Solved Windows XP, can't open Windows Explorer and associated programs.

Status
Not open for further replies.
and, BTW, now i noticed that also programs like Dreamweaver CS5 and Flash CS5 don't work as well. They try to launch, but stall at certain point...
 
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Code:
FCopy::
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe | C:\WINDOWS\explorer.exe


Driver::
PSINKNC
PSINAflt
PSINFile
PSINProc


Registry::
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=-
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=-

SeCenter::
{5AD27692-540A-464E-B625-78275FA38393}


3. Save the above as CFScript.txt

4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

CFScript.gif



6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
 
After that successful combofix scan with the log created, for curiosity i restarted the computer and ran again combofix, it didn't give me the report, it restarted automatically and there was no report.
 
It finally finished!
Combofix Report:

ComboFix 10-11-07.01 - Temir 07/11/2010 1.54.38.5.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.1023.624 [GMT 1:00]
Running from: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
Command switches used :: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\CFScript.txt
AV: *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\explorer.exe.tmp

.
--------------- FCopy ---------------

c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe --> c:\windows\explorer.exe
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_PSINAFLT
-------\Legacy_PSINFILE
-------\Legacy_PSINKNC
-------\Legacy_PSINPROC
-------\Service_PSINAflt
-------\Service_PSINFile
-------\Service_PSINKNC
-------\Service_PSINProc


((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
.

2010-11-06 14:34 . 2010-11-06 14:39 2194 ----a-w- c:\windows\system32\PerfStringBackup.TMP
2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
2010-11-06 14:17 . 2010-11-06 14:17 -------- d-----w- c:\documents and settings\admin
2010-11-03 22:02 . 2004-08-03 23:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
2010-11-03 22:02 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
2010-11-03 22:02 . 2001-08-17 21:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
2010-11-03 22:02 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
2010-11-03 22:02 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
2010-11-03 22:01 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
2010-11-03 22:01 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
2010-11-03 22:01 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
2010-11-03 22:01 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
2010-11-03 22:01 . 2004-08-03 22:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
2010-11-03 22:01 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
2010-11-03 22:01 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
2010-11-03 21:58 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
2010-11-03 21:58 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
2010-11-03 21:58 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
2010-11-03 21:58 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
2010-11-03 21:58 . 2004-08-03 21:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
2010-11-03 21:58 . 2004-08-03 22:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
2010-11-03 21:58 . 2004-08-03 23:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
2010-11-03 21:58 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
2010-11-03 21:58 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
2010-11-03 21:58 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
2010-11-03 21:58 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
2010-11-03 21:56 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
2010-11-03 21:55 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
2010-11-03 21:55 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
2010-11-03 21:55 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
2010-11-03 21:55 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
2010-11-03 21:55 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
2010-11-03 21:55 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
2010-11-03 21:52 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
2010-11-03 21:51 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
2010-11-03 21:51 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
2010-11-03 21:51 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
2010-11-03 21:51 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
2010-11-03 21:51 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
2010-11-03 21:51 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
2010-11-03 21:51 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
2010-11-03 21:51 . 2004-08-03 22:07 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
2010-11-03 21:51 . 2004-08-03 22:07 16128 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
2010-11-03 21:51 . 2004-08-03 22:07 6016 -c--a-w- c:\windows\system32\dllcache\smbali.sys
2010-11-03 21:51 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
2010-11-03 21:51 . 2001-08-17 21:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
2010-11-03 21:49 . 2001-08-17 11:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
2010-11-03 21:48 . 2001-08-17 13:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
2010-11-03 21:47 . 2001-08-17 11:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
2010-11-03 21:46 . 2001-08-17 21:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
2010-11-03 21:45 . 2001-08-17 13:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
2010-11-03 21:44 . 2001-08-17 13:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
2010-11-03 21:43 . 2001-08-17 11:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
2010-11-03 21:42 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
2010-11-03 21:42 . 2004-08-03 23:56 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
2010-11-03 21:42 . 2004-08-03 21:29 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
2010-11-03 21:42 . 2004-08-03 21:41 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
2010-11-03 21:42 . 2004-08-03 21:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
2010-11-03 21:42 . 2004-08-03 22:10 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
2010-11-03 21:42 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
2010-11-03 21:42 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
2010-11-03 21:42 . 2004-08-03 22:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
2010-11-03 21:42 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
2010-11-03 21:42 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
2010-11-03 21:42 . 2004-08-03 22:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
2010-11-03 21:42 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
2010-11-03 21:40 . 2001-08-17 12:28 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
2010-11-03 21:39 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
2010-11-03 21:39 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
2010-11-03 21:39 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
2010-11-03 21:39 . 2001-08-17 12:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
2010-11-03 21:39 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
2010-11-03 21:39 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
2010-11-03 21:39 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
2010-11-03 21:39 . 2004-08-03 21:59 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
2010-11-03 21:39 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
2010-11-03 21:39 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
2010-11-03 21:38 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
2010-11-03 21:36 . 2004-08-03 21:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
2010-11-03 21:35 . 2001-08-17 21:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
2010-11-03 21:34 . 2001-08-17 13:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
2010-11-03 21:33 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
2010-11-03 21:32 . 2001-08-17 11:11 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
2010-11-03 21:31 . 2001-08-17 21:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
2010-11-03 21:30 . 2001-08-17 11:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
2010-11-03 21:29 . 2004-08-03 23:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
2010-11-03 21:28 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
2010-11-03 21:27 . 2004-08-03 21:29 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
2010-11-03 21:26 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
2010-11-03 16:12 . 2010-11-03 16:12 -------- d-----w- c:\program files\SiteAdvisor
2010-11-03 16:11 . 2010-10-13 21:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
2010-11-03 16:11 . 2010-10-13 21:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2010-11-03 16:11 . 2010-10-13 21:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2010-11-03 16:11 . 2010-10-13 21:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2010-11-03 16:11 . 2010-10-13 21:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2010-11-03 16:11 . 2010-10-13 21:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
2010-11-03 16:11 . 2010-10-13 21:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2010-11-03 16:11 . 2010-10-13 21:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2010-11-03 16:11 . 2010-10-13 21:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2010-11-03 16:11 . 2010-11-03 16:11 -------- d-----w- c:\program files\Common Files\Mcafee
2010-11-03 16:10 . 2010-11-03 20:53 -------- d-----w- c:\program files\McAfee
2010-11-03 15:56 . 2010-11-03 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
2010-11-03 14:57 . 2010-10-13 21:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Interactive
2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\log
2010-11-03 12:40 . 2010-11-03 12:40 -------- d-----w- c:\windows\system32\wbem\Repository
2010-11-03 11:10 . 2010-11-03 12:40 -------- d-s---w- c:\documents and settings\Administrator.PRIVATE-A7D0BBD
2010-11-02 15:02 . 2010-11-03 12:40 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Biolab Disaster
2010-10-16 22:39 . 2010-10-16 22:39 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
2010-10-13 21:28 . 2010-10-13 21:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2010-10-13 21:28 . 2010-10-13 21:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2010-10-09 09:22 . 2010-10-09 09:22 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Nokia
2010-10-09 08:44 . 2010-10-09 08:44 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-11-06 14:45 . 2004-08-10 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
2010-09-15 02:50 . 2010-05-07 10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
2010-09-15 00:29 . 2010-05-07 10:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
2010-10-13 21:28 . 2010-11-03 16:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
.

