TechSpot

Windows XP, can't open Windows Explorer and associated programs.

Solved
By temir
Nov 3, 2010
  1. temir

    temir TS Rookie Topic Starter Posts: 87

    and, BTW, now i noticed that also programs like Dreamweaver CS5 and Flash CS5 don't work as well. They try to launch, but stall at certain point...
     
  2. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Good. Give me a sec to take another look at Combofix log.
     
  3. temir

    temir TS Rookie Topic Starter Posts: 87

    take all the time you need. :)
     
  4. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    1. Please open Notepad
    • Click Start , then Run
    • Type notepad .exe in the Run Box.

    2. Now copy/paste the entire content of the codebox below into the Notepad window:

    Code:
    FCopy::
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe | C:\WINDOWS\explorer.exe
    
    
    Driver::
    PSINKNC
    PSINAflt
    PSINFile
    PSINProc
    
    
    Registry::
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
    "DisableMonitoring"=-
    [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
    "DisableMonitoring"=-
    
    SeCenter::
    {5AD27692-540A-464E-B625-78275FA38393}
    
    

    3. Save the above as CFScript.txt

    4. Close/disable all anti virus and anti malware programs again, so they do not interfere with the running of ComboFix.

    5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

    [​IMG]


    6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
    • Combofix.txt
     
  5. temir

    temir TS Rookie Topic Starter Posts: 87

    After that successful combofix scan with the log created, for curiosity i restarted the computer and ran again combofix, it didn't give me the report, it restarted automatically and there was no report.
     
  6. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Do NOT do anything other, than what I ask for, please.
     
  7. temir

    temir TS Rookie Topic Starter Posts: 87

    yes yes, ok, sorry
     
  8. temir

    temir TS Rookie Topic Starter Posts: 87

    It finally finished!
    Combofix Report:

    ComboFix 10-11-07.01 - Temir 07/11/2010 1.54.38.5.2 - x86
    Microsoft Windows XP Professional 5.1.2600.2.1251.7.1033.18.1023.624 [GMT 1:00]
    Running from: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
    Command switches used :: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Desktop\CFScript.txt
    AV: *On-access scanning disabled* (Updated) {5AD27692-540A-464E-B625-78275FA38393}
    AV: McAfee Anti-Virus and Anti-Spyware *On-access scanning enabled* (Updated) {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
    FW: McAfee Firewall *enabled* {94894B63-8C7F-4050-BDA4-813CA00DA3E8}
    * Resident AV is active

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    c:\windows\explorer.exe.tmp

    .
    --------------- FCopy ---------------

    c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe --> c:\windows\explorer.exe
    .
    ((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
    .

    -------\Legacy_PSINAFLT
    -------\Legacy_PSINFILE
    -------\Legacy_PSINKNC
    -------\Legacy_PSINPROC
    -------\Service_PSINAflt
    -------\Service_PSINFile
    -------\Service_PSINKNC
    -------\Service_PSINProc


    ((((((((((((((((((((((((( Files Created from 2010-10-07 to 2010-11-07 )))))))))))))))))))))))))))))))
    .

    2010-11-06 14:34 . 2010-11-06 14:39 2194 ----a-w- c:\windows\system32\PerfStringBackup.TMP
    2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\LocalService.NT AUTHORITY
    2010-11-06 14:33 . 2010-11-06 14:33 -------- d-sh--w- c:\documents and settings\NetworkService.NT AUTHORITY
    2010-11-06 14:17 . 2010-11-06 14:17 -------- d-----w- c:\documents and settings\admin
    2010-11-03 22:02 . 2004-08-03 23:56 116224 -c--a-w- c:\windows\system32\dllcache\xrxwiadr.dll
    2010-11-03 22:02 . 2001-08-17 21:36 23040 -c--a-w- c:\windows\system32\dllcache\xrxwbtmp.dll
    2010-11-03 22:02 . 2001-08-17 21:36 17408 -c--a-w- c:\windows\system32\dllcache\xrxscnui.dll
    2010-11-03 22:02 . 2001-08-17 21:37 27648 -c--a-w- c:\windows\system32\dllcache\xrxftplt.exe
    2010-11-03 22:02 . 2001-08-17 21:37 4608 -c--a-w- c:\windows\system32\dllcache\xrxflnch.exe
    2010-11-03 22:01 . 2001-08-17 21:37 99865 -c--a-w- c:\windows\system32\dllcache\xlog.exe
    2010-11-03 22:01 . 2001-08-17 11:11 16970 -c--a-w- c:\windows\system32\dllcache\xem336n5.sys
    2010-11-03 22:01 . 2004-08-03 21:29 19455 -c--a-w- c:\windows\system32\dllcache\wvchntxx.sys
    2010-11-03 22:01 . 2004-08-03 21:29 12063 -c--a-w- c:\windows\system32\dllcache\wsiintxx.sys
    2010-11-03 22:01 . 2004-08-03 22:07 8832 -c--a-w- c:\windows\system32\dllcache\wmiacpi.sys
    2010-11-03 22:01 . 2004-08-03 21:31 154624 -c--a-w- c:\windows\system32\dllcache\wlluc48.sys
    2010-11-03 22:01 . 2001-08-17 11:12 34890 -c--a-w- c:\windows\system32\dllcache\wlandrv2.sys
    2010-11-03 21:58 . 2001-08-17 12:28 397502 -c--a-w- c:\windows\system32\dllcache\vpctcom.sys
    2010-11-03 21:58 . 2001-08-17 12:28 604253 -c--a-w- c:\windows\system32\dllcache\vmodem.sys
    2010-11-03 21:58 . 2001-08-17 11:14 249402 -c--a-w- c:\windows\system32\dllcache\vinwm.sys
    2010-11-03 21:58 . 2001-08-17 12:49 24576 -c--a-w- c:\windows\system32\dllcache\viairda.sys
    2010-11-03 21:58 . 2004-08-03 21:59 5376 -c--a-w- c:\windows\system32\dllcache\viaide.sys
    2010-11-03 21:58 . 2004-08-03 22:07 42240 -c--a-w- c:\windows\system32\dllcache\viaagp.sys
    2010-11-03 21:58 . 2004-08-03 23:56 11325 -c--a-w- c:\windows\system32\dllcache\vchnt5.dll
    2010-11-03 21:58 . 2001-08-17 12:28 687999 -c--a-w- c:\windows\system32\dllcache\usrwdxjs.sys
    2010-11-03 21:58 . 2001-08-17 12:28 765884 -c--a-w- c:\windows\system32\dllcache\usrti.sys
    2010-11-03 21:58 . 2001-08-17 12:28 113762 -c--a-w- c:\windows\system32\dllcache\usrpda.sys
    2010-11-03 21:58 . 2001-08-17 12:28 7556 -c--a-w- c:\windows\system32\dllcache\usroslba.sys
    2010-11-03 21:56 . 2001-08-17 21:36 50688 -c--a-w- c:\windows\system32\dllcache\umaxscan.dll
    2010-11-03 21:55 . 2001-08-17 21:36 31744 -c--a-w- c:\windows\system32\dllcache\tp4.dll
    2010-11-03 21:55 . 2001-08-17 12:51 4992 -c--a-w- c:\windows\system32\dllcache\toside.sys
    2010-11-03 21:55 . 2001-08-17 13:02 230912 -c--a-w- c:\windows\system32\dllcache\tosdvd03.sys
    2010-11-03 21:55 . 2001-08-17 13:01 241664 -c--a-w- c:\windows\system32\dllcache\tosdvd02.sys
    2010-11-03 21:55 . 2001-08-17 11:10 28232 -c--a-w- c:\windows\system32\dllcache\tos4mo.sys
    2010-11-03 21:55 . 2001-08-17 11:14 123995 -c--a-w- c:\windows\system32\dllcache\tjisdn.sys
    2010-11-03 21:52 . 2001-08-17 21:36 41472 -c--a-w- c:\windows\system32\dllcache\sw_effct.dll
    2010-11-03 21:51 . 2001-08-17 12:53 7040 -c--a-w- c:\windows\system32\dllcache\snyaitmc.sys
    2010-11-03 21:51 . 2001-08-17 11:51 58368 -c--a-w- c:\windows\system32\dllcache\smiminib.sys
    2010-11-03 21:51 . 2001-08-17 13:56 147200 -c--a-w- c:\windows\system32\dllcache\smidispb.dll
    2010-11-03 21:51 . 2001-08-17 11:12 25034 -c--a-w- c:\windows\system32\dllcache\smcpwr2n.sys
    2010-11-03 21:51 . 2001-08-17 11:10 35913 -c--a-w- c:\windows\system32\dllcache\smcirda.sys
    2010-11-03 21:51 . 2001-08-17 11:12 24576 -c--a-w- c:\windows\system32\dllcache\smc8000n.sys
    2010-11-03 21:51 . 2001-08-17 12:57 6784 -c--a-w- c:\windows\system32\dllcache\smbhc.sys
    2010-11-03 21:51 . 2004-08-03 22:07 6912 -c--a-w- c:\windows\system32\dllcache\smbclass.sys
    2010-11-03 21:51 . 2004-08-03 22:07 16128 -c--a-w- c:\windows\system32\dllcache\smbbatt.sys
    2010-11-03 21:51 . 2004-08-03 22:07 6016 -c--a-w- c:\windows\system32\dllcache\smbali.sys
    2010-11-03 21:51 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\smb3w.dll
    2010-11-03 21:51 . 2001-08-17 21:36 33792 -c--a-w- c:\windows\system32\dllcache\smb0w.dll
    2010-11-03 21:49 . 2001-08-17 11:51 98080 -c--a-w- c:\windows\system32\dllcache\sgiulnt5.sys
    2010-11-03 21:48 . 2001-08-17 13:56 179264 -c--a-w- c:\windows\system32\dllcache\s3sav3d.dll
    2010-11-03 21:47 . 2001-08-17 11:12 37563 -c--a-w- c:\windows\system32\dllcache\rlnet5.sys
    2010-11-03 21:46 . 2001-08-17 21:36 35328 -c--a-w- c:\windows\system32\dllcache\psisload.dll
    2010-11-03 21:45 . 2001-08-17 13:07 5504 -c--a-w- c:\windows\system32\dllcache\perc2hib.sys
    2010-11-03 21:44 . 2001-08-17 13:05 31872 -c--a-w- c:\windows\system32\dllcache\ovce.sys
    2010-11-03 21:43 . 2001-08-17 11:12 32840 -c--a-w- c:\windows\system32\dllcache\ngrpci.sys
    2010-11-03 21:42 . 2001-08-17 11:50 103296 -c--a-w- c:\windows\system32\dllcache\mtxvideo.sys
    2010-11-03 21:42 . 2004-08-03 23:56 1737856 -c--a-w- c:\windows\system32\dllcache\mtxparhd.dll
    2010-11-03 21:42 . 2004-08-03 21:29 452736 -c--a-w- c:\windows\system32\dllcache\mtxparhm.sys
    2010-11-03 21:42 . 2004-08-03 21:41 1309184 -c--a-w- c:\windows\system32\dllcache\mtlstrm.sys
    2010-11-03 21:42 . 2004-08-03 21:41 126686 -c--a-w- c:\windows\system32\dllcache\mtlmnt5.sys
    2010-11-03 21:42 . 2004-08-03 22:10 49024 -c--a-w- c:\windows\system32\dllcache\mstape.sys
    2010-11-03 21:42 . 2001-08-17 12:48 12416 -c--a-w- c:\windows\system32\dllcache\msriffwv.sys
    2010-11-03 21:42 . 2001-08-17 13:00 2944 -c--a-w- c:\windows\system32\dllcache\msmpu401.sys
    2010-11-03 21:42 . 2004-08-03 22:00 22016 -c--a-w- c:\windows\system32\dllcache\msircomm.sys
    2010-11-03 21:42 . 2001-08-17 13:02 35200 -c--a-w- c:\windows\system32\dllcache\msgame.sys
    2010-11-03 21:42 . 2001-08-17 12:48 6016 -c--a-w- c:\windows\system32\dllcache\msfsio.sys
    2010-11-03 21:42 . 2004-08-03 22:10 51328 -c--a-w- c:\windows\system32\dllcache\msdv.sys
    2010-11-03 21:42 . 2001-08-17 12:52 17280 -c--a-w- c:\windows\system32\dllcache\mraid35x.sys
    2010-11-03 21:40 . 2001-08-17 12:28 802683 -c--a-w- c:\windows\system32\dllcache\ltsm.sys
    2010-11-03 21:39 . 2001-08-17 21:36 8704 -c--a-w- c:\windows\system32\dllcache\kbdjpn.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd106.dll
    2010-11-03 21:39 . 2001-08-17 13:55 5632 -c--a-w- c:\windows\system32\dllcache\kbd103.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101c.dll
    2010-11-03 21:39 . 2001-08-17 13:55 6144 -c--a-w- c:\windows\system32\dllcache\kbd101b.dll
    2010-11-03 21:39 . 2001-08-17 12:49 26624 -c--a-w- c:\windows\system32\dllcache\irstusb.sys
    2010-11-03 21:39 . 2001-08-17 12:49 23552 -c--a-w- c:\windows\system32\dllcache\irmk7.sys
    2010-11-03 21:39 . 2001-08-17 11:12 45632 -c--a-w- c:\windows\system32\dllcache\ip5515.sys
    2010-11-03 21:39 . 2001-08-17 21:36 90200 -c--a-w- c:\windows\system32\dllcache\io8ports.dll
    2010-11-03 21:39 . 2001-08-17 12:50 38784 -c--a-w- c:\windows\system32\dllcache\io8.sys
    2010-11-03 21:39 . 2004-08-03 21:59 5504 -c--a-w- c:\windows\system32\dllcache\intelide.sys
    2010-11-03 21:39 . 2001-08-17 12:47 13056 -c--a-w- c:\windows\system32\dllcache\inport.sys
    2010-11-03 21:39 . 2001-08-17 12:52 16000 -c--a-w- c:\windows\system32\dllcache\ini910u.sys
    2010-11-03 21:38 . 2001-08-17 21:36 372824 -c--a-w- c:\windows\system32\dllcache\iconf32.dll
    2010-11-03 21:36 . 2004-08-03 21:41 1041536 -c--a-w- c:\windows\system32\dllcache\hsfdpsp2.sys
    2010-11-03 21:35 . 2001-08-17 21:36 32768 -c--a-w- c:\windows\system32\dllcache\hpgtmcro.dll
    2010-11-03 21:34 . 2001-08-17 13:56 1733120 -c--a-w- c:\windows\system32\dllcache\g400d.dll
    2010-11-03 21:33 . 2001-08-17 21:36 45568 -c--a-w- c:\windows\system32\dllcache\esunib.dll
    2010-11-03 21:32 . 2001-08-17 11:11 455199 -c--a-w- c:\windows\system32\dllcache\el985n51.sys
    2010-11-03 21:31 . 2001-08-17 21:36 614429 -c--a-w- c:\windows\system32\dllcache\digiview.exe
    2010-11-03 21:30 . 2001-08-17 11:19 3584 -c--a-w- c:\windows\system32\dllcache\cwcosnt5.sys
    2010-11-03 21:29 . 2004-08-03 23:56 15423 -c--a-w- c:\windows\system32\dllcache\ch7xxnt5.dll
    2010-11-03 21:28 . 2001-08-17 12:51 13824 -c--a-w- c:\windows\system32\dllcache\bulltlp3.sys
    2010-11-03 21:27 . 2004-08-03 21:29 34735 -c--a-w- c:\windows\system32\dllcache\ati1xsxx.sys
    2010-11-03 21:26 . 2001-08-17 13:56 66048 -c--a-w- c:\windows\system32\dllcache\s3legacy.dll
    2010-11-03 16:12 . 2010-11-03 16:12 -------- d-----w- c:\program files\SiteAdvisor
    2010-11-03 16:11 . 2010-10-13 21:28 24376 ----a-w- c:\program files\Mozilla Firefox\components\Scriptff.dll
    2010-11-03 16:11 . 2010-10-13 21:28 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
    2010-11-03 16:11 . 2010-10-13 21:28 88544 ----a-w- c:\windows\system32\drivers\mfendisk.sys
    2010-11-03 16:11 . 2010-10-13 21:28 84264 ----a-w- c:\windows\system32\drivers\mferkdet.sys
    2010-11-03 16:11 . 2010-10-13 21:28 84072 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
    2010-11-03 16:11 . 2010-10-13 21:28 55840 ----a-w- c:\windows\system32\drivers\cfwids.sys
    2010-11-03 16:11 . 2010-10-13 21:28 52104 ----a-w- c:\windows\system32\drivers\mfebopk.sys
    2010-11-03 16:11 . 2010-10-13 21:28 313288 ----a-w- c:\windows\system32\drivers\mfefirek.sys
    2010-11-03 16:11 . 2010-10-13 21:28 152960 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
    2010-11-03 16:11 . 2010-11-03 16:11 -------- d-----w- c:\program files\Common Files\Mcafee
    2010-11-03 16:10 . 2010-11-03 20:53 -------- d-----w- c:\program files\McAfee
    2010-11-03 15:56 . 2010-11-03 18:54 -------- d-----w- c:\documents and settings\All Users\Application Data\McAfee
    2010-11-03 14:57 . 2010-10-13 21:28 141792 ----a-w- c:\windows\system32\mfevtps.exe
    2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Interactive
    2010-11-03 12:58 . 2010-11-03 12:58 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\log
    2010-11-03 12:40 . 2010-11-03 12:40 -------- d-----w- c:\windows\system32\wbem\Repository
    2010-11-03 11:10 . 2010-11-03 12:40 -------- d-s---w- c:\documents and settings\Administrator.PRIVATE-A7D0BBD
    2010-11-02 15:02 . 2010-11-03 12:40 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Biolab Disaster
    2010-10-16 22:39 . 2010-10-16 22:39 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
    2010-10-13 21:28 . 2010-10-13 21:28 95600 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
    2010-10-13 21:28 . 2010-10-13 21:28 386840 ----a-w- c:\windows\system32\drivers\mfehidk.sys
    2010-10-09 09:22 . 2010-10-09 09:22 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Nokia
    2010-10-09 08:44 . 2010-10-09 08:44 -------- d-----w- c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1

