14 13:56:00 | 001,802,240 | ---- | C] () -- C:\WINDOWS\System32\lcppn21.dll

========== LOP Check ==========

[2010/05/04 18:32:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Desktop Search
[2010/05/04 18:03:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apricorn
[2011/11/13 08:45:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG2012
[2010/10/03 08:44:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2010/10/03 08:50:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2010/05/04 18:33:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2011/11/13 12:38:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2010/07/25 16:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/05/23 19:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2010/05/04 18:33:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2010/05/04 18:33:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Windows Desktop Search
[2011/10/01 09:02:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\AVG2012
[2011/10/19 20:20:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\NCH Swift Sound
[2010/05/04 18:34:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\Nikon
[2011/01/08 15:21:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\SanDisk
[2010/05/04 18:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\Windows Desktop Search
[2010/05/04 18:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Willy\Application Data\Windows Search
[2011/11/21 19:40:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\Tasks\switchShakeIcon.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/05/04 21:30:46 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/05/04 18:32:31 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT~LEK4NGI7
[2011/05/22 20:37:24 | 000,000,245 | ---- | M] () -- C:\Boot.bak
[2011/11/13 16:12:30 | 000,000,355 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2011/11/20 22:20:14 | 000,014,500 | ---- | M] () -- C:\ComboFix.txt
[2010/05/04 21:30:46 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/05/04 18:32:31 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS~V9KG1E69
[2010/05/03 11:23:16 | 000,006,794 | RH-- | M] () -- C:\dell.sdr
[2011/11/21 19:09:50 | 3219,189,760 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/04 21:33:13 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2010/05/04 18:39:18 | 000,000,000 | -H-- | M] () -- C:\IO.SYS~GG7RM9LG
[2010/07/25 13:15:35 | 000,421,346 | ---- | M] ( ) -- C:\Lame_v3.98.2_for_Audacity_on_Windows.exe
[2010/05/04 21:33:13 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2010/05/04 18:39:18 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS~SQQ08PQA
[2010/05/03 11:23:33 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/05/03 11:23:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/11/21 19:09:49 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2011/11/13 21:14:56 | 000,000,359 | ---- | M] () -- C:\rkill.log
[2010/05/11 22:48:10 | 000,000,195 | ---- | M] () -- C:\WirelessDiagLog.csv
[2011/11/20 20:52:50 | 000,013,824 | ---- | M] (Microsoft Corporation) -- C:\wscntfy.exe

< %systemroot%\Fonts\*.com >
[2006/04/18 22:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 21:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 22:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 21:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2010/05/04 21:35:49 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini
[2010/05/04 18:48:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini~QRJP21SG

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2010/05/04 21:38:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll~4FMF9UP5
[2010/05/05 16:48:59 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll~HLVBHD0H
[2010/05/04 18:51:58 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll~K68V7OHV
[2010/05/04 21:38:11 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2010/05/04 18:51:58 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll~DV1TTALO
[2011/11/15 08:00:55 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2010/05/04 18:51:58 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe~8QF6ED90

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2010/05/04 21:37:09 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2010/05/04 18:50:53 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav~BTHF3K9V
[2010/05/04 21:37:10 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2010/05/04 18:50:53 | 001,089,536 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav~GT5TN7IJ
[2010/05/04 21:37:10 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav
[2010/05/04 18:50:53 | 000,905,216 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav~DCCB8AFS

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2010/05/04 21:31:07 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini
[2010/05/04 18:33:55 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini~9V4L8F6E

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/04 17:44:47 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Willy\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/05/04 21:31:15 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Willy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2010/05/04 18:34:03 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Willy\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf~80QVGIHG

< %USERPROFILE%\Desktop\*.exe >
[2011/11/13 12:25:32 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Willy\Desktop\aswMBR.exe
[2011/11/20 22:09:10 | 004,303,229 | R--- | M] (Swearware) -- C:\Documents and Settings\Willy\Desktop\ComboFix.exe
[2011/11/13 09:03:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\g5wc9831.exe
[2011/11/21 19:49:14 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Willy\Desktop\OTL.exe
[2011/11/14 21:21:38 | 101,750,176 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\setup_11.0.0.1245.x01_2011_11_15_05_56.exe
[2011/11/19 09:06:07 | 000,139,264 | ---- | M] () -- C:\Documents and Settings\Willy\Desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2010/05/04 21:35:34 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf
[2010/05/04 18:48:20 | 000,000,791 | ---- | M] () -- C:\WINDOWS\ADDINS\fxsext.ecf~NJOJ9VGI