------- Sigcheck -------

[-] 2010-11-06 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
[-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
"HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
"AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
"AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
"Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
"Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
"iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvio rapido di HP Image Zone.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvio rapido di HP Image Zone.lnk
backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
2010-09-30 12:10 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
2009-11-11 08:57 1451520 ----a-w- d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"MSK80Service"=2 (0x2)
"mfevtp"=2 (0x2)
"mfefire"=2 (0x2)
"McShield"=2 (0x2)
"McProxy"=2 (0x2)
"McODS"=3 (0x3)
"McNASvc"=2 (0x2)
"McNaiAnn"=2 (0x2)
"mcmscsvc"=2 (0x2)
"McMPFSvc"=2 (0x2)
"McAfee SiteAdvisor Service"=2 (0x2)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"d:\\Program Files\\iTunes\\iTunes.exe"=
"d:\\Program Files\\Opera\\opera.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"d:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"1031:TCP"= 1031:TCP:Akamai NetSession Interface
"5000:UDP"= 5000:UDP:Akamai NetSession Interface
"3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [03/11/2010 17.11.15 84072]
R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [20/09/2010 23.41.09 143184]
R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20/09/2010 23.40.43 41936]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [03/11/2010 15.57.01 141792]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [03/11/2010 17.11.15 313288]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [03/11/2010 17.11.15 88544]
R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [05/08/2010 13.08.04 100496]
R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [05/08/2010 13.08.04 111312]
S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 13.00.00 14336]
S2 NanoServiceMain;NanoServiceMain;"c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" --> c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [?]
S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [03/11/2010 17.11.15 55840]
S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [03/11/2010 17.11.15 88544]
S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [03/11/2010 17.11.15 84264]
S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/10/2010 17.15.42 137344]
S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/10/2010 17.15.42 8320]
S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12.37.14 517096]
S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
S4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [03/11/2010 17.11.28 188136]

--- Other Services/Drivers In Memory ---

*Deregistered* - mfeavfk01
.
Contents of the 'Scheduled Tasks' folder

2010-10-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-PRIVATE-A7D0BBD-Temir.job
- c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-20 01:44]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.it/
uInternet Settings,ProxyOverride = *.local
IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
TCP: {4B98396A-1F15-4792-B650-A5C74B20C398} = 62.211.69.170,212.48.4.30
FF - ProfilePath - c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\
FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
FF - plugin: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\plugins\npoctoshape.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-11-07 02:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

[HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
"ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
@Denied: (A 2) (Everyone)
@="IFlashBroker4"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2668)
c:\windows\system32\msi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
d:\program files\Java\jre6\bin\jqs.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wdfmgr.exe
c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
c:\windows\system32\dllhost.exe
c:\windows\eHome\ehmsas.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\dwwin.exe
.
**************************************************************************
.
Completion time: 2010-11-07 02:17:16 - machine was rebooted
ComboFix-quarantined-files.txt 2010-11-07 01:16

Pre-Run: 3.702.816.768 bytes free
Post-Run: 3.637.977.088 bytes free

- - End Of File - - 78DB2BE1A58D846A1F645CE85F497846
 
When you wake up, update me on current issues.

Then....

Download OTL to your Desktop.

  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Under the Custom Scan box paste this in:


netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop


  • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
 
Good Morning! :)

Well, my current issues are almost the same. The computer's performance increased and when i shut down Windows XP there are no more non responding programs blocking the process, that's great, but Windows Explorer won't open, as well as also McAfee.
 