    .
    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    2010-11-06 14:45 . 2004-08-10 12:00 502272 ----a-w- c:\windows\system32\winlogon.exe
    2010-09-15 02:50 . 2010-05-07 10:23 472808 ----a-w- c:\windows\system32\deployJava1.dll
    2010-09-15 00:29 . 2010-05-07 10:23 73728 ----a-w- c:\windows\system32\javacpl.cpl
    2009-05-01 21:02 . 2009-05-01 21:02 1044480 ----a-w- c:\program files\mozilla firefox\plugins\libdivx.dll
    2009-05-01 21:02 . 2009-05-01 21:02 200704 ----a-w- c:\program files\mozilla firefox\plugins\ssldivx.dll
    2010-10-13 21:28 . 2010-11-03 16:11 24376 ----a-w- c:\program files\mozilla firefox\components\Scriptff.dll
    .

    ------- Sigcheck -------

    [-] 2010-11-06 . 6225F14B8CE08CCBA8B25AD27843C674 . 502272 . . [5.1.2600.2180] . . c:\windows\system32\winlogon.exe
    [-] 2008-04-14 . ED0EF0A136DEC83DF69F04118870003E . 507904 . . [5.1.2600.5512] . . c:\windows\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\winlogon.exe
    .
    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
    .
    .
    *Note* empty entries & legit default entries are not shown
    REGEDIT4

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
    "ehTray"="c:\windows\ehome\ehtray.exe" [2004-08-10 59392]
    "HP Software Update"="d:\program files\HP\HP Software Update\HPWuSchd2.exe" [2004-09-13 49152]
    "AdobeAAMUpdater-1.0"="c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe" [2010-03-06 500208]
    "AdobeCS5ServiceManager"="c:\program files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe" [2010-02-22 406992]
    "Adobe Acrobat Speed Launcher"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe" [2008-06-12 37232]
    "Acrobat Assistant 8.0"="d:\program files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe" [2008-06-11 640376]
    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-11-10 417792]
    "iTunesHelper"="d:\program files\iTunes\iTunesHelper.exe" [2009-11-12 141600]
    "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-06-07 13902440]
    "NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-06-07 110696]
    "SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
    "SwitchBoard"="c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe" [2010-02-19 517096]

    [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
    "CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-10 15360]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcmscsvc]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
    @=""

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
    @="Driver"

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Avvio rapido di HP Image Zone.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Avvio rapido di HP Image Zone.lnk
    backup=c:\windows\pss\Avvio rapido di HP Image Zone.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Digital Imaging Monitor.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk
    backup=c:\windows\pss\HP Digital Imaging Monitor.lnkCommon Startup

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HP Image Zone Fast Start.lnk]
    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk
    backup=c:\windows\pss\HP Image Zone Fast Start.lnkCommon Startup

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mcui_exe]
    2010-09-30 12:10 1193848 ----a-w- c:\program files\McAfee.com\Agent\mcagent.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PC Suite Tray]
    2009-11-11 08:57 1451520 ----a-w- d:\program files\Nokia\Nokia PC Suite 7\PCSuite.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
    "MSK80Service"=2 (0x2)
    "mfevtp"=2 (0x2)
    "mfefire"=2 (0x2)
    "McShield"=2 (0x2)
    "McProxy"=2 (0x2)
    "McODS"=3 (0x3)
    "McNASvc"=2 (0x2)
    "McNaiAnn"=2 (0x2)
    "mcmscsvc"=2 (0x2)
    "McMPFSvc"=2 (0x2)
    "McAfee SiteAdvisor Service"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
    "%windir%\\system32\\sessmgr.exe"=
    "c:\\Program Files\\Java\\jre6\\bin\\java.exe"=
    "c:\\Program Files\\eMule\\emule.exe"=
    "d:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
    "c:\\Program Files\\Skype\\Plugin Manager\\skypePM.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=
    "c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
    "c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
    "d:\\Program Files\\iTunes\\iTunes.exe"=
    "d:\\Program Files\\Opera\\opera.exe"=
    "c:\\Program Files\\Skype\\Phone\\Skype.exe"=
    "d:\\Program Files\\uTorrent\\uTorrent.exe"=
    "c:\\Program Files\\Common Files\\Mcafee\\McSvcHost\\McSvHost.exe"=

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
    "1031:TCP"= 1031:TCP:Akamai NetSession Interface
    "5000:UDP"= 5000:UDP:Akamai NetSession Interface
    "3389:TCP"= 3389:TCP:mad:xpsp2res.dll,-22009

    R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [03/11/2010 17.11.15 84072]
    R1 VBoxDrv;VirtualBox Service;c:\windows\system32\drivers\VBoxDrv.sys [20/09/2010 23.41.09 143184]
    R1 VBoxUSBMon;VirtualBox USB Monitor Driver;c:\windows\system32\drivers\VBoxUSBMon.sys [20/09/2010 23.40.43 41936]
    R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [03/11/2010 15.57.01 141792]
    R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [03/11/2010 17.11.15 313288]
    R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [03/11/2010 17.11.15 88544]
    R3 VBoxNetAdp;VirtualBox Host-Only Ethernet Adapter;c:\windows\system32\drivers\VBoxNetAdp.sys [05/08/2010 13.08.04 100496]
    R3 VBoxNetFlt;VBoxNetFlt Service;c:\windows\system32\drivers\VBoxNetFlt.sys [05/08/2010 13.08.04 111312]
    S2 Akamai;Akamai NetSession Interface;c:\windows\System32\svchost.exe -k Akamai [10/08/2004 13.00.00 14336]
    S2 NanoServiceMain;NanoServiceMain;"c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe" --> c:\program files\Panda Security\Panda Cloud Antivirus\PSANHost.exe [?]
    S3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [03/11/2010 17.11.15 55840]
    S3 cpudrv;cpudrv;c:\program files\SystemRequirementsLab\cpudrv.sys [18/12/2009 10.58.52 11336]
    S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [03/11/2010 17.11.15 88544]
    S3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [03/11/2010 17.11.15 84264]
    S3 nmwcdnsu;Nokia USB Flashing Phone Parent;c:\windows\system32\drivers\nmwcdnsu.sys [03/10/2010 17.15.42 137344]
    S3 nmwcdnsuc;Nokia USB Flashing Generic;c:\windows\system32\drivers\nmwcdnsuc.sys [03/10/2010 17.15.42 8320]
    S3 SwitchBoard;SwitchBoard;c:\program files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [19/02/2010 12.37.14 517096]
    S4 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
    S4 McMPFSvc;McAfee Personal Firewall Service;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
    S4 McNaiAnn;McAfee VirusScan Announcer;"c:\program files\Common Files\Mcafee\McSvcHost\McSvHost.exe" /McCoreSvc [03/11/2010 17.11.09 271480]
    S4 mfefire;McAfee Firewall Core Service;c:\program files\Common Files\Mcafee\SystemCore\mfefire.exe [03/11/2010 17.11.28 188136]

    --- Other Services/Drivers In Memory ---

    *Deregistered* - mfeavfk01
    .
    Contents of the 'Scheduled Tasks' folder

    2010-10-27 c:\windows\Tasks\AdobeAAMUpdater-1.0-PRIVATE-A7D0BBD-Temir.job
    - c:\program files\Common Files\Adobe\OOBE\PDApp\UWA\updaterstartuputility.exe [2010-09-20 01:44]
    .
    .
    ------- Supplementary Scan -------
    .
    uStart Page = hxxp://www.google.it/
    uInternet Settings,ProxyOverride = *.local
    IE: Append Link Target to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
    IE: Append to Existing PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIEAppend.html
    IE: Convert Link Target to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
    IE: Convert to Adobe PDF - c:\program files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll/AcroIECapture.html
    IE: E&sporta in Microsoft Excel - d:\progra~1\MICROS~1\Office12\EXCEL.EXE/3000
    TCP: {4B98396A-1F15-4792-B650-A5C74B20C398} = 62.211.69.170,212.48.4.30
    FF - ProfilePath - c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\
    FF - component: c:\program files\McAfee\SiteAdvisor\components\McFFPlg.dll
    FF - component: c:\program files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}\components\SkypeFfComponent.dll
    FF - plugin: c:\documents and settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\plugins\npoctoshape.dll
    FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
    FF - plugin: d:\program files\iTunes\Mozilla Plugins\npitunes.dll
    FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npdeployJava1.dll
    FF - plugin: d:\program files\Java\jre6\bin\new_plugin\npjp2.dll

    ---- FIREFOX POLICIES ----
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbaam7a8h", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqz9s", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--fiqs8s", true); // Simplified
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--j6w193g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4ar", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgberp4a5d4a87g", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7c0a67fbc", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--mgbqly7cvafr", true);
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kpry57d", true); // Traditional
    c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.IDN.whitelist.xn--kprw13d", true); // Simplified
    c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("dom.ipc.plugins.enabled", false);
    .