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/04 17:44:46 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Willy\Favorites\Desktop.ini
[2010/07/25 16:10:06 | 000,000,236 | ---- | M] () -- C:\Documents and Settings\Willy\Favorites\NCH Audio and Telephony Software.lnk
[2010/07/25 16:09:55 | 000,000,228 | ---- | M] () -- C:\Documents and Settings\Willy\Favorites\NCH Software Download.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/11/21 19:48:47 | 000,327,680 | ---- | M] () -- C:\Documents and Settings\Willy\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2011/11/13 23:09:09 | 000,464,896 | ---- | M] () -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >
[2010/05/04 21:36:42 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe
[2010/05/04 18:50:07 | 000,600,328 | ---- | M] (Intel Corporation) -- C:\WINDOWS\Installer\iProInst.exe~BKOJ5KNO

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2010/05/04 21:34:19 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2010/05/04 18:42:05 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll~5P39HRQG
[2010/05/04 21:34:19 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2010/05/04 18:42:05 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif~498D3GJ3
[2010/05/04 21:34:19 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2010/05/04 18:42:05 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif~8DVSMC8P
[2010/05/04 21:34:19 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2010/05/04 18:42:05 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll~T7I9Q1HR
[2010/05/04 21:34:19 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2010/05/04 18:42:05 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll~EU2I2IKL
[2010/05/04 18:42:05 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe~GFKE3TB8
[2010/05/04 21:34:19 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2010/05/04 18:42:05 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav~S9RHEVIL
[2010/05/04 21:34:19 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2010/05/04 18:42:05 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav~GT2EU5RG
[2010/05/04 21:34:19 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2010/05/04 18:42:05 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav~7BDUJR1C
[2010/05/04 21:34:19 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2010/05/04 18:42:05 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav~7MOPA9J7
[2010/05/04 21:34:19 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm
[2010/05/04 18:42:05 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm~TJA8AB5N

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


< >

< End of report >

Now here is the extras file

OTL Extras logfile created on: 11/21/2011 7:53:24 PM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Willy\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 2.43 Gb Available Physical Memory | 81.07% Memory free
4.83 Gb Paging File | 4.36 Gb Available in Paging File | 90.25% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 453.44 Gb Total Space | 311.55 Gb Free Space | 68.71% Space Free | Partition Type: NTFS

Computer Name: XPS | User Name: Willy | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- "%SYSTEMROOT%\hh.exe" %1
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htafile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L"
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"5985:TCP" = 5985:TCP:*isabled:Windows Remote Management
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabledxpsp2res.dll,-22019


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{06BE8AFD-A8E2-4B63-BAE7-287016D16ACB}" = mSSO
"{0E2B0B41-7E08-4F9F-B21F-41C4133F43B7}" = mLogView
"{177D1318-3E4B-4A7C-A300-AC4E21BE090B}" = Broadcom Management Programs
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{23FB368F-1399-4EAC-817C-4B83ECBE3D83}" = mProSafe
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{28BE306E-5DA6-4F9C-BDB0-DBA3C8C6FFFD}" = QuickTime
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3E9D596A-61D4-4239-BD19-2DB984D2A16F}" = mIWA
"{419CF344-3D94-4DAD-99C8-EA7B00E5EA8B}" = Apricorn*EZ*Gig*II
"{4447D5B5-95ED-4C4D-A9C3-1D8E892D5377}" = AVG 2012
"{45A66726-69BC-466B-A7A4-12FCBA4883D7}" = HiJackThis
"{46C045BF-2B3F-4BC4-8E4C-00E0CF8BD9DB}" = Adobe AIR
"{49D687E5-6784-431B-A0A2-2F23B8CC5A1B}" = mHlpDell
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{553255F3-78FD-40F1-A6F8-6882140265FE}" = Apple Application Support
"{63DB9CCD-2B56-4217-9A3D-507AC78320CA}" = mWMI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{829CD169-E692-48E8-9BDE-A3E8D8B65538}" = mSCfg
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84814E6B-2581-46EC-926A-823BD1C670F6}" = WIDCOMM Bluetooth Software
"{8B928BA1-EDEC-4227-A2DA-DD83026C36F5}" = mPfMgr
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{903679E8-44C8-4C07-9600-05C92654FC50}" = QualxServ Service Agreement
"{90B0D222-8C21-4B35-9262-53B042F18AF9}" = mPfWiz
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{94658027-9F16-4509-BBD7-A59FE57C3023}" = mZConfig
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{98BD9EA5-2DF2-445C-8C8D-057F55B3C633}" = AVG 2012
"{9BDEF074-020E-458D-ADC5-8FF68E0C9B56}" = OutlookAddinSetup
"{9C6978E8-B6D0-4AB7-A7A0-D81A74FBF745}" = MediaDirect
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5F68DC8-0278-4AD8-B413-861509B5F25B}" = ArcSoft Panorama Maker 3
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-AA1000000001}" = Adobe Reader X (10.1.1)
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5074CC4-0E26-4716-A307-960272A90040}" = QuickSet
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CEF7211D-CE3A-44C4-B321-D84A2099AE94}" = Comcast Desktop Software (v1.2.0.9)
"{D1B5E9C8-4CCF-44E3-87D6-7C00D7DA5370}" = IntelliSonic Speech Enhancement
"{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}" = Nikon Message Center
"{D87149B3-7A1D-4548-9CBF-032B791E5908}" = Desktop Doctor
"{E81667C6-2856-46D6-ABEA-6A2F42166779}" = mCore
"{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}" = Accidental Damage Services Agreement
"{F0BFC7EF-9CF8-44EE-91B0-158884CD87C5}" = mMHouse
"{F6090A17-0967-4A8A-B3C3-422A1B514D49}" = mDrWiFi
"{F7511FE7-BA89-4939-B2EF-A3F287B0F298}" = Logitech Gaming LCD Software 1.04
"{FCA651F3-5BDA-4DDA-9E4A-5D87D6914CC4}" = mWlsSafe
"{FF3999BE-1A7B-4738-88AA-97BF14094A4A}" = PictureProject
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"ASIO4ALL" = ASIO4ALL
"Audacity_is1" = Audacity 1.2.6
"CCleaner" = CCleaner
"Creative OEM002" = Laptop Integrated Webcam Driver (1.03.02.0719)
"ESET Online Scanner" = ESET Online Scanner v3
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"ie8" = Windows Internet Explorer 8
"KoRE 10-Bit Librarian" = KoRE 10-Bit Librarian
"LADSPA_plugins-win_is1" = LADSPA_plugins-win-0.4.15
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.2.1300
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Drivers" = NVIDIA Drivers
"office Convert Pdf to Jpg Jpeg Tiff Free_is1" = office Convert Pdf to Jpg Jpeg Tiff Free 6.4
"ProInst" = Intel(R) PROSet/Wireless Software
"QuickTime" = QuickTime
"Stamp" = Stamp ID3 Tag Editor
"Switch" = Switch Sound File Converter
"SynTPDeinstKey" = Dell Touchpad
"ToolBox" = NCH Toolbox
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-1087320253-344274807-3592373432-1005\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Sansa Updater" = Sansa Updater