OTL.txt :

OTL logfile created on: 07/11/2010 10.24.29 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

1.023,00 Mb Total Physical Memory | 690,00 Mb Available Physical Memory | 67,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,65 Gb Total Space | 3,41 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive D: | 63,70 Gb Total Space | 0,59 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
Drive E: | 159,77 Gb Total Space | 159,70 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 144,53 Gb Total Space | 14,03 Gb Free Space | 9,70% Space Free | Partition Type: NTFS
Drive J: | 7,00 Gb Total Space | 1,65 Gb Free Space | 23,53% Space Free | Partition Type: FAT32
Drive K: | 700,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive O: | 111,79 Gb Total Space | 51,03 Gb Free Space | 45,65% Space Free | Partition Type: NTFS
Drive P: | 149,05 Gb Total Space | 8,98 Gb Free Space | 6,02% Space Free | Partition Type: NTFS

Computer Name: PRIVATE-A7D0BBD | User Name: Temir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
PRC - [2010/10/13 22.28.54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
PRC - [2010/10/13 22.28.54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2010/09/30 13.10.36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2008/06/11 21.43.26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
PRC - [2007/08/09 08.27.52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
PRC - [2004/08/10 13.00.00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/08/10 13.00.00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe


========== Modules (SafeList) ==========

MOD - [2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
MOD - [2004/08/10 13.00.00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
SRV - [2010/10/13 22.28.54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2010/10/13 22.28.54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2010/10/13 22.28.54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/07 21.34.28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/06/14 14.07.14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
SRV - [2010/04/30 20.31.37 | 002,504,280 | ---- | M] () [Auto | Stopped] -- C:/Program Files/Common Files/Akamai/rswin_3653.dll -- (Akamai)
SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/02/19 12.37.14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/10/31 18.26.41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2007/08/09 08.27.52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
DRV - [2010/10/13 22.28.54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2010/10/13 22.28.54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2010/10/13 22.28.54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2010/10/13 22.28.54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2010/10/13 22.28.54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2010/10/13 22.28.54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2010/10/13 22.28.54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2010/10/13 22.28.54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2010/10/13 22.28.54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2010/10/13 22.28.54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/08/05 13.08.04 | 000,111,312 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
DRV - [2010/08/05 13.08.04 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
DRV - [2010/08/05 13.08.04 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
DRV - [2010/08/05 13.08.02 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
DRV - [2010/06/08 00.57.00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2010/02/26 13.32.58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
DRV - [2010/02/26 13.32.46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
DRV - [2010/02/26 13.32.44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
DRV - [2010/02/26 13.32.44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
DRV - [2010/02/26 13.21.22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
DRV - [2010/02/26 13.21.22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
DRV - [2009/12/18 10.58.52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2008/08/26 09.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
DRV - [2006/08/14 14.09.48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/01/17 15.21.40 | 001,096,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2005/11/08 19.15.38 | 000,439,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2005/11/08 19.15.38 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/11/08 19.14.54 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/11/08 19.14.46 | 000,143,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/11/08 19.14.44 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/11/08 19.14.40 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/07/13 16.18.48 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2004/08/10 04.47.50 | 000,046,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)
DRV - [2004/05/05 21.48.40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
DRV - [2001/08/17 14.51.32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/06 17.02.49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 17.11.21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 09.49.27 | 000,000,000 | ---D | M]

[2010/05/07 22.42.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Extensions
[2010/11/03 12.03.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions
[2010/10/23 07.30.19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
[2010/10/05 21.12.23 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
[2010/05/30 13.24.09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2010/08/30 08.52.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\SkipScreen@SkipScreen
[2010/04/19 22.26.55 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\searchplugins\google-language-it.xml
[2010/04/19 22.25.50 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\searchplugins\youtube.xml
[2010/11/03 11.55.47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/05/13 17.25.50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
[2010/10/16 10.10.42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/10/13 22.28.54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 03.50.38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/04/01 18.17.18 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml
[2010/04/01 18.17.18 | 000,000,825 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\hoepli.xml
[2010/04/01 18.17.18 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml
[2010/04/01 18.17.18 | 000,000,953 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml

O1 HOSTS File: ([2010/11/07 02.06.37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101103171121.dll (McAfee, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: E&sporta in Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/10/29 15.13.16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/01/17 20.49.19 | 000,048,596 | ---- | M] () - C:\autori-27-37_corretto_MR_01-1.docx -- [ NTFS ]
O32 - AutoRun File - [2001/07/28 07.07.38 | 000,000,000 | -HS- | M] () - J:\AUTOEXEC.BAT -- [ FAT32 ]
O32 - AutoRun File - [2005/03/14 01.27.05 | 000,015,719 | R--- | M] () - K:\AUTORUN.APM -- [ CDFS ]
O32 - AutoRun File - [2002/08/12 10.00.00 | 001,150,976 | R--- | M] (Microsoft Corporation) - K:\AUTORUN.EXE -- [ CDFS ]
O32 - AutoRun File - [2005/03/14 01.27.05 | 000,000,029 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.ffds - D:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (17183584330711040)