    **************************************************************************

    catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
    Rootkit scan 2010-11-07 02:07
    Windows 5.1.2600 Service Pack 2 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully
    hidden files: 0

    **************************************************************************

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"

    [HKEY_LOCAL_MACHINE\System\ControlSet002\Services\Akamai]
    "ServiceDll"="C:/Program Files/Common Files/Akamai/rswin_3653.dll"
    .
    --------------------- LOCKED REGISTRY KEYS ---------------------

    [HKEY_USERS\S-1-5-21-1482476501-484763869-682003330-1003\Software\Microsoft\SystemCertificates\AddressBook*]
    @Allowed: (Read) (RestrictedCode)
    @Allowed: (Read) (RestrictedCode)

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}]
    @Denied: (A 2) (Everyone)
    @="FlashBroker"
    "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe,-101"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation]
    "Enabled"=dword:00000001

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32]
    @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10g_ActiveX.exe"

    [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}]
    @Denied: (A 2) (Everyone)
    @="IFlashBroker4"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32]
    @="{00020424-0000-0000-C000-000000000046}"

    [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib]
    @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
    "Version"="1.0"
    .
    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'explorer.exe'(2668)
    c:\windows\system32\msi.dll
    .
    ------------------------ Other Running Processes ------------------------
    .
    c:\windows\system32\nvsvc32.exe
    c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
    c:\program files\Bonjour\mDNSResponder.exe
    c:\windows\eHome\ehRecvr.exe
    c:\windows\eHome\ehSched.exe
    d:\program files\Java\jre6\bin\jqs.exe
    c:\windows\system32\HPZipm12.exe
    c:\windows\system32\wdfmgr.exe
    c:\program files\Common Files\McAfee\SystemCore\mcshield.exe
    c:\windows\system32\dllhost.exe
    c:\windows\eHome\ehmsas.exe
    c:\windows\system32\RUNDLL32.EXE
    c:\program files\iPod\bin\iPodService.exe
    c:\windows\system32\dwwin.exe
    .
    **************************************************************************
    .
    Completion time: 2010-11-07 02:17:16 - machine was rebooted
    ComboFix-quarantined-files.txt 2010-11-07 01:16

    Pre-Run: 3.702.816.768 bytes free
    Post-Run: 3.637.977.088 bytes free

    - - End Of File - - 78DB2BE1A58D846A1F645CE85F497846
     
  9. temir

    temir TS Rookie Topic Starter Posts: 87

    Thank you again, i'm going to sleep.
     
  10. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    When you wake up, update me on current issues.

    Then....

    Download OTL to your Desktop.

    • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
    • Under the Custom Scan box paste this in:


    netsvcs
    drivers32
    %SYSTEMDRIVE%\*.*
    %systemroot%\Fonts\*.com
    %systemroot%\Fonts\*.dll
    %systemroot%\Fonts\*.ini
    %systemroot%\Fonts\*.ini2
    %systemroot%\Fonts\*.exe
    %systemroot%\system32\spool\prtprocs\w32x86\*.*
    %systemroot%\REPAIR\*.bak1
    %systemroot%\REPAIR\*.ini
    %systemroot%\system32\*.jpg
    %systemroot%\*.jpg
    %systemroot%\*.png
    %systemroot%\*.scr
    %systemroot%\*._sy
    %APPDATA%\Adobe\Update\*.*
    %ALLUSERSPROFILE%\Favorites\*.*
    %APPDATA%\Microsoft\*.*
    %PROGRAMFILES%\*.*
    %APPDATA%\Update\*.*
    %systemroot%\*. /mp /s
    CREATERESTOREPOINT
    %systemroot%\System32\config\*.sav
    %PROGRAMFILES%\bak. /s
    %systemroot%\system32\bak. /s
    %ALLUSERSPROFILE%\Start Menu\*.lnk /x
    %systemroot%\system32\config\systemprofile\*.dat /x
    %systemroot%\*.config
    %systemroot%\system32\*.db
    %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
    %USERPROFILE%\Desktop\*.exe
    %PROGRAMFILES%\Common Files\*.*
    %systemroot%\*.src
    %systemroot%\install\*.*
    %systemroot%\system32\DLL\*.*
    %systemroot%\system32\HelpFiles\*.*
    %systemroot%\system32\rundll\*.*
    %systemroot%\winn32\*.*
    %systemroot%\Java\*.*
    %systemroot%\system32\test\*.*
    %systemroot%\system32\Rundll32\*.*
    %systemroot%\AppPatch\Custom\*.*
    %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
    %PROGRAMFILES%\PC-Doctor\Downloads\*.*
    %PROGRAMFILES%\Internet Explorer\*.tmp
    %PROGRAMFILES%\Internet Explorer\*.dat
    %USERPROFILE%\My Documents\*.exe
    %USERPROFILE%\*.exe
    %systemroot%\ADDINS\*.*
    %systemroot%\assembly\*.bak2
    %systemroot%\Config\*.*
    %systemroot%\REPAIR\*.bak2
    %systemroot%\SECURITY\Database\*.sdb /x
    %systemroot%\SYSTEM\*.bak2
    %systemroot%\Web\*.bak2
    %systemroot%\Driver Cache\*.*
    %PROGRAMFILES%\Mozilla Firefox\0*.exe
    %ProgramFiles%\Microsoft Common\*.*
    %ProgramFiles%\TinyProxy.
    %USERPROFILE%\Favorites\*.url /x
    %systemroot%\system32\*.bk
    %systemroot%\*.te
    %systemroot%\system32\system32\*.*
    %ALLUSERSPROFILE%\*.dat /x
    %systemroot%\system32\drivers\*.rmv
    dir /b "%systemroot%\system32\*.exe" | find /i " " /c
    dir /b "%systemroot%\*.exe" | find /i " " /c
    %PROGRAMFILES%\Microsoft\*.*
    %systemroot%\System32\Wbem\proquota.exe
    %PROGRAMFILES%\Mozilla Firefox\*.dat
    %USERPROFILE%\Cookies\*.txt /x
    %SystemRoot%\system32\fonts\*.*
    %systemroot%\system32\winlog\*.*
    %systemroot%\system32\Language\*.*
    %systemroot%\system32\Settings\*.*
    %systemroot%\system32\*.quo
    %SYSTEMROOT%\AppPatch\*.exe
    %SYSTEMROOT%\inf\*.exe
    %SYSTEMROOT%\Installer\*.exe
    %systemroot%\system32\config\*.bak2
    %systemroot%\system32\Computers\*.*
    %SystemRoot%\system32\Sound\*.*
    %SystemRoot%\system32\SpecialImg\*.*
    %SystemRoot%\system32\code\*.*
    %SystemRoot%\system32\draft\*.*
    %SystemRoot%\system32\MSSSys\*.*
    %ProgramFiles%\Javascript\*.*
    %systemroot%\pchealth\helpctr\System\*.exe /s
    %systemroot%\Web\*.exe
    %systemroot%\system32\msn\*.*
    %systemroot%\system32\*.tro
    %AppData%\Microsoft\Installer\msupdates\*.*
    %ProgramFiles%\Messenger\*.*
    %systemroot%\system32\systhem32\*.*
    %systemroot%\system\*.exe
    HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
    /md5start
    /md5stop


    • Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.
     
  11. temir

    temir TS Rookie Topic Starter Posts: 87

    Good Morning! :)

    Well, my current issues are almost the same. The computer's performance increased and when i shut down Windows XP there are no more non responding programs blocking the process, that's great, but Windows Explorer won't open, as well as also McAfee.
     
     
  12. temir

    temir TS Rookie Topic Starter Posts: 87

    OTL.txt :

    OTL logfile created on: 07/11/2010 10.24.29 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

    1.023,00 Mb Total Physical Memory | 690,00 Mb Available Physical Memory | 67,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24,65 Gb Total Space | 3,41 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
    Drive D: | 63,70 Gb Total Space | 0,59 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
    Drive E: | 159,77 Gb Total Space | 159,70 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
    Drive F: | 144,53 Gb Total Space | 14,03 Gb Free Space | 9,70% Space Free | Partition Type: NTFS
    Drive J: | 7,00 Gb Total Space | 1,65 Gb Free Space | 23,53% Space Free | Partition Type: FAT32
    Drive K: | 700,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive O: | 111,79 Gb Total Space | 51,03 Gb Free Space | 45,65% Space Free | Partition Type: NTFS
    Drive P: | 149,05 Gb Total Space | 8,98 Gb Free Space | 6,02% Space Free | Partition Type: NTFS

    Computer Name: PRIVATE-A7D0BBD | User Name: Temir | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Processes (SafeList) ==========

    PRC - [2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
    PRC - [2010/10/13 22.28.54 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\Mcafee\SystemCore\mcshield.exe
    PRC - [2010/10/13 22.28.54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
    PRC - [2010/09/30 13.10.36 | 001,193,848 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
    PRC - [2008/06/11 21.43.26 | 000,640,376 | ---- | M] (Adobe Systems Inc.) -- D:\Program Files\Adobe\Acrobat 9.0\Acrobat\acrotray.exe
    PRC - [2007/08/09 08.27.52 | 000,073,728 | ---- | M] (HP) -- C:\WINDOWS\system32\HPZipm12.exe
    PRC - [2004/08/10 13.00.00 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
    PRC - [2004/08/10 13.00.00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe


    ========== Modules (SafeList) ==========

    MOD - [2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
    MOD - [2004/08/10 13.00.00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


    ========== Win32 Services (SafeList) ==========

    SRV - File not found [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
    SRV - [2010/10/13 22.28.54 | 000,188,136 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
    SRV - [2010/10/13 22.28.54 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
    SRV - [2010/10/13 22.28.54 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
    SRV - [2010/10/07 21.34.28 | 000,364,216 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
    SRV - [2010/06/14 14.07.14 | 000,615,936 | ---- | M] (Nokia) [On_Demand | Stopped] -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe -- (ServiceLayer)
    SRV - [2010/04/30 20.31.37 | 002,504,280 | ---- | M] () [Auto | Stopped] -- C:/Program Files/Common Files/Akamai/rswin_3653.dll -- (Akamai)
    SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
    SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McProxy)
    SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNASvc)
    SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McNaiAnn)
    SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (mcmscsvc)
    SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
    SRV - [2010/03/10 10.14.44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McAfee SiteAdvisor Service)
    SRV - [2010/02/19 12.37.14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
    SRV - [2009/10/31 18.26.41 | 000,655,624 | ---- | M] (Acresso Software Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
    SRV - [2007/08/09 08.27.52 | 000,073,728 | ---- | M] (HP) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


    ========== Driver Services (SafeList) ==========

    DRV - File not found [Kernel | On_Demand | Stopped] -- C:\ComboFix\catchme.sys -- (catchme)
    DRV - [2010/10/13 22.28.54 | 000,386,840 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
    DRV - [2010/10/13 22.28.54 | 000,313,288 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
    DRV - [2010/10/13 22.28.54 | 000,152,960 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
    DRV - [2010/10/13 22.28.54 | 000,095,600 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
    DRV - [2010/10/13 22.28.54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
    DRV - [2010/10/13 22.28.54 | 000,088,544 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
    DRV - [2010/10/13 22.28.54 | 000,084,264 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
    DRV - [2010/10/13 22.28.54 | 000,084,072 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
    DRV - [2010/10/13 22.28.54 | 000,055,840 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
    DRV - [2010/10/13 22.28.54 | 000,052,104 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
    DRV - [2010/08/05 13.08.04 | 000,111,312 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetFlt.sys -- (VBoxNetFlt)
    DRV - [2010/08/05 13.08.04 | 000,100,496 | ---- | M] (Oracle Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\VBoxNetAdp.sys -- (VBoxNetAdp)
    DRV - [2010/08/05 13.08.04 | 000,041,936 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxUSBMon.sys -- (VBoxUSBMon)
    DRV - [2010/08/05 13.08.02 | 000,143,184 | ---- | M] (Oracle Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\VBoxDrv.sys -- (VBoxDrv)
    DRV - [2010/06/08 00.57.00 | 010,531,200 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
    DRV - [2010/02/26 13.32.58 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys -- (UsbserFilt)
    DRV - [2010/02/26 13.32.46 | 000,008,192 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys -- (upperdev)
    DRV - [2010/02/26 13.32.44 | 000,022,528 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmbo.sys -- (nmwcdc)
    DRV - [2010/02/26 13.32.44 | 000,018,176 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ccdcmb.sys -- (nmwcd)
    DRV - [2010/02/26 13.21.22 | 000,137,344 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsu.sys -- (nmwcdnsu)
    DRV - [2010/02/26 13.21.22 | 000,008,320 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nmwcdnsuc.sys -- (nmwcdnsuc)
    DRV - [2009/12/18 10.58.52 | 000,011,336 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
    DRV - [2008/08/26 09.26.12 | 000,018,816 | ---- | M] (Nokia) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pccsmcfd.sys -- (pccsmcfd)
    DRV - [2006/08/14 14.09.48 | 000,083,200 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
    DRV - [2006/01/17 15.21.40 | 001,096,192 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
    DRV - [2005/11/08 19.15.38 | 000,439,680 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
    DRV - [2005/11/08 19.15.38 | 000,007,168 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
    DRV - [2005/11/08 19.14.54 | 000,114,688 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
    DRV - [2005/11/08 19.14.46 | 000,143,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
    DRV - [2005/11/08 19.14.44 | 000,077,824 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
    DRV - [2005/11/08 19.14.40 | 000,502,272 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
    DRV - [2005/07/13 16.18.48 | 000,340,704 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
    DRV - [2004/08/10 04.47.50 | 000,046,208 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\IrBus.sys -- (IrBus)
    DRV - [2004/05/05 21.48.40 | 000,004,228 | ---- | M] (PowerQuest Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\PQNTDRV.sys -- (PQNTDrv)
    DRV - [2001/08/17 14.51.32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)


    ========== Standard Registry (SafeList) ==========


    ========== Internet Explorer ==========

    IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

    IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.it/
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
    IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