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 11/13/2011 1:38:23 PM | Computer Name = XPS | Source = MsiInstaller | ID = 11719
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 11/13/2011 1:39:09 PM | Computer Name = XPS | Source = MsiInstaller | ID = 11719
Description = SA_Error1709: StandardAction(0xC00706AD): Product: AVG 2012 -- Error
1719. SA_Error1719: StandardAction(0xC00706B7): The Windows Installer Service could
not be accessed. This can occur if you are running Windows in safe mode, or if
the Windows Installer is not correctly installed. Contact your support personnel
for assistance.

Error - 11/13/2011 5:13:53 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application cf14139.3xe, version 5.1.2600.5512, faulting
module , version 0.0.0.0, fault address 0x00000000.

Error - 11/13/2011 10:44:40 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application cf13784.3xe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/14/2011 8:49:36 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application userinit.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 11/14/2011 8:49:48 PM | Computer Name = XPS | Source = Application Error | ID = 1001
Description = Fault bucket 775758334.

Error - 11/14/2011 11:06:47 PM | Computer Name = XPS | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module shlwapi.dll, version 6.0.2900.5912, fault address 0x00009584.

Error - 11/14/2011 11:06:54 PM | Computer Name = XPS | Source = Application Error | ID = 1001
Description = Fault bucket 1705418192.

Error - 11/21/2011 7:55:30 PM | Computer Name = XPS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: Access is denied.

Error - 11/21/2011 7:55:42 PM | Computer Name = XPS | Source = crypt32 | ID = 131083
Description = Failed extract of third-party root list from auto update cab at: <http://www.download.windowsupdate.com/msdownload/update/v3/static/trustedr/en/authrootstl.cab>
with error: Access is denied.

[ System Events ]
Error - 11/21/2011 8:10:36 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:10:36 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:10:49 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:11:10 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:11:10 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:11:10 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:12:07 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:12:08 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:12:08 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding

Error - 11/21/2011 8:55:02 PM | Computer Name = XPS | Source = DCOM | ID = 10000
Description = Unable to start a DCOM Server: {1F87137D-0E7C-44D5-8C73-4EFFB68962F2}.
The
error: "%2" Happened while starting this command: C:\WINDOWS\system32\wbem\wmiprvse.exe
-secured -Embedding


< End of report >

hello
I ran OTL with the pasted content and ran Run Fix. The computer asked me to reboot to finish the process. I did reboot. i don't see any OTL file on the desktop. I am working on the Java update now.