========== Files/Folders - Created Within 30 Days ==========

[2010/11/07 10.19.45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
[2010/11/07 01.49.55 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/11/06 20.29.36 | 000,000,000 | ---D | C] -- C:\Qoobox.bak
[2010/11/06 18.10.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/11/06 18.03.37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/11/06 18.03.37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/11/06 18.03.37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/11/06 18.03.37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/11/03 23.02.15 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
[2010/11/03 23.02.12 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
[2010/11/03 23.01.50 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
[2010/11/03 23.01.46 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
[2010/11/03 23.01.26 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
[2010/11/03 23.01.22 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
[2010/11/03 22.59.52 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
[2010/11/03 22.59.33 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
[2010/11/03 22.59.14 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
[2010/11/03 22.59.11 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
[2010/11/03 22.59.07 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
[2010/11/03 22.59.02 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
[2010/11/03 22.58.58 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
[2010/11/03 22.58.31 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
[2010/11/03 22.58.27 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
[2010/11/03 22.58.09 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
[2010/11/03 22.57.55 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
[2010/11/03 22.57.51 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
[2010/11/03 22.57.48 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
[2010/11/03 22.57.42 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
[2010/11/03 22.56.59 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
[2010/11/03 22.56.45 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
[2010/11/03 22.56.41 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
[2010/11/03 22.56.27 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
[2010/11/03 22.56.24 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
[2010/11/03 22.56.21 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
[2010/11/03 22.56.17 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
[2010/11/03 22.56.14 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
[2010/11/03 22.56.10 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
[2010/11/03 22.55.36 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
[2010/11/03 22.53.59 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
[2010/11/03 22.53.55 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
[2010/11/03 22.53.54 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
[2010/11/03 22.53.51 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
[2010/11/03 22.53.47 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
[2010/11/03 22.53.35 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
[2010/11/03 22.53.32 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
[2010/11/03 22.52.52 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
[2010/11/03 22.52.49 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
[2010/11/03 22.52.46 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
[2010/11/03 22.52.42 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
[2010/11/03 22.52.37 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
[2010/11/03 22.52.19 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
[2010/11/03 22.51.28 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
[2010/11/03 22.51.24 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
[2010/11/03 22.51.21 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
[2010/11/03 22.51.17 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
[2010/11/03 22.51.14 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
[2010/11/03 22.50.45 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
[2010/11/03 22.50.42 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
[2010/11/03 22.50.38 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
[2010/11/03 22.50.31 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
[2010/11/03 22.50.05 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
[2010/11/03 22.50.02 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
[2010/11/03 22.49.59 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
[2010/11/03 22.49.56 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
[2010/11/03 22.49.32 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
[2010/11/03 22.49.25 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
[2010/11/03 22.49.22 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
[2010/11/03 22.49.07 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
[2010/11/03 22.49.04 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
[2010/11/03 22.49.01 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
[2010/11/03 22.48.58 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
[2010/11/03 22.48.54 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
[2010/11/03 22.48.51 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
[2010/11/03 22.48.48 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
[2010/11/03 22.48.45 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
[2010/11/03 22.48.42 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
[2010/11/03 22.48.34 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
[2010/11/03 22.48.31 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
[2010/11/03 22.48.27 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
[2010/11/03 22.48.24 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
[2010/11/03 22.48.14 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
[2010/11/03 22.48.03 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
[2010/11/03 22.47.59 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
[2010/11/03 22.47.55 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
[2010/11/03 22.47.44 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
[2010/11/03 22.47.41 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
[2010/11/03 22.47.11 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
[2010/11/03 22.47.08 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
[2010/11/03 22.47.05 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
[2010/11/03 22.46.54 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
[2010/11/03 22.45.51 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
[2010/11/03 22.45.39 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
[2010/11/03 22.45.37 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
[2010/11/03 22.45.34 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
[2010/11/03 22.44.47 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
[2010/11/03 22.44.44 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
[2010/11/03 22.44.41 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
[2010/11/03 22.44.37 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
[2010/11/03 22.44.17 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
[2010/11/03 22.44.05 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
[2010/11/03 22.44.02 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
[2010/11/03 22.43.55 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
[2010/11/03 22.43.47 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
[2010/11/03 22.43.44 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
[2010/11/03 22.43.37 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
[2010/11/03 22.43.34 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
[2010/11/03 22.43.31 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
[2010/11/03 22.43.29 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
[2010/11/03 22.43.26 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
[2010/11/03 22.43.23 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
[2010/11/03 22.43.14 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
[2010/11/03 22.43.11 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
[2010/11/03 22.43.09 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
[2010/11/03 22.43.06 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
[2010/11/03 22.43.03 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
[2010/11/03 22.42.02 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
[2010/11/03 22.41.24 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
[2010/11/03 22.41.02 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
[2010/11/03 22.40.59 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
[2010/11/03 22.40.57 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
[2010/11/03 22.40.54 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
[2010/11/03 22.40.53 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
[2010/11/03 22.40.51 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
[2010/11/03 22.40.42 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
[2010/11/03 22.40.40 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
[2010/11/03 22.40.37 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
[2010/11/03 22.40.34 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
[2010/11/03 22.40.29 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
[2010/11/03 22.40.27 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
[2010/11/03 22.39.28 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
[2010/11/03 22.38.06 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
[2010/11/03 22.35.55 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
[2010/11/03 22.35.44 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
[2010/11/03 22.35.11 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
[2010/11/03 22.35.09 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
[2010/11/03 22.35.06 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
[2010/11/03 22.34.51 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
[2010/11/03 22.34.44 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
[2010/11/03 22.34.41 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
[2010/11/03 22.34.37 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
[2010/11/03 22.34.34 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
[2010/11/03 22.34.31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
[2010/11/03 22.34.29 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
[2010/11/03 22.34.14 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
[2010/11/03 22.34.09 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
[2010/11/03 22.34.07 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
[2010/11/03 22.32.28 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
[2010/11/03 22.32.24 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
[2010/11/03 22.32.14 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
[2010/11/03 22.32.12 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
[2010/11/03 22.32.11 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
[2010/11/03 22.32.06 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
[2010/11/03 22.32.05 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
[2010/11/03 22.32.03 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
[2010/11/03 22.32.02 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
[2010/11/03 22.32.00 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
[2010/11/03 22.31.38 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
[2010/11/03 22.31.36 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
[2010/11/03 22.31.32 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
[2010/11/03 22.31.02 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
[2010/11/03 22.31.01 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
[2010/11/03 22.31.00 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
[2010/11/03 22.30.59 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
[2010/11/03 22.30.57 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
[2010/11/03 22.30.56 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
[2010/11/03 22.30.55 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
[2010/11/03 22.30.53 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
[2010/11/03 22.30.44 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
[2010/11/03 22.30.27 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
[2010/11/03 22.30.16 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
[2010/11/03 22.29.36 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
[2010/11/03 22.29.35 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
[2010/11/03 22.29.34 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
[2010/11/03 22.29.34 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
[2010/11/03 22.29.33 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
[2010/11/03 22.29.30 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
[2010/11/03 22.29.29 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
[2010/11/03 22.29.28 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
[2010/11/03 22.29.28 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
[2010/11/03 22.29.26 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
[2010/11/03 22.29.25 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
[2010/11/03 22.28.50 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
[2010/11/03 22.28.49 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
[2010/11/03 22.28.49 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
[2010/11/03 22.28.48 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
[2010/11/03 22.28.47 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
[2010/11/03 22.28.47 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
[2010/11/03 22.28.46 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
[2010/11/03 22.28.45 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
[2010/11/03 22.28.44 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
[2010/11/03 22.28.43 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
[2010/11/03 22.28.42 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
[2010/11/03 22.28.41 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
[2010/11/03 22.28.40 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
[2010/11/03 22.28.40 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
[2010/11/03 22.28.39 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
[2010/11/03 22.28.39 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
[2010/11/03 22.28.38 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
[2010/11/03 22.28.38 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
[2010/11/03 22.28.35 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
[2010/11/03 22.28.31 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
[2010/11/03 22.28.31 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
[2010/11/03 22.28.30 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
[2010/11/03 22.28.29 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
[2010/11/03 22.28.29 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
[2010/11/03 22.28.28 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
[2010/11/03 22.28.27 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
[2010/11/03 22.27.50 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
[2010/11/03 22.27.43 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
[2010/11/03 22.27.27 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
[2010/11/03 22.27.26 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
[2010/11/03 22.27.25 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
[2010/11/03 22.27.24 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
[2010/11/03 22.27.24 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
[2010/11/03 22.27.22 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
[2010/11/03 22.27.17 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
[2010/11/03 22.27.15 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
[2010/11/03 22.27.13 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
[2010/11/03 22.27.13 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
[2010/11/03 17.12.22 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
 