    ========== FireFox ==========

    FF - prefs.js..browser.search.useDBForOrder: true
    FF - prefs.js..extensions.enabledItems: {b9db16a4-6edc-47ec-a1f4-b86292ed211d}:4.8.1
    FF - prefs.js..extensions.enabledItems: {DDC359D1-844A-42a7-9AA1-88A850A938A8}:1.1.10
    FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
    FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
    FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
    FF - prefs.js..extensions.enabledItems: {B7082FAA-CB62-4872-9106-E42DD88EDE45}:3.2

    FF - HKLM\software\mozilla\Firefox\extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/11/06 17.02.49 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/11/03 17.11.21 | 000,000,000 | ---D | M]
    FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/10/30 09.49.27 | 000,000,000 | ---D | M]

    [2010/05/07 22.42.04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Extensions
    [2010/11/03 12.03.27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions
    [2010/10/23 07.30.19 | 000,000,000 | ---D | M] (DownloadHelper) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{b9db16a4-6edc-47ec-a1f4-b86292ed211d}
    [2010/10/05 21.12.23 | 000,000,000 | ---D | M] (Yoono) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{d9284e50-81fc-11da-a72b-0800200c9a66}
    [2010/05/30 13.24.09 | 000,000,000 | ---D | M] (DownThemAll!) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
    [2010/08/30 08.52.46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\extensions\SkipScreen@SkipScreen
    [2010/04/19 22.26.55 | 000,001,799 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\searchplugins\google-language-it.xml
    [2010/04/19 22.25.50 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Mozilla\Firefox\Profiles\au9prvy0.default\searchplugins\youtube.xml
    [2010/11/03 11.55.47 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
    [2010/05/13 17.25.50 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
    [2010/10/16 10.10.42 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
    [2010/10/13 22.28.54 | 000,024,376 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
    [2010/09/15 03.50.38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
    [2010/04/01 18.17.18 | 000,000,744 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-it.xml
    [2010/04/01 18.17.18 | 000,000,825 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\hoepli.xml
    [2010/04/01 18.17.18 | 000,001,182 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia-it.xml
    [2010/04/01 18.17.18 | 000,000,953 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-it.xml

    O1 HOSTS File: ([2010/11/07 02.06.37 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
    O1 - Hosts: 127.0.0.1 localhost
    O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
    O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
    O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\Mcafee\SystemCore\ScriptSn.20101103171121.dll (McAfee, Inc.)
    O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O2 - BHO: (Skype add-on for Internet Explorer) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [Acrobat Assistant 8.0] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
    O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] D:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
    O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
    O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
    O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
    O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
    O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
    O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
    O8 - Extra context menu item: Append Link Target to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Append to Existing PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert Link Target to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
    O8 - Extra context menu item: E&sporta in Microsoft Excel - D:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
    O9 - Extra Button: Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - D:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
    O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
    O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
    O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
    O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
    O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
    O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
    O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
    O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
    O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O24 - Desktop WallPaper: C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O24 - Desktop BackupWallPaper: C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
    O32 - HKLM CDRom: AutoRun - 1
    O32 - AutoRun File - [2009/10/29 15.13.16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
    O32 - AutoRun File - [2010/01/17 20.49.19 | 000,048,596 | ---- | M] () - C:\autori-27-37_corretto_MR_01-1.docx -- [ NTFS ]
    O32 - AutoRun File - [2001/07/28 07.07.38 | 000,000,000 | -HS- | M] () - J:\AUTOEXEC.BAT -- [ FAT32 ]
    O32 - AutoRun File - [2005/03/14 01.27.05 | 000,015,719 | R--- | M] () - K:\AUTORUN.APM -- [ CDFS ]
    O32 - AutoRun File - [2002/08/12 10.00.00 | 001,150,976 | R--- | M] (Microsoft Corporation) - K:\AUTORUN.EXE -- [ CDFS ]
    O32 - AutoRun File - [2005/03/14 01.27.05 | 000,000,029 | R--- | M] () - K:\AUTORUN.INF -- [ CDFS ]
    O34 - HKLM BootExecute: (autocheck autochk *) - File not found
    O35 - HKLM\..comfile [open] -- "%1" %*
    O35 - HKLM\..exefile [open] -- "%1" %*
    O37 - HKLM\...com [@ = ComFile] -- "%1" %*
    O37 - HKLM\...exe [@ = exefile] -- "%1" %*

    NetSvcs: 6to4 - File not found
    NetSvcs: Ias - File not found
    NetSvcs: Iprip - File not found
    NetSvcs: NWCWorkstation - File not found
    NetSvcs: Nwsapagent - File not found
    NetSvcs: WmdmPmSp - File not found

    Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
    Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
    Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
    Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
    Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
    Drivers32: vidc.ffds - D:\Program Files\Combined Community Codec Pack\Filters\FFDShow\ff_vfw.dll ()
    Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
    Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
    Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
    Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

    CREATERESTOREPOINT
    Restore point Set: OTL Restore Point (17183584330711040)