[2010/11/03 17.11.20 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[2010/11/03 17.11.15 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/11/03 17.11.15 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/11/03 17.11.15 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/11/03 17.11.15 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/11/03 17.11.15 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/11/03 17.11.15 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/11/03 17.11.15 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/11/03 17.11.09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
[2010/11/03 17.11.07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
[2010/11/03 17.10.58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
[2010/11/03 16.56.35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2010/11/03 15.57.01 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/11/03 13.58.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Interactive
[2010/11/03 13.58.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\log
[2010/11/02 16.02.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Biolab Disaster
[2010/10/16 23.39.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
[2010/10/13 22.28.54 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/10/13 22.28.54 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/09 10.22.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Nokia
[2010/10/09 09.44.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2005/11/08 20.38.38 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
[2010/11/07 10.14.44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/11/07 10.14.39 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2010/11/07 02.21.07 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000005-00241102}.rfx
[2010/11/07 02.21.07 | 000,054,680 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-00241102}.rfx
[2010/11/07 02.21.07 | 000,054,680 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000005-00241102}.rfx
[2010/11/07 02.21.07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2010/11/07 02.21.07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2010/11/07 02.06.37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/11/07 01.22.37 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SystemLook.exe
[2010/11/06 20.32.37 | 003,903,886 | R--- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
[2010/11/06 17.49.25 | 000,000,305 | -HS- | M] () -- C:\boot.ini
[2010/11/06 17.04.29 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\MBRCheck.exe
[2010/11/06 16.57.51 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/06 15.56.13 | 003,601,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/11/06 15.39.36 | 000,519,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/11/06 15.39.36 | 000,097,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/11/06 15.38.00 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/11/05 21.15.49 | 000,088,576 | ---- | M] () -- C:\WINDOWS\MBR.exe
[2010/11/04 10.19.12 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
[2010/11/03 21.46.47 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\dds.scr
[2010/11/01 19.04.53 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/10/31 13.04.37 | 000,155,683 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\elettro.JPG
[2010/10/27 01.00.00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PRIVATE-A7D0BBD-Temir.job
[2010/10/21 12.52.58 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
[2010/10/21 12.52.58 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2010/10/19 17.50.56 | 000,002,209 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeImageConverter.lnk
[2010/10/18 15.46.19 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Local My Documents.lnk
[2010/10/18 09.52.07 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Shortcut to Channeling 2010 FOTOS.lnk
[2010/10/13 22.28.54 | 000,386,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
[2010/10/13 22.28.54 | 000,313,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
[2010/10/13 22.28.54 | 000,152,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
[2010/10/13 22.28.54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
[2010/10/13 22.28.54 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
[2010/10/13 22.28.54 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
[2010/10/13 22.28.54 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
[2010/10/13 22.28.54 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
[2010/10/13 22.28.54 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
[2010/10/13 22.28.54 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
[2010/10/13 22.28.54 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/11/07 01.25.23 | 000,001,524 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\SystemLook.txt
[2010/11/07 01.22.37 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SystemLook.exe
[2010/11/06 20.25.46 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
[2010/11/06 18.03.37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/11/06 18.03.37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/11/06 18.03.37 | 000,088,576 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/11/06 18.03.37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/11/06 18.03.37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/11/06 17.30.19 | 003,903,886 | R--- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
[2010/11/06 17.04.28 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\MBRCheck.exe
[2010/11/03 23.02.08 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
[2010/11/03 23.02.04 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
[2010/11/03 22.35.52 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
[2010/11/03 22.35.47 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
[2010/11/03 22.35.42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
[2010/11/03 22.35.37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
[2010/11/03 22.35.32 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
[2010/11/03 22.32.10 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
[2010/11/03 22.32.08 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
[2010/11/03 22.32.07 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
[2010/11/03 22.28.21 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
[2010/11/03 22.28.20 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
[2010/11/03 22.28.20 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
[2010/11/03 22.28.19 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
[2010/11/03 22.28.18 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
[2010/11/03 22.28.17 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
[2010/11/03 22.28.17 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
[2010/11/03 22.28.16 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
[2010/11/03 22.28.14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
[2010/11/03 22.28.03 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
[2010/11/03 21.45.35 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\dds.scr
[2010/11/03 17.12.24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
[2010/11/03 13.57.52 | 000,004,024 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\TmInstall.log
[2010/10/31 13.04.37 | 000,155,683 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\elettro.JPG
[2010/10/18 15.46.19 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Local My Documents.lnk
[2010/10/18 09.52.07 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Shortcut to Channeling 2010 FOTOS.lnk
[2010/10/16 23.39.06 | 000,002,209 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeImageConverter.lnk
[2010/05/07 23.01.40 | 000,099,840 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/07 20.18.15 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\fusioncache.dat
[2010/04/26 19.13.28 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/02/23 23.25.10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/02/14 01.37.10 | 000,001,732 | ---- | C] () -- C:\WINDOWS\CAPEXP.INI
[2010/01/03 14.04.24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2009/12/02 02.16.27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\sign.ini
[2009/11/02 00.57.53 | 000,033,576 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
[2009/10/30 16.16.29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\spwdr.INI
[2009/10/30 16.16.08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2009/10/30 16.16.04 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2009/10/30 16.16.04 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2009/10/30 02.04.52 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
[2009/10/30 01.44.03 | 000,049,630 | ---- | C] () -- C:\WINDOWS\System32\hpxfi.ini
[2009/10/30 01.44.03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/10/30 01.44.03 | 000,000,189 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/10/29 21.44.16 | 000,003,509 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2009/10/29 21.44.14 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2009/10/29 21.38.53 | 000,019,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2009/10/29 15.55.40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2007/05/01 18.01.46 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
[2007/05/01 18.01.46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
[2007/03/12 21.31.28 | 001,732,608 | ---- | C] () -- C:\WINDOWS\System32\BCGPStyle2007Luna.dll
[2005/11/08 20.43.30 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2005/10/14 11.56.50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2005/10/14 11.56.50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 11.56.50 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2005/10/14 11.56.50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 11.56.50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 11.56.50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 11.56.50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 11.56.50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2005/10/14 11.56.48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
[2004/08/10 13.00.00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2003/03/21 17.56.10 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2003/02/27 10.07.20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
[1996/04/03 20.33.26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

========== LOP Check ==========

[2010/07/08 10.41.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2010/07/08 10.41.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2009/10/30 00.05.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
[2009/10/31 16.13.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2009/11/01 13.55.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
[2010/10/03 17.17.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/11/01 16.39.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
[2010/05/16 11.20.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
[2009/10/29 19.32.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
[2009/11/29 02.35.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2009/10/31 15.54.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PRMT
[2010/09/20 20.20.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2009/11/07 01.27.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/11/07 19.41.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/22 13.42.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2010/05/01 23.44.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\ActiveState
[2010/02/21 13.09.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Alien Skin
[2010/09/06 20.44.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Azureus
[2010/06/19 14.16.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/10/16 23.39.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
[2010/07/04 17.31.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\GHISLER
[2009/12/09 15.54.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\MSNInstaller
[2010/10/09 11.28.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Nokia
[2010/05/29 19.59.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Octoshape
[2010/05/07 20.43.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\OpenOffice.org
[2010/11/02 16.02.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Opera
[2010/05/16 10.37.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PC Suite
[2010/05/07 23.44.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PeaZip
[2009/10/31 17.12.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PRMT
[2009/10/31 16.04.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PROject MT
[2010/10/09 09.44.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/09/21 01.27.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\SystemRequirementsLab
[2010/11/03 23.06.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\uTorrent
[2010/05/07 22.50.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\VanDyke

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2010/09/25 18.44.22 | 000,235,549 | ---- | M] () -- C:\ANG0
[2009/10/29 15.13.16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/01/17 20.49.19 | 000,048,596 | ---- | M] () -- C:\autori-27-37_corretto_MR_01-1.docx
[2010/05/01 09.54.11 | 000,000,209 | ---- | M] () -- C:\Boot.bak
[2010/11/06 17.49.25 | 000,000,305 | -HS- | M] () -- C:\boot.ini
[2005/05/14 12.24.52 | 000,000,512 | R--- | M] () -- C:\chain0
[2009/10/30 16.26.08 | 000,000,113 | ---- | M] () -- C:\CKINFO.TXT
[2004/08/03 22.00.12 | 000,261,312 | ---- | M] () -- C:\cmldr
[2010/11/07 02.17.17 | 000,026,800 | ---- | M] () -- C:\ComboFix.txt
[2010/11/06 21.37.50 | 000,025,998 | ---- | M] () -- C:\ComboFix.txt.bak
[2009/10/29 15.13.16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/02/28 16.48.18 | 000,000,000 | ---- | M] () -- C:\ctapi_out_gr.txt
[2010/11/07 10.14.39 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
[2009/10/29 15.13.16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/10/29 15.13.16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 13.00.00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 13.00.00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/02/14 16.25.27 | 000,014,228 | ---- | M] () -- C:\Ottica Nonlineare e Nanofotonica.docx
[2010/11/07 10.14.38 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
[2010/05/02 13.13.01 | 000,000,369 | ---- | M] () -- C:\rkill.log