    ========== Files/Folders - Created Within 30 Days ==========

    [2010/11/07 10.19.45 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
    [2010/11/07 01.49.55 | 000,000,000 | ---D | C] -- C:\Qoobox
    [2010/11/06 20.29.36 | 000,000,000 | ---D | C] -- C:\Qoobox.bak
    [2010/11/06 18.10.28 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
    [2010/11/06 18.03.37 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
    [2010/11/06 18.03.37 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
    [2010/11/06 18.03.37 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
    [2010/11/06 18.03.37 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
    [2010/11/03 23.02.15 | 000,116,224 | ---- | C] (Xerox) -- C:\WINDOWS\System32\dllcache\xrxwiadr.dll
    [2010/11/03 23.02.12 | 000,023,040 | ---- | C] (Xerox Corporation) -- C:\WINDOWS\System32\dllcache\xrxwbtmp.dll
    [2010/11/03 23.01.50 | 000,099,865 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\xlog.exe
    [2010/11/03 23.01.46 | 000,016,970 | ---- | C] (US Robotics MCD (Megahertz)) -- C:\WINDOWS\System32\dllcache\xem336n5.sys
    [2010/11/03 23.01.26 | 000,154,624 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\wlluc48.sys
    [2010/11/03 23.01.22 | 000,034,890 | ---- | C] (Raytheon Corp.) -- C:\WINDOWS\System32\dllcache\wlandrv2.sys
    [2010/11/03 22.59.52 | 000,771,581 | ---- | C] (Rockwell) -- C:\WINDOWS\System32\dllcache\winacisa.sys
    [2010/11/03 22.59.33 | 000,035,871 | ---- | C] (Winbond Electronics Corp.) -- C:\WINDOWS\System32\dllcache\wbfirdma.sys
    [2010/11/03 22.59.14 | 000,016,925 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w940nd.sys
    [2010/11/03 22.59.11 | 000,019,016 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w926nd.sys
    [2010/11/03 22.59.07 | 000,019,528 | ---- | C] (Winbond Electronics Corporation) -- C:\WINDOWS\System32\dllcache\w840nd.sys
    [2010/11/03 22.59.02 | 000,064,605 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vvoice.sys
    [2010/11/03 22.58.58 | 000,397,502 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\vpctcom.sys
    [2010/11/03 22.58.31 | 000,604,253 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\vmodem.sys
    [2010/11/03 22.58.27 | 000,249,402 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\vinwm.sys
    [2010/11/03 22.58.09 | 000,765,884 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usrti.sys
    [2010/11/03 22.57.55 | 000,794,399 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806v.sys
    [2010/11/03 22.57.51 | 000,793,598 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1806.sys
    [2010/11/03 22.57.48 | 000,794,654 | ---- | C] (U.S. Robotics, Inc.) -- C:\WINDOWS\System32\dllcache\usr1801.sys
    [2010/11/03 22.57.42 | 000,032,384 | ---- | C] (KLSI USA, Inc.) -- C:\WINDOWS\System32\dllcache\usb101et.sys
    [2010/11/03 22.56.59 | 000,050,688 | ---- | C] (UMAX DATA SYSTEMS INC.) -- C:\WINDOWS\System32\dllcache\umaxscan.dll
    [2010/11/03 22.56.45 | 000,211,968 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um54scan.dll
    [2010/11/03 22.56.41 | 000,216,064 | ---- | C] (UMAX Data Systems Inc.) -- C:\WINDOWS\System32\dllcache\um34scan.dll
    [2010/11/03 22.56.27 | 000,166,784 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxpm.sys
    [2010/11/03 22.56.24 | 000,525,568 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridxp.dll
    [2010/11/03 22.56.21 | 000,159,232 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkbm.sys
    [2010/11/03 22.56.17 | 000,440,576 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tridkb.dll
    [2010/11/03 22.56.14 | 000,222,336 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3dm.sys
    [2010/11/03 22.56.10 | 000,315,520 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\trid3d.dll
    [2010/11/03 22.55.36 | 000,123,995 | ---- | C] (Tiger Jet Network) -- C:\WINDOWS\System32\dllcache\tjisdn.sys
    [2010/11/03 22.53.59 | 000,138,528 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiulnt5.sys
    [2010/11/03 22.53.55 | 000,081,408 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\tgiul50.dll
    [2010/11/03 22.53.54 | 000,149,376 | ---- | C] (M-Systems) -- C:\WINDOWS\System32\dllcache\tffsport.sys
    [2010/11/03 22.53.51 | 000,017,129 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdkcd31.sys
    [2010/11/03 22.53.47 | 000,037,961 | ---- | C] (TDK Corporation) -- C:\WINDOWS\System32\dllcache\tdk100b.sys
    [2010/11/03 22.53.35 | 000,036,640 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\t2r4mini.sys
    [2010/11/03 22.53.32 | 000,172,768 | ---- | C] (Number Nine Visual Technology) -- C:\WINDOWS\System32\dllcache\t2r4disp.dll
    [2010/11/03 22.52.52 | 000,155,648 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnprop.dll
    [2010/11/03 22.52.49 | 000,053,248 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlncoin.dll
    [2010/11/03 22.52.46 | 000,285,760 | ---- | C] (Stallion Technologies) -- C:\WINDOWS\System32\dllcache\stlnata.sys
    [2010/11/03 22.52.42 | 000,016,896 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\stcusb.sys
    [2010/11/03 22.52.37 | 000,048,736 | ---- | C] (3Com) -- C:\WINDOWS\System32\dllcache\srwlnd5.sys
    [2010/11/03 22.52.19 | 000,019,072 | ---- | C] (Adaptec, Inc.) -- C:\WINDOWS\System32\dllcache\sparrow.sys
    [2010/11/03 22.51.28 | 000,058,368 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smiminib.sys
    [2010/11/03 22.51.24 | 000,147,200 | ---- | C] (Silicon Motion Inc.) -- C:\WINDOWS\System32\dllcache\smidispb.dll
    [2010/11/03 22.51.21 | 000,025,034 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smcpwr2n.sys
    [2010/11/03 22.51.17 | 000,035,913 | ---- | C] (SMC) -- C:\WINDOWS\System32\dllcache\smcirda.sys
    [2010/11/03 22.51.14 | 000,024,576 | ---- | C] (SMC Networks, Inc.) -- C:\WINDOWS\System32\dllcache\smc8000n.sys
    [2010/11/03 22.50.45 | 000,063,547 | ---- | C] (Symbol Technologies) -- C:\WINDOWS\System32\dllcache\sla30nd5.sys
    [2010/11/03 22.50.42 | 000,091,294 | ---- | C] (SysKonnect, a business unit of Schneider & Koch & Co. Datensysteme GmbH.) -- C:\WINDOWS\System32\dllcache\skfpwin.sys
    [2010/11/03 22.50.38 | 000,094,698 | ---- | C] (SysKonnect GmbH.) -- C:\WINDOWS\System32\dllcache\sk98xwin.sys
    [2010/11/03 22.50.31 | 000,032,768 | ---- | C] (SiS Corporation) -- C:\WINDOWS\System32\dllcache\sisnic.sys
    [2010/11/03 22.50.05 | 000,161,568 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmusb.sys
    [2010/11/03 22.50.02 | 000,018,400 | ---- | C] (Micro Systemation) -- C:\WINDOWS\System32\dllcache\sgsmld.sys
    [2010/11/03 22.49.59 | 000,098,080 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiulnt5.sys
    [2010/11/03 22.49.56 | 000,386,560 | ---- | C] (Trident Microsystems Inc.) -- C:\WINDOWS\System32\dllcache\sgiul50.dll
    [2010/11/03 22.49.32 | 000,017,280 | ---- | C] (SCM Microsystems) -- C:\WINDOWS\System32\dllcache\scr111.sys
    [2010/11/03 22.49.25 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmusbm.sys
    [2010/11/03 22.49.22 | 000,023,936 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\sccmn50m.sys
    [2010/11/03 22.49.07 | 000,077,824 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4m.sys
    [2010/11/03 22.49.04 | 000,198,400 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav4.dll
    [2010/11/03 22.49.01 | 000,061,504 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3dm.sys
    [2010/11/03 22.48.58 | 000,179,264 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3sav3d.dll
    [2010/11/03 22.48.54 | 000,210,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mvirge.dll
    [2010/11/03 22.48.51 | 000,062,496 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mtrio.dll
    [2010/11/03 22.48.48 | 000,041,216 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.sys
    [2010/11/03 22.48.45 | 000,182,272 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3mt3d.dll
    [2010/11/03 22.48.42 | 000,166,720 | ---- | C] (S3 Incorporated) -- C:\WINDOWS\System32\dllcache\s3m.sys
    [2010/11/03 22.48.34 | 000,082,432 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia450.dll
    [2010/11/03 22.48.31 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia430.dll
    [2010/11/03 22.48.27 | 000,026,624 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw450ext.dll
    [2010/11/03 22.48.24 | 000,024,576 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rw430ext.dll
    [2010/11/03 22.48.14 | 000,009,216 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\rsmgrstr.dll
    [2010/11/03 22.48.03 | 000,079,104 | ---- | C] (Comtrol Corporation) -- C:\WINDOWS\System32\dllcache\rocket.sys
    [2010/11/03 22.47.59 | 000,037,563 | ---- | C] (RadioLAN) -- C:\WINDOWS\System32\dllcache\rlnet5.sys
    [2010/11/03 22.47.55 | 000,086,097 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\reslog32.dll
    [2010/11/03 22.47.44 | 000,714,762 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdmkxx.sys
    [2010/11/03 22.47.41 | 000,899,146 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\r2mdkxga.sys
    [2010/11/03 22.47.11 | 000,130,942 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlv.sys
    [2010/11/03 22.47.08 | 000,112,574 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserlp.sys
    [2010/11/03 22.47.05 | 000,128,286 | ---- | C] (PCTEL, INC.) -- C:\WINDOWS\System32\dllcache\ptserli.sys
    [2010/11/03 22.46.54 | 000,016,128 | ---- | C] (SCM Microsystems, Inc.) -- C:\WINDOWS\System32\dllcache\pscr.sys
    [2010/11/03 22.45.51 | 000,086,016 | ---- | C] (PCtel, Inc.) -- C:\WINDOWS\System32\dllcache\pctspk.exe
    [2010/11/03 22.45.39 | 000,026,153 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pcmlm56.sys
    [2010/11/03 22.45.37 | 000,029,502 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\pca200e.sys
    [2010/11/03 22.45.34 | 000,030,495 | ---- | C] (Linksys) -- C:\WINDOWS\System32\dllcache\pc100nds.sys
    [2010/11/03 22.44.47 | 000,054,186 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otcsercb.sys
    [2010/11/03 22.44.44 | 000,043,689 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otceth5.sys
    [2010/11/03 22.44.41 | 000,027,209 | ---- | C] (Ositech Communications, Inc.) -- C:\WINDOWS\System32\dllcache\otc06x5.sys
    [2010/11/03 22.44.37 | 000,054,528 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\opl3sax.sys
    [2010/11/03 22.44.17 | 000,051,552 | ---- | C] (Kensington Technology Group) -- C:\WINDOWS\System32\dllcache\ntgrip.sys
    [2010/11/03 22.44.05 | 000,087,040 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm6wdm.sys
    [2010/11/03 22.44.02 | 000,126,080 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\nm5a2wdm.sys
    [2010/11/03 22.43.55 | 000,132,695 | ---- | C] (802.11b) -- C:\WINDOWS\System32\dllcache\netwlan5.sys
    [2010/11/03 22.43.47 | 000,039,264 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.sys
    [2010/11/03 22.43.44 | 000,060,480 | ---- | C] (NeoMagic Corporation) -- C:\WINDOWS\System32\dllcache\neo20xx.dll
    [2010/11/03 22.43.37 | 000,091,488 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3disp.dll
    [2010/11/03 22.43.34 | 000,027,936 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i3d.sys
    [2010/11/03 22.43.31 | 000,033,088 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.sys
    [2010/11/03 22.43.29 | 000,059,104 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128v2.dll
    [2010/11/03 22.43.26 | 000,013,664 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.sys
    [2010/11/03 22.43.23 | 000,035,392 | ---- | C] (Number Nine Visual Technology Corp.) -- C:\WINDOWS\System32\dllcache\n9i128.dll
    [2010/11/03 22.43.14 | 000,075,520 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxport.sys
    [2010/11/03 22.43.11 | 000,007,168 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxport.dll
    [2010/11/03 22.43.09 | 000,019,968 | ---- | C] (Macronix International Co., Ltd. ) -- C:\WINDOWS\System32\dllcache\mxnic.sys
    [2010/11/03 22.43.06 | 000,019,968 | ---- | C] (Moxa Technologies Co., Ltd) -- C:\WINDOWS\System32\dllcache\mxicfg.dll
    [2010/11/03 22.43.03 | 000,021,888 | ---- | C] (Moxa Technologies Co., Ltd.) -- C:\WINDOWS\System32\dllcache\mxcard.sys
    [2010/11/03 22.42.02 | 000,017,280 | ---- | C] (American Megatrends Inc.) -- C:\WINDOWS\System32\dllcache\mraid35x.sys
    [2010/11/03 22.41.24 | 000,164,586 | ---- | C] (Madge Networks Ltd) -- C:\WINDOWS\System32\dllcache\mdgndis5.sys
    [2010/11/03 22.41.02 | 000,797,500 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltsmt.sys
    [2010/11/03 22.40.59 | 000,802,683 | ---- | C] (Lucent Technologies) -- C:\WINDOWS\System32\dllcache\ltsm.sys
    [2010/11/03 22.40.57 | 000,420,992 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntt.sys
    [2010/11/03 22.40.54 | 000,576,746 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmntl.sys
    [2010/11/03 22.40.53 | 000,606,684 | ---- | C] (LT) -- C:\WINDOWS\System32\dllcache\ltmdmnt.sys
    [2010/11/03 22.40.51 | 000,727,786 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ltck000c.sys
    [2010/11/03 22.40.42 | 000,070,730 | ---- | C] (Linksys Group, Inc.) -- C:\WINDOWS\System32\dllcache\lne100tx.sys
    [2010/11/03 22.40.40 | 000,020,573 | ---- | C] (The Linksts Group ) -- C:\WINDOWS\System32\dllcache\lne100.sys
    [2010/11/03 22.40.37 | 000,025,065 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\lmndis3.sys
    [2010/11/03 22.40.34 | 000,015,744 | ---- | C] (Litronic Industries) -- C:\WINDOWS\System32\dllcache\lit220p.sys
    [2010/11/03 22.40.29 | 000,026,442 | ---- | C] (SMSC) -- C:\WINDOWS\System32\dllcache\lanepic5.sys
    [2010/11/03 22.40.27 | 000,019,016 | ---- | C] (Kingston Technology Company ) -- C:\WINDOWS\System32\dllcache\ktc111.sys
    [2010/11/03 22.39.28 | 000,023,552 | ---- | C] (MKNet Corporation) -- C:\WINDOWS\System32\dllcache\irmk7.sys
    [2010/11/03 22.38.06 | 000,372,824 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\iconf32.dll
    [2010/11/03 22.35.55 | 000,068,608 | ---- | C] (Avisioin) -- C:\WINDOWS\System32\dllcache\hpgt53tk.dll
    [2010/11/03 22.35.44 | 000,126,976 | ---- | C] (Hewlett Packard) -- C:\WINDOWS\System32\dllcache\hpgt34tk.dll
    [2010/11/03 22.35.11 | 000,028,288 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grserial.sys
    [2010/11/03 22.35.09 | 000,082,304 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\grclass.sys
    [2010/11/03 22.35.06 | 000,017,408 | ---- | C] (Gemplus) -- C:\WINDOWS\System32\dllcache\gpr400.sys
    [2010/11/03 22.34.51 | 000,454,912 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fxusbase.sys
    [2010/11/03 22.34.44 | 000,455,296 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fusbbase.sys
    [2010/11/03 22.34.41 | 000,455,680 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fus2base.sys
    [2010/11/03 22.34.37 | 000,442,240 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpnpbase.sys
    [2010/11/03 22.34.34 | 000,441,728 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcmbase.sys
    [2010/11/03 22.34.31 | 000,444,416 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\fpcibase.sys
    [2010/11/03 22.34.29 | 000,034,173 | ---- | C] (Marconi Communications, Inc.) -- C:\WINDOWS\System32\dllcache\forehe.sys
    [2010/11/03 22.34.14 | 000,024,618 | ---- | C] (NETGEAR) -- C:\WINDOWS\System32\dllcache\fa410nd5.sys
    [2010/11/03 22.34.09 | 000,011,850 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xj.sys
    [2010/11/03 22.34.07 | 000,012,362 | ---- | C] (FUJITSU LIMITED) -- C:\WINDOWS\System32\dllcache\f3ab18xi.sys
    [2010/11/03 22.32.28 | 000,334,208 | ---- | C] (Yamaha Corp.) -- C:\WINDOWS\System32\dllcache\ds1wdm.sys
    [2010/11/03 22.32.24 | 000,028,062 | ---- | C] (National Semiconductor Coproration) -- C:\WINDOWS\System32\dllcache\dp83820.sys
    [2010/11/03 22.32.14 | 000,029,696 | ---- | C] (CNet Technology, Inc. ) -- C:\WINDOWS\System32\dllcache\dm9pci5.sys
    [2010/11/03 22.32.12 | 000,026,698 | ---- | C] (D-Link Corporation) -- C:\WINDOWS\System32\dllcache\dlh5xnd5.sys
    [2010/11/03 22.32.11 | 000,952,007 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diwan.sys
    [2010/11/03 22.32.06 | 000,236,060 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\ditrace.exe
    [2010/11/03 22.32.05 | 000,038,985 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvsu.dll
    [2010/11/03 22.32.03 | 000,031,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvpp.dll
    [2010/11/03 22.32.02 | 000,006,729 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\disrvci.dll
    [2010/11/03 22.32.00 | 000,091,305 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\dimaint.sys
    [2010/11/03 22.31.38 | 000,024,649 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650d.sys
    [2010/11/03 22.31.36 | 000,024,648 | ---- | C] (D-Link) -- C:\WINDOWS\System32\dllcache\dfe650.sys
    [2010/11/03 22.31.32 | 000,020,928 | ---- | C] (Digital Networks, LLC) -- C:\WINDOWS\System32\dllcache\defpa.sys
    [2010/11/03 22.31.02 | 000,048,640 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwrwdm.sys
    [2010/11/03 22.31.01 | 000,093,952 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcwdm.sys
    [2010/11/03 22.31.00 | 000,111,872 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcspud.sys
    [2010/11/03 22.30.59 | 000,003,584 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwcosnt5.sys
    [2010/11/03 22.30.57 | 000,072,832 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbwdm.sys
    [2010/11/03 22.30.56 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbmidi.sys
    [2010/11/03 22.30.55 | 000,003,072 | ---- | C] (Crystal Semiconductor Corp.) -- C:\WINDOWS\System32\dllcache\cwbase.sys
    [2010/11/03 22.30.53 | 000,249,856 | ---- | C] (Comtrol® Corporation) -- C:\WINDOWS\System32\dllcache\ctmasetp.dll
    [2010/11/03 22.30.44 | 000,216,064 | ---- | C] (COMPAQ Inc.) -- C:\WINDOWS\System32\dllcache\cpscan.dll
    [2010/11/03 22.30.27 | 000,020,736 | ---- | C] (OMNIKEY AG) -- C:\WINDOWS\System32\dllcache\cmbp0wdm.sys
    [2010/11/03 22.30.16 | 000,980,034 | ---- | C] (Xircom) -- C:\WINDOWS\System32\dllcache\cicap.sys
    [2010/11/03 22.29.36 | 000,049,182 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem56n5.sys
    [2010/11/03 22.29.35 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem33n5.sys
    [2010/11/03 22.29.34 | 000,027,164 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce3n5.sys
    [2010/11/03 22.29.34 | 000,022,044 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cem28n5.sys
    [2010/11/03 22.29.33 | 000,021,530 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\ce2n5.sys
    [2010/11/03 22.29.30 | 000,714,698 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cbmdmkxx.sys
    [2010/11/03 22.29.29 | 000,046,108 | ---- | C] (Xircom, Inc.) -- C:\WINDOWS\System32\dllcache\cben5.sys
    [2010/11/03 22.29.28 | 000,039,680 | ---- | C] (Silicom Ltd.) -- C:\WINDOWS\System32\dllcache\cb325.sys
    [2010/11/03 22.29.28 | 000,037,916 | ---- | C] (Fast Ethernet Controller Provider) -- C:\WINDOWS\System32\dllcache\cb102.sys
    [2010/11/03 22.29.26 | 000,032,256 | ---- | C] (Eicon Technology Corporation) -- C:\WINDOWS\System32\dllcache\diapi2NT.dll
    [2010/11/03 22.29.25 | 000,164,923 | ---- | C] (Eicon Technology) -- C:\WINDOWS\System32\dllcache\diapi2.sys
    [2010/11/03 22.28.50 | 000,031,529 | ---- | C] (BreezeCOM) -- C:\WINDOWS\System32\dllcache\brzwlan.sys
    [2010/11/03 22.28.49 | 000,011,008 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbmdm.sys
    [2010/11/03 22.28.49 | 000,010,368 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brusbscn.sys
    [2010/11/03 22.28.48 | 000,060,416 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brserwdm.sys
    [2010/11/03 22.28.47 | 000,009,728 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brserif.dll
    [2010/11/03 22.28.47 | 000,005,120 | ---- | C] (Brother Industries,Ltd.) -- C:\WINDOWS\System32\dllcache\brscnrsm.dll
    [2010/11/03 22.28.46 | 000,039,552 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparwdm.sys
    [2010/11/03 22.28.45 | 000,003,168 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brparimg.sys
    [2010/11/03 22.28.44 | 000,041,472 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfusb.dll
    [2010/11/03 22.28.43 | 000,032,256 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfrsmg.exe
    [2010/11/03 22.28.42 | 000,029,696 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmflpt.dll
    [2010/11/03 22.28.41 | 000,015,360 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brmfbidi.dll
    [2010/11/03 22.28.40 | 000,012,160 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltlo.sys
    [2010/11/03 22.28.40 | 000,003,968 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brfiltup.sys
    [2010/11/03 22.28.39 | 000,012,800 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brevif.dll
    [2010/11/03 22.28.39 | 000,002,944 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brfilt.sys
    [2010/11/03 22.28.38 | 000,019,456 | ---- | C] (Brother Industries, Ltd.) -- C:\WINDOWS\System32\dllcache\brbidiif.dll
    [2010/11/03 22.28.38 | 000,009,728 | ---- | C] (Brother Industries Ltd.) -- C:\WINDOWS\System32\dllcache\brcoinst.dll
    [2010/11/03 22.28.35 | 000,871,388 | ---- | C] (BCM) -- C:\WINDOWS\System32\dllcache\bcmdm.sys
    [2010/11/03 22.28.31 | 000,342,336 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.dll
    [2010/11/03 22.28.31 | 000,036,128 | ---- | C] (3Dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\banshee.sys
    [2010/11/03 22.28.30 | 000,089,952 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\b1cbase.sys
    [2010/11/03 22.28.29 | 000,037,568 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmwan.sys
    [2010/11/03 22.28.29 | 000,036,992 | ---- | C] (Aztech Systems Ltd) -- C:\WINDOWS\System32\dllcache\aztw2320.sys
    [2010/11/03 22.28.28 | 000,144,384 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmenum.dll
    [2010/11/03 22.28.27 | 000,087,552 | ---- | C] (AVM GmbH) -- C:\WINDOWS\System32\dllcache\avmcoxp.dll
    [2010/11/03 22.27.50 | 000,097,354 | ---- | C] (Bay Networks, Inc.) -- C:\WINDOWS\System32\dllcache\aspndis3.sys
    [2010/11/03 22.27.43 | 000,016,969 | ---- | C] (AmbiCom, Inc.) -- C:\WINDOWS\System32\dllcache\amb8002.sys
    [2010/11/03 22.27.27 | 000,046,112 | ---- | C] (Adaptec, Inc ) -- C:\WINDOWS\System32\dllcache\adptsf50.sys
    [2010/11/03 22.27.26 | 000,010,880 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\admjoy.sys
    [2010/11/03 22.27.25 | 000,747,392 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8830.sys
    [2010/11/03 22.27.24 | 000,584,448 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8810.sys
    [2010/11/03 22.27.24 | 000,553,984 | ---- | C] (Aureal, Inc.) -- C:\WINDOWS\System32\dllcache\adm8820.sys
    [2010/11/03 22.27.22 | 000,061,440 | ---- | C] (Color Flatbed Scanner) -- C:\WINDOWS\System32\dllcache\acerscad.dll
    [2010/11/03 22.27.17 | 000,462,848 | ---- | C] (Aureal Inc.) -- C:\WINDOWS\System32\dllcache\a3dapi.dll
    [2010/11/03 22.27.15 | 000,148,352 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvsm.sys
    [2010/11/03 22.27.13 | 000,762,780 | ---- | C] (3Com, Inc.) -- C:\WINDOWS\System32\dllcache\3cwmcru.sys
    [2010/11/03 22.27.13 | 000,689,216 | ---- | C] (3dfx Interactive, Inc.) -- C:\WINDOWS\System32\dllcache\3dfxvs.dll
    [2010/11/03 17.12.22 | 000,000,000 | ---D | C] -- C:\Program Files\SiteAdvisor
     
  13. temir

    temir TS Rookie Topic Starter Posts: 87

    [2010/11/03 17.11.20 | 000,009,344 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [2010/11/03 17.11.15 | 000,313,288 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2010/11/03 17.11.15 | 000,152,960 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010/11/03 17.11.15 | 000,088,544 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2010/11/03 17.11.15 | 000,084,264 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2010/11/03 17.11.15 | 000,084,072 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2010/11/03 17.11.15 | 000,055,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2010/11/03 17.11.15 | 000,052,104 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010/11/03 17.11.09 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Mcafee
    [2010/11/03 17.11.07 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee.com
    [2010/11/03 17.10.58 | 000,000,000 | ---D | C] -- C:\Program Files\McAfee
    [2010/11/03 16.56.35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
    [2010/11/03 15.57.01 | 000,141,792 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
    [2010/11/03 13.58.32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Interactive
    [2010/11/03 13.58.28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\log
    [2010/11/02 16.02.13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Biolab Disaster
    [2010/10/16 23.39.54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
    [2010/10/13 22.28.54 | 000,386,840 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2010/10/13 22.28.54 | 000,095,600 | ---- | C] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2010/10/09 10.22.45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\Nokia
    [2010/10/09 09.44.50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2005/11/08 20.38.38 | 000,033,792 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files - Modified Within 30 Days ==========

    [2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
    [2010/11/07 10.14.44 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
    [2010/11/07 10.14.39 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
    [2010/11/07 02.21.07 | 000,064,980 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000004-00000000-00000002-00001102-00000005-00241102}.rfx
    [2010/11/07 02.21.07 | 000,054,680 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000004-00000000-00000002-00001102-00000005-00241102}.rfx
    [2010/11/07 02.21.07 | 000,054,680 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000004-00000000-00000002-00001102-00000005-00241102}.rfx
    [2010/11/07 02.21.07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
    [2010/11/07 02.21.07 | 000,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
    [2010/11/07 02.06.37 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
    [2010/11/07 01.22.37 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SystemLook.exe
    [2010/11/06 20.32.37 | 003,903,886 | R--- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
    [2010/11/06 17.49.25 | 000,000,305 | -HS- | M] () -- C:\boot.ini
    [2010/11/06 17.04.29 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\MBRCheck.exe
    [2010/11/06 16.57.51 | 000,001,595 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
    [2010/11/06 15.56.13 | 003,601,816 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
    [2010/11/06 15.39.36 | 000,519,844 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
    [2010/11/06 15.39.36 | 000,097,988 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
    [2010/11/06 15.38.00 | 000,002,278 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
    [2010/11/05 21.15.49 | 000,088,576 | ---- | M] () -- C:\WINDOWS\MBR.exe
    [2010/11/04 10.19.12 | 000,008,192 | ---- | M] () -- C:\WINDOWS\REGLOCS.OLD
    [2010/11/03 21.46.47 | 000,628,736 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\dds.scr
    [2010/11/01 19.04.53 | 000,099,840 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/10/31 13.04.37 | 000,155,683 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\elettro.JPG
    [2010/10/27 01.00.00 | 000,000,342 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-PRIVATE-A7D0BBD-Temir.job
    [2010/10/21 12.52.58 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Opera.lnk
    [2010/10/21 12.52.58 | 000,000,506 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
    [2010/10/19 17.50.56 | 000,002,209 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\FreeImageConverter.lnk
    [2010/10/18 15.46.19 | 000,000,399 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Local My Documents.lnk
    [2010/10/18 09.52.07 | 000,000,398 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Shortcut to Channeling 2010 FOTOS.lnk
    [2010/10/13 22.28.54 | 000,386,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfehidk.sys
    [2010/10/13 22.28.54 | 000,313,288 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfefirek.sys
    [2010/10/13 22.28.54 | 000,152,960 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeavfk.sys
    [2010/10/13 22.28.54 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\mfevtps.exe
    [2010/10/13 22.28.54 | 000,095,600 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeapfk.sys
    [2010/10/13 22.28.54 | 000,088,544 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfendisk.sys
    [2010/10/13 22.28.54 | 000,084,264 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mferkdet.sys
    [2010/10/13 22.28.54 | 000,084,072 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfetdi2k.sys
    [2010/10/13 22.28.54 | 000,055,840 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\cfwids.sys
    [2010/10/13 22.28.54 | 000,052,104 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfebopk.sys
    [2010/10/13 22.28.54 | 000,009,344 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\System32\drivers\mfeclnk.sys
    [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

    ========== Files Created - No Company Name ==========

    [2010/11/07 01.25.23 | 000,001,524 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\SystemLook.txt
    [2010/11/07 01.22.37 | 000,075,264 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SystemLook.exe
    [2010/11/06 20.25.46 | 1073,008,640 | -HS- | C] () -- C:\hiberfil.sys
    [2010/11/06 18.03.37 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
    [2010/11/06 18.03.37 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
    [2010/11/06 18.03.37 | 000,088,576 | ---- | C] () -- C:\WINDOWS\MBR.exe
    [2010/11/06 18.03.37 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
    [2010/11/06 18.03.37 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
    [2010/11/06 17.30.19 | 003,903,886 | R--- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
    [2010/11/06 17.04.28 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\MBRCheck.exe
    [2010/11/03 23.02.08 | 000,017,408 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxscnui.dll
    [2010/11/03 23.02.04 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xrxftplt.exe
    [2010/11/03 22.35.52 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt53.dll
    [2010/11/03 22.35.47 | 000,093,696 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt42.dll
    [2010/11/03 22.35.42 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt34.dll
    [2010/11/03 22.35.37 | 000,089,088 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt33.dll
    [2010/11/03 22.35.32 | 000,083,968 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hpgt21.dll
    [2010/11/03 22.32.10 | 000,029,768 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divasu.dll
    [2010/11/03 22.32.08 | 000,037,962 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaprop.dll
    [2010/11/03 22.32.07 | 000,006,216 | ---- | C] () -- C:\WINDOWS\System32\dllcache\divaci.dll
    [2010/11/03 22.28.21 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atixbar.sys
    [2010/11/03 22.28.20 | 000,026,624 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativxbar.sys
    [2010/11/03 22.28.20 | 000,019,456 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativttxx.sys
    [2010/11/03 22.28.19 | 000,009,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ativmdcd.sys
    [2010/11/03 22.28.18 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitvsnd.sys
    [2010/11/03 22.28.17 | 000,026,880 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtsnd.sys
    [2010/11/03 22.28.17 | 000,017,152 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atitunep.sys
    [2010/11/03 22.28.16 | 000,049,920 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atirtcap.sys
    [2010/11/03 22.28.14 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atipcxxx.sys
    [2010/11/03 22.28.03 | 000,046,464 | ---- | C] () -- C:\WINDOWS\System32\dllcache\atibt829.sys
    [2010/11/03 21.45.35 | 000,628,736 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\dds.scr
    [2010/11/03 17.12.24 | 000,001,595 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\McAfee Total Protection.lnk
    [2010/11/03 13.57.52 | 000,004,024 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\TmInstall.log
    [2010/10/31 13.04.37 | 000,155,683 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\elettro.JPG
    [2010/10/18 15.46.19 | 000,000,399 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Local My Documents.lnk
    [2010/10/18 09.52.07 | 000,000,398 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\Shortcut to Channeling 2010 FOTOS.lnk
    [2010/10/16 23.39.06 | 000,002,209 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\FreeImageConverter.lnk
    [2010/05/07 23.01.40 | 000,099,840 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    [2010/05/07 20.18.15 | 000,000,148 | ---- | C] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\Application Data\fusioncache.dat
    [2010/04/26 19.13.28 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
    [2010/02/23 23.25.10 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
    [2010/02/14 01.37.10 | 000,001,732 | ---- | C] () -- C:\WINDOWS\CAPEXP.INI
    [2010/01/03 14.04.24 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
    [2009/12/02 02.16.27 | 000,000,023 | ---- | C] () -- C:\WINDOWS\sign.ini
    [2009/11/02 00.57.53 | 000,033,576 | ---- | C] () -- C:\WINDOWS\System32\BCGPOleAcc.dll
    [2009/10/30 16.16.29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\spwdr.INI
    [2009/10/30 16.16.08 | 000,000,071 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
    [2009/10/30 16.16.04 | 000,019,584 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
    [2009/10/30 16.16.04 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
    [2009/10/30 02.04.52 | 000,185,856 | ---- | C] () -- C:\WINDOWS\System32\PsisDecd.dll
    [2009/10/30 01.44.03 | 000,049,630 | ---- | C] () -- C:\WINDOWS\System32\hpxfi.ini
    [2009/10/30 01.44.03 | 000,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
    [2009/10/30 01.44.03 | 000,000,189 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
    [2009/10/29 21.44.16 | 000,003,509 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
    [2009/10/29 21.44.14 | 000,010,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
    [2009/10/29 21.38.53 | 000,019,085 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
    [2009/10/29 15.55.40 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
    [2007/05/01 18.01.46 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\pythoncom25.dll
    [2007/05/01 18.01.46 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\pywintypes25.dll
    [2007/03/12 21.31.28 | 001,732,608 | ---- | C] () -- C:\WINDOWS\System32\BCGPStyle2007Luna.dll
    [2005/11/08 20.43.30 | 000,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
    [2005/10/14 11.56.50 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
    [2005/10/14 11.56.50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
    [2005/10/14 11.56.50 | 000,819,200 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
    [2005/10/14 11.56.50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
    [2005/10/14 11.56.50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
    [2005/10/14 11.56.50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
    [2005/10/14 11.56.50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
    [2005/10/14 11.56.50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
    [2005/10/14 11.56.48 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\MMSwitch.dll
    [2004/08/10 13.00.00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
    [2003/03/21 17.56.10 | 000,000,194 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
    [2003/02/27 10.07.20 | 000,003,072 | ---- | C] () -- C:\WINDOWS\System32\34CoInstaller.dll
    [1996/04/03 20.33.26 | 000,005,248 | ---- | C] () -- C:\WINDOWS\System32\giveio.sys

    ========== LOP Check ==========

    [2010/07/08 10.41.06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
    [2010/07/08 10.41.37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
    [2009/10/30 00.05.44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Azureus
    [2009/10/31 16.13.20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
    [2009/11/01 13.55.30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Insight Software Solutions
    [2010/10/03 17.17.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
    [2009/11/01 16.39.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\LightScribe
    [2010/05/16 11.20.19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nokia
    [2009/10/29 19.32.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
    [2009/11/29 02.35.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
    [2009/10/31 15.54.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PRMT
    [2010/09/20 20.20.05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
    [2009/11/07 01.27.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
    [2009/11/07 19.41.13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
    [2010/01/22 13.42.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
    [2010/05/01 23.44.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\ActiveState
    [2010/02/21 13.09.08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Alien Skin
    [2010/09/06 20.44.42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Azureus
    [2010/06/19 14.16.29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
    [2010/10/16 23.39.54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\FreeImageConverter
    [2010/07/04 17.31.12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\GHISLER
    [2009/12/09 15.54.31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\MSNInstaller
    [2010/10/09 11.28.49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Nokia
    [2010/05/29 19.59.57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Octoshape
    [2010/05/07 20.43.11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\OpenOffice.org
    [2010/11/02 16.02.22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Opera
    [2010/05/16 10.37.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PC Suite
    [2010/05/07 23.44.41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PeaZip
    [2009/10/31 17.12.21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PRMT
    [2009/10/31 16.04.03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\PROject MT
    [2010/10/09 09.44.50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
    [2010/09/21 01.27.15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\SystemRequirementsLab
    [2010/11/03 23.06.39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\uTorrent
    [2010/05/07 22.50.43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\VanDyke