< %systemroot%\Fonts\*.com >
[2006/04/18 14.39.28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13.53.56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14.39.28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13.58.52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/10/29 15.12.46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 11.50.03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >
[2010/06/09 16.15.12 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\The NeoSmart Files.url

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/10/29 15.52.29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/10/29 15.52.29 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/10/29 15.52.29 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/10/29 15.13.20 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/05/07 20.18.06 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/05/07 20.18.05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/11/06 20.32.37 | 003,903,886 | R--- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
[2009/09/17 08.43.10 | 004,523,520 | ---- | M] (i-Funbox.com) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\iFunBox.exe
[2010/11/06 17.04.29 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\MBRCheck.exe
[2010/05/01 10.43.37 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\oivo8sxc.exe
[2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
[2010/05/08 17.26.59 | 003,374,306 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SupportTool_32-bit.exe
[2010/11/07 01.22.37 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/10 13.00.00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/05/07 20.18.05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/11/07 10.18.28 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/10 13.00.00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2004/08/10 13.00.00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 01.06.34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 01.06.34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 15.22.02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2004/08/04 01.06.34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2004/08/10 13.00.00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/10 13.00.00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/10 13.00.00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2004/08/04 01.06.36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 01.06.36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\religions.pdf:SummaryInformation
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

< End of report >
 
Extras.txt :

OTL Extras logfile created on: 07/11/2010 10.24.33 - Run 1
OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

1.023,00 Mb Total Physical Memory | 690,00 Mb Available Physical Memory | 67,00% Memory free
2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 24,65 Gb Total Space | 3,41 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
Drive D: | 63,70 Gb Total Space | 0,59 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
Drive E: | 159,77 Gb Total Space | 159,70 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
Drive F: | 144,53 Gb Total Space | 14,03 Gb Free Space | 9,70% Space Free | Partition Type: NTFS
Drive J: | 7,00 Gb Total Space | 1,65 Gb Free Space | 23,53% Space Free | Partition Type: FAT32
Drive K: | 700,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
Drive O: | 111,79 Gb Total Space | 51,03 Gb Free Space | 45,65% Space Free | Partition Type: NTFS
Drive P: | 149,05 Gb Total Space | 8,98 Gb Free Space | 6,02% Space Free | Partition Type: NTFS

Computer Name: PRIVATE-A7D0BBD | User Name: Temir | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
"1031:TCP" = 1031:TCP:*:Enabled:Akamai NetSession Interface
"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
"3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
"C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
"D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
"D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007C0BB9-C5E2-4C73-B96B-2BBD5CEA9BF9}" = 2350
"{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
"{0390854C-42B9-4BC2-B0CF-87DDA0F62EC8}" = 2350_Help
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
"{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
"{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
"{12B36E53-3366-459F-967D-DBD773092BE7}" = OpenOffice.org 3.2
"{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
"{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
"{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
"{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
"{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
"{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
"{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
"{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
"{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
"{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
"{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
"{27BB12C3-1292-4204-8997-427CF78B5A92}" = Free Image Converter
"{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
"{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
"{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
"{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
"{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
"{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
"{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
"{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
"{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
"{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
"{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
"{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
"{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
"{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
"{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
"{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
"{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{764DC542-D3D1-49D4-9BA5-8C7DAD18DE8E}" = Oracle VM VirtualBox 3.2.8
"{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
"{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
"{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
"{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
"{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
"{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
"{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
"{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
"{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
"{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
"{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
"{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
"{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
"{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
"{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
"{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
"{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
"{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
"{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
"{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
"{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
"{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
"{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
"{C0E7118C-CF3D-46EC-B431-F744C035A571}" = 2350Trb
"{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
"{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
"{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
"{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
"{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
"{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
"{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
"{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
"{DB0A4FCC-87C7-4A59-95BE-B5C2F0D8CDD4}" = System Requirements Lab for Intel
"{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
"{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
"{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
"{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
"05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
"504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
"8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AVS Update Manager_is1" = AVS Update Manager 1.0
"AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
"AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
"chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
"DjVuLibre+DjView" = DjVuLibre+DjView
"EasyBCD" = EasyBCD 2.0
"HP Photo & Imaging" = HP Image Zone 4.7
"HPExtendedCapabilities" = HP Extended Capabilities 4.7
"InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSC" = McAfee Total Protection
"Nero8360_Micro_is1" = Nero 8 Micro v8.3.6.0
"Nokia PC Suite" = Nokia PC Suite
"NVIDIA Drivers" = NVIDIA Drivers
"PUBLISHER" = Microsoft Office Publisher 2007
"STANDARD" = Microsoft Office Standard 2007
"SystemRequirementsLab" = System Requirements Lab
"Totalcmd" = Total Commander (Remove or Repair)
"uTorrent" = µTorrent
"VisualSubSync" = VisualSubSync (remove only)
"VLC media player" = VLC media player 1.0.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"WinLiveSuite_Wave3" = Windows Live Essentials
"Космическая мясорубка" = Космическая мясорубка
"Снежок. Охотник за сокровищами 3" = Снежок. Охотник за сокровищами 3