    ========== Purity Check ==========



    ========== Custom Scans ==========


    < %SYSTEMDRIVE%\*.* >
    [2010/09/25 18.44.22 | 000,235,549 | ---- | M] () -- C:\ANG0
    [2009/10/29 15.13.16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
    [2010/01/17 20.49.19 | 000,048,596 | ---- | M] () -- C:\autori-27-37_corretto_MR_01-1.docx
    [2010/05/01 09.54.11 | 000,000,209 | ---- | M] () -- C:\Boot.bak
    [2010/11/06 17.49.25 | 000,000,305 | -HS- | M] () -- C:\boot.ini
    [2005/05/14 12.24.52 | 000,000,512 | R--- | M] () -- C:\chain0
    [2009/10/30 16.26.08 | 000,000,113 | ---- | M] () -- C:\CKINFO.TXT
    [2004/08/03 22.00.12 | 000,261,312 | ---- | M] () -- C:\cmldr
    [2010/11/07 02.17.17 | 000,026,800 | ---- | M] () -- C:\ComboFix.txt
    [2010/11/06 21.37.50 | 000,025,998 | ---- | M] () -- C:\ComboFix.txt.bak
    [2009/10/29 15.13.16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
    [2010/02/28 16.48.18 | 000,000,000 | ---- | M] () -- C:\ctapi_out_gr.txt
    [2010/11/07 10.14.39 | 1073,008,640 | -HS- | M] () -- C:\hiberfil.sys
    [2009/10/29 15.13.16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
    [2009/10/29 15.13.16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
    [2004/08/10 13.00.00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
    [2004/08/10 13.00.00 | 000,250,032 | RHS- | M] () -- C:\ntldr
    [2010/02/14 16.25.27 | 000,014,228 | ---- | M] () -- C:\Ottica Nonlineare e Nanofotonica.docx
    [2010/11/07 10.14.38 | 1610,612,736 | -HS- | M] () -- C:\pagefile.sys
    [2010/05/02 13.13.01 | 000,000,369 | ---- | M] () -- C:\rkill.log

    < %systemroot%\Fonts\*.com >
    [2006/04/18 14.39.28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
    [2006/06/29 13.53.56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
    [2006/04/18 14.39.28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
    [2006/06/29 13.58.52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

    < %systemroot%\Fonts\*.dll >

    < %systemroot%\Fonts\*.ini >
    [2009/10/29 15.12.46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

    < %systemroot%\Fonts\*.ini2 >

    < %systemroot%\Fonts\*.exe >

    < %systemroot%\system32\spool\prtprocs\w32x86\*.* >
    [2008/07/06 11.50.03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

    < %systemroot%\REPAIR\*.bak1 >

    < %systemroot%\REPAIR\*.ini >

    < %systemroot%\system32\*.jpg >

    < %systemroot%\*.jpg >

    < %systemroot%\*.png >

    < %systemroot%\*.scr >

    < %systemroot%\*._sy >

    < %APPDATA%\Adobe\Update\*.* >

    < %ALLUSERSPROFILE%\Favorites\*.* >
    [2010/06/09 16.15.12 | 000,000,174 | ---- | M] () -- C:\Documents and Settings\All Users\Favorites\The NeoSmart Files.url

    < %APPDATA%\Microsoft\*.* >

    < %PROGRAMFILES%\*.* >

    < %APPDATA%\Update\*.* >

    < %systemroot%\*. /mp /s >

    < %systemroot%\System32\config\*.sav >
    [2009/10/29 15.52.29 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
    [2009/10/29 15.52.29 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
    [2009/10/29 15.52.29 | 000,929,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

    < %PROGRAMFILES%\bak. /s >

    < %systemroot%\system32\bak. /s >

    < %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
    [2009/10/29 15.13.20 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

    < %systemroot%\system32\config\systemprofile\*.dat /x >

    < %systemroot%\*.config >

    < %systemroot%\system32\*.db >

    < %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
    [2010/05/07 20.18.06 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
    [2010/05/07 20.18.05 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

    < %USERPROFILE%\Desktop\*.exe >
    [2010/11/06 20.32.37 | 003,903,886 | R--- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\ComboFix.exe
    [2009/09/17 08.43.10 | 004,523,520 | ---- | M] (i-Funbox.com) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\iFunBox.exe
    [2010/11/06 17.04.29 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\MBRCheck.exe
    [2010/05/01 10.43.37 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\oivo8sxc.exe
    [2010/11/07 10.19.51 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\OTL.exe
    [2010/05/08 17.26.59 | 003,374,306 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SupportTool_32-bit.exe
    [2010/11/07 01.22.37 | 000,075,264 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\SystemLook.exe

    < %PROGRAMFILES%\Common Files\*.* >

    < %systemroot%\*.src >

    < %systemroot%\install\*.* >

    < %systemroot%\system32\DLL\*.* >

    < %systemroot%\system32\HelpFiles\*.* >

    < %systemroot%\system32\rundll\*.* >

    < %systemroot%\winn32\*.* >

    < %systemroot%\Java\*.* >

    < %systemroot%\system32\test\*.* >

    < %systemroot%\system32\Rundll32\*.* >

    < %systemroot%\AppPatch\Custom\*.* >

    < %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

    < %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

    < %PROGRAMFILES%\Internet Explorer\*.tmp >

    < %PROGRAMFILES%\Internet Explorer\*.dat >

    < %USERPROFILE%\My Documents\*.exe >

    < %USERPROFILE%\*.exe >

    < %systemroot%\ADDINS\*.* >
    [2004/08/10 13.00.00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

    < %systemroot%\assembly\*.bak2 >

    < %systemroot%\Config\*.* >

    < %systemroot%\REPAIR\*.bak2 >

    < %systemroot%\SECURITY\Database\*.sdb /x >

    < %systemroot%\SYSTEM\*.bak2 >

    < %systemroot%\Web\*.bak2 >

    < %systemroot%\Driver Cache\*.* >

    < %PROGRAMFILES%\Mozilla Firefox\0*.exe >

    < %ProgramFiles%\Microsoft Common\*.* >

    < %ProgramFiles%\TinyProxy. >

    < %USERPROFILE%\Favorites\*.url /x >
    [2010/05/07 20.18.05 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Favorites\Desktop.ini

    < %systemroot%\system32\*.bk >

    < %systemroot%\*.te >

    < %systemroot%\system32\system32\*.* >

    < %ALLUSERSPROFILE%\*.dat /x >

    < %systemroot%\system32\drivers\*.rmv >

    < dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

    < dir /b "%systemroot%\*.exe" | find /i " " /c >

    < %PROGRAMFILES%\Microsoft\*.* >

    < %systemroot%\System32\Wbem\proquota.exe >

    < %PROGRAMFILES%\Mozilla Firefox\*.dat >

    < %USERPROFILE%\Cookies\*.txt /x >
    [2010/11/07 10.18.28 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Cookies\index.dat

    < %SystemRoot%\system32\fonts\*.* >

    < %systemroot%\system32\winlog\*.* >

    < %systemroot%\system32\Language\*.* >

    < %systemroot%\system32\Settings\*.* >

    < %systemroot%\system32\*.quo >

    < %SYSTEMROOT%\AppPatch\*.exe >

    < %SYSTEMROOT%\inf\*.exe >
    [2004/08/10 13.00.00 | 000,192,512 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

    < %SYSTEMROOT%\Installer\*.exe >

    < %systemroot%\system32\config\*.bak2 >

    < %systemroot%\system32\Computers\*.* >

    < %SystemRoot%\system32\Sound\*.* >

    < %SystemRoot%\system32\SpecialImg\*.* >

    < %SystemRoot%\system32\code\*.* >

    < %SystemRoot%\system32\draft\*.* >

    < %SystemRoot%\system32\MSSSys\*.* >

    < %ProgramFiles%\Javascript\*.* >

    < %systemroot%\pchealth\helpctr\System\*.exe /s >

    < %systemroot%\Web\*.exe >

    < %systemroot%\system32\msn\*.* >

    < %systemroot%\system32\*.tro >

    < %AppData%\Microsoft\Installer\msupdates\*.* >

    < %ProgramFiles%\Messenger\*.* >
    [2004/08/10 13.00.00 | 000,028,672 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
    [2004/08/04 01.06.34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
    [2004/08/04 01.06.34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
    [2008/05/02 15.22.02 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
    [2004/08/04 01.06.34 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
    [2004/08/10 13.00.00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
    [2004/08/10 13.00.00 | 000,018,052 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
    [2004/08/10 13.00.00 | 000,009,306 | ---- | M] () -- C:\Program Files\Messenger\online.wav
    [2004/08/04 01.06.36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
    [2004/08/04 01.06.36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

    < %systemroot%\system32\systhem32\*.* >

    < %systemroot%\system\*.exe >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

    < HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


    ========== Alternate Data Streams ==========

    @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\religions.pdf:SummaryInformation
    @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD

    < End of report >
     
  14. temir

    temir TS Rookie Topic Starter Posts: 87

    Extras.txt :

    OTL Extras logfile created on: 07/11/2010 10.24.33 - Run 1
    OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop
    Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
    Internet Explorer (Version = 6.0.2900.2180)
    Locale: 00000410 | Country: Italy | Language: ITA | Date Format: dd/MM/yyyy

    1.023,00 Mb Total Physical Memory | 690,00 Mb Available Physical Memory | 67,00% Memory free
    2,00 Gb Paging File | 2,00 Gb Available in Paging File | 86,00% Paging File free
    Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

    %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
    Drive C: | 24,65 Gb Total Space | 3,41 Gb Free Space | 13,84% Space Free | Partition Type: NTFS
    Drive D: | 63,70 Gb Total Space | 0,59 Gb Free Space | 0,93% Space Free | Partition Type: NTFS
    Drive E: | 159,77 Gb Total Space | 159,70 Gb Free Space | 99,96% Space Free | Partition Type: NTFS
    Drive F: | 144,53 Gb Total Space | 14,03 Gb Free Space | 9,70% Space Free | Partition Type: NTFS
    Drive J: | 7,00 Gb Total Space | 1,65 Gb Free Space | 23,53% Space Free | Partition Type: FAT32
    Drive K: | 700,09 Mb Total Space | 0,00 Mb Free Space | 0,00% Space Free | Partition Type: CDFS
    Drive O: | 111,79 Gb Total Space | 51,03 Gb Free Space | 45,65% Space Free | Partition Type: NTFS
    Drive P: | 149,05 Gb Total Space | 8,98 Gb Free Space | 6,02% Space Free | Partition Type: NTFS

    Computer Name: PRIVATE-A7D0BBD | User Name: Temir | Logged in as Administrator.
    Boot Mode: Normal | Scan Mode: Current user | Quick Scan
    Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

    ========== Extra Registry (SafeList) ==========


    ========== File Associations ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

    [HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
    .html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

    ========== Shell Spawning ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
    batfile [open] -- "%1" %*
    cmdfile [open] -- "%1" %*
    comfile [open] -- "%1" %*
    exefile [open] -- "%1" %*
    htmlfile [edit] -- "D:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
    piffile [open] -- "%1" %*
    regfile [merge] -- Reg Error: Key error.
    scrfile [config] -- "%1"
    scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
    scrfile [open] -- "%1" /S
    txtfile [edit] -- Reg Error: Key error.
    Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
    Directory [AddToPlaylistVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
    Directory [Bridge] -- D:\Program Files\Adobe\Adobe Bridge CS5\Bridge.exe "%L" (Adobe Systems, Inc.)
    Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
    Directory [PlayWithVLC] -- "D:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
    Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
    Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
    Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

    ========== Security Center Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
    "FirstRunDisabled" = 1
    "AntiVirusDisableNotify" = 0
    "FirewallDisableNotify" = 0
    "UpdatesDisableNotify" = 0
    "AntiVirusOverride" = 0
    "FirewallOverride" = 0

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

    ========== System Restore Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
    "DisableSR" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
    "Start" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
    "Start" = 2

    ========== Firewall Settings ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:*:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:*:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:*:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:*:Enabled:mad:xpsp2res.dll,-22002
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
    "EnableFirewall" = 0
    "DoNotAllowExceptions" = 0
    "DisableNotifications" = 0

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
    "139:TCP" = 139:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22004
    "445:TCP" = 445:TCP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22005
    "137:UDP" = 137:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22001
    "138:UDP" = 138:UDP:LocalSubNet:Enabled:mad:xpsp2res.dll,-22002
    "1031:TCP" = 1031:TCP:*:Enabled:Akamai NetSession Interface
    "5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface
    "3389:TCP" = 3389:TCP:*:Enabled:mad:xpsp2res.dll,-22009

    ========== Authorized Applications List ==========

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    "C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)
    "C:\Program Files\eMule\emule.exe" = C:\Program Files\eMule\emule.exe:*:Enabled:eMule -- (http://www.emule-project.net)
    "D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE" = D:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
    "D:\Program Files\iTunes\iTunes.exe" = D:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
    "D:\Program Files\Opera\opera.exe" = D:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)
    "D:\Program Files\uTorrent\uTorrent.exe" = D:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
    "C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)