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Nokia Qt SDK" = Nokia Qt SDK
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
"Octoshape Streaming Services" = Octoshape Streaming Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 06/11/2010 20.05.33 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
Settings\History\History.IE5\index.dat for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on, or
the storage drivers installed on this computer; or the disk is missing. Windows
closed the program index.dat because of this error. Program: index.dat File: C:\Documents
and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 06/11/2010 20.05.47 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

Error - 06/11/2010 20.58.34 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
Settings\History\History.IE5\index.dat for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on, or
the storage drivers installed on this computer; or the disk is missing. Windows
closed the program index.dat because of this error. Program: index.dat File: C:\Documents
and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 06/11/2010 20.58.44 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

Error - 06/11/2010 21.09.49 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
Settings\History\History.IE5\index.dat for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on, or
the storage drivers installed on this computer; or the disk is missing. Windows
closed the program index.dat because of this error. Program: index.dat File: C:\Documents
and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 06/11/2010 21.10.07 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

Error - 06/11/2010 21.16.22 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
Settings\History\History.IE5\index.dat for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on, or
the storage drivers installed on this computer; or the disk is missing. Windows
closed the program index.dat because of this error. Program: index.dat File: C:\Documents
and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 06/11/2010 21.16.27 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wininet.dll, version 6.0.2900.3676, fault address 0x00004179.

Error - 07/11/2010 5.15.20 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
Settings\History\History.IE5\index.dat for one of the following reasons: there
is a problem with the network connection, the disk that the file is stored on, or
the storage drivers installed on this computer; or the disk is missing. Windows
closed the program index.dat because of this error. Program: index.dat File: C:\Documents
and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

The
error value is listed in the Additional Data section. User Action 1. Open the file
again. This situation might be a temporary problem that corrects itself when the
program runs again. 2. If the file still cannot be accessed and - It is on the network,
your network administrator should verify that there is not a problem with the network
and that the server can be contacted. - It is on a removable disk, for example,
a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
3.
Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
and then press ENTER. 4. If the problem persists, restore the file from a backup
copy. 5. Determine whether other files on the same disk can be opened. If not, the
disk might be damaged. If it is a hard disk, contact your administrator or computer
hardware vendor for further assistance. Additional Data Error value: C000009C Disk
type: 3

Error - 07/11/2010 5.15.32 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

[ OSession Events ]
Error - 09/05/2010 12.52.31 | Computer Name = PRIVATE-A7D0BBD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 9999.9999.9999.9999. This session lasted
172 seconds with 60 seconds of active time. This session ended with a crash.

Error - 10/06/2010 9.01.27 | Computer Name = PRIVATE-A7D0BBD | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 87
seconds with 0 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 06/11/2010 21.16.19 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 06/11/2010 21.16.22 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 07/11/2010 5.15.20 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 07/11/2010 5.15.39 | Computer Name = PRIVATE-A7D0BBD | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Akamai NetSession Interface
service to connect.

Error - 07/11/2010 5.15.39 | Computer Name = PRIVATE-A7D0BBD | Source = Service Control Manager | ID = 7000
Description = The NanoServiceMain service failed to start due to the following error:
%%2

Error - 07/11/2010 5.17.17 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 07/11/2010 5.17.19 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 07/11/2010 5.17.22 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 07/11/2010 5.17.25 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
Description = The device, \Device\Harddisk1\D, has a bad block.

Error - 07/11/2010 5.18.29 | Computer Name = PRIVATE-A7D0BBD | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service mcmscsvc with
arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}


< End of report >
 
Regarding McAfee, you may need to reinstall it.
If you do, make sure, you uninstall it first, using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

Now, Windows Explorer...
Navigate to these Explorer locations:
C:\WINDOWS\explorer.exe
C:\WINDOWS\ERDNT\cache\explorer.exe
C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
C:\WINDOWS\system32\dllcache\explorer.exe

In each case, double click on explorer.exe and see, if Windows Explorer will open.
Note, which location will work.

I'll review your OTL logs, when we fix Explorer issue.

I assume, we're talking about Windows Explorer, not Internet Explorer?
 
That's right! We're talking about Windows Explorer, not IE.

So i can also proceed reinstalling McAfee? I can't install McAfee from Normal Mode, it stalls when i open the Setup. I can install it from Safe Mode.
 
Uninstall McAfee first, using the tool, I listed in my previous reply (very important!).
 
We'll get back to the issue.
Go ahead with reinstalling McAfee and I'll review your OTL logs at the same time.
 
Using SystemLook, you already have...
[*]Double-click SystemLook.exe to run it.
[*]Vista users:: Right click on SystemLook.exe, click Run As Administrator
[*]Copy the content of the following box into the main textfield:
Code:
:filefind
wininet.dll

[*]Click the Look button to start the scan.
[*]When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
[/list]Note: The log can also be found on your Desktop entitled SystemLook.txt

=========================================================================

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    Code:
    :OTL
    SRV - File not found [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
    [2009/10/29 19.32.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\religions.pdf:SummaryInformation
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
    
    
    :Services
    
    :Reg
    
    :Files
    
    :Commands
    [purity]
    [emptytemp]
    [emptyflash]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • You will get a log that shows the results of the fix. Please post it.
 
Well, i uninstalled with that removal tool McAfee and now i'm trying to reinstall McAfee, but the setup isn't working. It tries to open, but hangs.
 
Leave McAfee alone for now.
Judging from OTL Event Viewer entries, you may have some system files issues.

Run steps from my previous reply.
 
Status
Not open for further replies.
Back