    ========== HKEY_LOCAL_MACHINE Uninstall List ==========

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "{007C0BB9-C5E2-4C73-B96B-2BBD5CEA9BF9}" = 2350
    "{033E378E-6AD3-4AD5-BDEB-CBD69B31046C}" = Microsoft_VC90_ATL_x86
    "{0390854C-42B9-4BC2-B0CF-87DDA0F62EC8}" = 2350_Help
    "{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
    "{08D2E121-7F6A-43EB-97FD-629B44903403}" = Microsoft_VC90_CRT_x86
    "{0DC86BEC-5CE3-413A-BB61-C40A3D186B24}" = Scan
    "{0F3647F8-E51D-4FCC-8862-9A8D0C5ACF25}" = Microsoft_VC80_ATL_x86
    "{12B36E53-3366-459F-967D-DBD773092BE7}" = OpenOffice.org 3.2
    "{1451DE6B-ABE1-4F62-BE9A-B363A17588A2}" = QuickTime
    "{14BEB6DF-A499-4A38-8E06-E173BCD5C087}" = ScannerCopy
    "{164965E8-4BB0-4EEB-AFBA-75785A2A2A7F}" = Adobe Fireworks CS5
    "{17293791-C82E-476C-9997-9A0FF234A19B}" = HP Product Assistant
    "{181821B7-82AA-44DA-9DAF-EF254CCB670A}" = Fax
    "{19DC9559-9C20-4A46-A67D-7ECBA52A2788}" = Nokia PC Suite
    "{1AD5F465-8282-4DAD-B957-E09C0B783D18}" = InstantShare
    "{1B680FBA-E317-4E93-AF43-3B59798A4BE0}" = Copy
    "{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Strumento di caricamento di Windows Live
    "{20FBC0A0-3160-4F14-83ED-3A74BB6B8C31}" = TrayApp
    "{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic
    "{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT
    "{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 22
    "{272EC8BA-5A08-4ea1-A189-684466A06B02}" = cp_dwShrek2Albums1
    "{27BB12C3-1292-4204-8997-427CF78B5A92}" = Free Image Converter
    "{2E8428AD-6CD2-4031-916A-3CF9BBF2DEC9}" = Unload
    "{3175E049-F9A9-4A3D-8F19-AC9FB04514D1}" = Windows Live Communications Platform
    "{342C7C88-D335-4bc2-8CF1-281857629CE2}" = HP PSC & OfficeJet 4.7
    "{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
    "{3762DB2D-71BD-421F-9E55-C74DA7DF4D07}" = CueTour
    "{391E18CE-7D3B-45E9-A8F0-34E77F14F47A}" = ProductContext
    "{39AE27EE-A148-48A3-B98D-35498C4D9719}" = Windows Live Messenger
    "{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
    "{442BE28B-782B-4DC0-B490-E70A403B1C69}" = Readme
    "{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
    "{5E8D588F-307C-4250-B622-26969027319A}" = PanoStandAlone
    "{635FED5B-2C6D-49BE-87E6-7A6FCD22BC5A}" = Microsoft_VC90_MFC_x86
    "{644D04A2-C682-4FD5-977D-03B804C4B9C5}" = CreativeProjects
    "{646A65DD-23FC-418E-B9F0-E0500FB42CB1}" = PhotoGallery
    "{64FC0C98-B035-4530-B15D-3D30610B6DF1}" = HP Software Update
    "{655CB07D-C944-40BE-B93F-55957CAC7625}" = AiO_Scan
    "{68963635-14A4-48D9-B431-DF3A74D1AAE1}" = Destinations
    "{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
    "{6AFCA4E1-9B78-3640-8F72-A7BF33448200}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
    "{6D3245B1-8DB8-4A23-9CD2-2C90F40ABAF6}" = MSVC80_x86_v2
    "{6E9EF98E-259E-416D-B5F8-0ABDB99942CE}" = Adobe Flash Player 10 ActiveX
    "{6F695BCF-9BDC-48AB-8D46-D57CFAD7A248}" = Assistente per l'accesso a Windows Live
    "{700A6597-3CE6-49C1-AA75-846B24CDA66D}" = BufferChm
    "{7239A06F-235B-43B1-970D-7A411FD95683}" = Nokia Software Updater
    "{724517BD-1DE1-4986-BFCA-C1DFD379E3BC}" = cp_dwShrek2Cards1
    "{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
    "{764DC542-D3D1-49D4-9BA5-8C7DAD18DE8E}" = Oracle VM VirtualBox 3.2.8
    "{7AD25C9F-9957-4D1C-95EF-9BCD09F6D31B}" = HPSystemDiagnostics
    "{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
    "{84CDF5A8-1D57-4B69-BAB6-1F11D8923375}" = SkinsHP1
    "{85CFD253-38AE-4DB1-ACB7-F0F4C791990D}" = AiOSoftware
    "{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
    "{87CC8013-56D1-43E1-A0A5-AD406B4EBA95}" = Opera 10.63
    "{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
    "{8BC3B99B-A6BE-4A0B-8535-B1B94BA4B1B1}" = DocProc
    "{90120000-0010-0410-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (Italian) 12
    "{90120000-0012-0000-0000-0000000FF1CE}" = Microsoft Office Standard 2007
    "{90120000-0016-0410-0000-0000000FF1CE}" = Microsoft Office Excel MUI (Italian) 2007
    "{90120000-0018-0410-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (Italian) 2007
    "{90120000-0019-0000-0000-0000000FF1CE}" = Microsoft Office Publisher 2007
    "{90120000-0019-0410-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (Italian) 2007
    "{90120000-001A-0410-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (Italian) 2007
    "{90120000-001B-0410-0000-0000000FF1CE}" = Microsoft Office Word MUI (Italian) 2007
    "{90120000-001F-0407-0000-0000000FF1CE}" = Microsoft Office Proof (German) 2007
    "{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
    "{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
    "{90120000-001F-0410-0000-0000000FF1CE}" = Microsoft Office Proof (Italian) 2007
    "{90120000-002C-0410-0000-0000000FF1CE}" = Microsoft Office Proofing (Italian) 2007
    "{90120000-006E-0410-0000-0000000FF1CE}" = Microsoft Office Shared MUI (Italian) 2007
    "{92D58719-BBC1-4CC3-A08B-56C9E884CC2C}" = Microsoft_VC80_CRT_x86
    "{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
    "{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 4.1
    "{981029E0-7FC9-4CF3-AB39-6F133621921A}" = Skype Toolbars
    "{9ADE9794-F65D-11BE-051B-B6E52B5CDD04}" = Adobe Community Help
    "{9CEB017E-CC16-4C89-B9E4-AAB5A1DD12F9}" = Windows Live Essentials
    "{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI
    "{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
    "{A43BF6A5-D5F0-4AAA-BF41-65995063EC44}" = MSXML 6.0 Parser
    "{A5B9D22C-755A-4AC6-9904-875E80838BB6}" = CP_AtenaShokunin1Config
    "{A6FDF86A-F541-4E7B-AEA0-8849A2A700D5}" = iTunes
    "{A78FE97A-C0C8-49CE-89D0-EDD524A17392}" = PDF Settings CS5
    "{A92A4DB0-CD37-42D1-BE1D-603D53C24328}" = Intel(R) Processor ID Utility
    "{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
    "{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{AC76BA86-1033-F400-7761-000000000004}{AC76BA86-1033-F400-7761-000000000004}" = Adobe Acrobat 9 Pro Extended - English, Français, Deutsch
    "{B911B811-BA3E-46D4-90F8-6F3338359651}" = Director
    "{BD29EBAC-AD7D-4b27-B727-4CC6AC52D36B}" = MarketResearch
    "{C0E7118C-CF3D-46EC-B431-F744C035A571}" = 2350Trb
    "{C3C640B8-95B6-40AE-A058-BE4896CD3010}" = Windows Live Call
    "{C79312BD-3E76-4474-A10C-1435D1856A4B}" = Adobe Dreamweaver CS5
    "{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
    "{CDFCF124-115F-4976-8BF4-08C89187A146}" = WebReg
    "{CE0C8CC5-E396-442B-A50E-D1D374A9E820}" = DocumentViewer
    "{CFC9F871-7C40-40B6-BE4A-B98A5B309716}" = Adobe Flash Professional CS5
    "{D0A858BE-A665-4C0D-BC5F-C37E534B7669}" = PC Connectivity Solution
    "{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.2
    "{D1A19B02-817E-4296-A45B-07853FD74D57}" = Microsoft_VC80_MFC_x86
    "{D7BF3B76-EEF9-4868-9B2B-42ABF60B279A}" = Microsoft_VC80_CRT_x86
    "{D92BBB52-82FF-42ED-8A3C-4E062F944AB7}" = Microsoft_VC80_MFCLOC_x86
    "{DB0A4FCC-87C7-4A59-95BE-B5C2F0D8CDD4}" = System Requirements Lab for Intel
    "{F0E12BBA-AD66-4022-A453-A1C8A0C4D570}" = Microsoft Choice Guard
    "{F1FDAA01-988C-423F-AC12-0D8F333943FD}" = Nokia Connectivity Cable Driver
    "{F2D2B58B-B2FD-46D1-8319-DCE564079934}" = Microsoft .NET Framework 1.1 Italian Language Pack
    "{FC22D020-3005-4715-8DF9-F3EDE81DEB3D}" = CreativeProjectsTemplates
    "05B59228C7E1C21DFBE89260F879BD95880548D8" = Windows Driver Package - Nokia Modem (10/05/2009 4.2)
    "504244733D18C8F63FF584AEB290E3904E791693" = Windows Driver Package - Nokia pccsmcfd (08/22/2008 7.0.0.0)
    "8CDCFB95BB84DD9C0F88F22266A0CA86035E55BA" = Windows Driver Package - Nokia Modem (06/01/2009 7.01.0.4)
    "Adobe AIR" = Adobe AIR
    "Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
    "Adobe Shockwave Player" = Adobe Shockwave Player 11.5
    "AVS Update Manager_is1" = AVS Update Manager 1.0
    "AVS4YOU Software Navigator_is1" = AVS4YOU Software Navigator 1.3
    "AVS4YOU Video Converter 6_is1" = AVS Video Converter 6
    "chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Adobe Community Help
    "Combined Community Codec Pack_is1" = Combined Community Codec Pack 2009-09-09
    "DjVuLibre+DjView" = DjVuLibre+DjView
    "EasyBCD" = EasyBCD 2.0
    "HP Photo & Imaging" = HP Image Zone 4.7
    "HPExtendedCapabilities" = HP Extended Capabilities 4.7
    "InstallShield_{21DBBDD6-93A5-4326-9A04-C9A5C9148502}" = Norton PartitionMagic 8.0
    "Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
    "Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
    "MSC" = McAfee Total Protection
    "Nero8360_Micro_is1" = Nero 8 Micro v8.3.6.0
    "Nokia PC Suite" = Nokia PC Suite
    "NVIDIA Drivers" = NVIDIA Drivers
    "PUBLISHER" = Microsoft Office Publisher 2007
    "STANDARD" = Microsoft Office Standard 2007
    "SystemRequirementsLab" = System Requirements Lab
    "Totalcmd" = Total Commander (Remove or Repair)
    "uTorrent" = µTorrent
    "VisualSubSync" = VisualSubSync (remove only)
    "VLC media player" = VLC media player 1.0.5
    "Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
    "Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
    "WinLiveSuite_Wave3" = Windows Live Essentials
    "Космическая мясорубка" = Космическая мясорубка
    "Снежок. Охотник за сокровищами 3" = Снежок. Охотник за сокровищами 3

    ========== HKEY_CURRENT_USER Uninstall List ==========

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
    "Nokia Qt SDK" = Nokia Qt SDK
    "Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player
    "Octoshape Streaming Services" = Octoshape Streaming Services

    ========== Last 10 Event Log Errors ==========

    [ Application Events ]
    Error - 06/11/2010 20.05.33 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
    Settings\History\History.IE5\index.dat for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on, or
    the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program index.dat because of this error. Program: index.dat File: C:\Documents
    and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C000009C Disk
    type: 3

    Error - 06/11/2010 20.05.47 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

    Error - 06/11/2010 20.58.34 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
    Settings\History\History.IE5\index.dat for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on, or
    the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program index.dat because of this error. Program: index.dat File: C:\Documents
    and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C000009C Disk
    type: 3

    Error - 06/11/2010 20.58.44 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

    Error - 06/11/2010 21.09.49 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
    Settings\History\History.IE5\index.dat for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on, or
    the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program index.dat because of this error. Program: index.dat File: C:\Documents
    and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C000009C Disk
    type: 3

    Error - 06/11/2010 21.10.07 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

    Error - 06/11/2010 21.16.22 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
    Settings\History\History.IE5\index.dat for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on, or
    the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program index.dat because of this error. Program: index.dat File: C:\Documents
    and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C000009C Disk
    type: 3

    Error - 06/11/2010 21.16.27 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module wininet.dll, version 6.0.2900.3676, fault address 0x00004179.

    Error - 07/11/2010 5.15.20 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1005
    Description = Windows cannot access the file C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Local
    Settings\History\History.IE5\index.dat for one of the following reasons: there
    is a problem with the network connection, the disk that the file is stored on, or
    the storage drivers installed on this computer; or the disk is missing. Windows
    closed the program index.dat because of this error. Program: index.dat File: C:\Documents
    and Settings\Temir.PRIVATE-A7D0BBD.000\Local Settings\History\History.IE5\index.dat

    The
    error value is listed in the Additional Data section. User Action 1. Open the file
    again. This situation might be a temporary problem that corrects itself when the
    program runs again. 2. If the file still cannot be accessed and - It is on the network,
    your network administrator should verify that there is not a problem with the network
    and that the server can be contacted. - It is on a removable disk, for example,
    a floppy disk or CD-ROM, verify that the disk is fully inserted into the computer.
    3.
    Check and repair the file system by running CHKDSK. To run CHKDSK, click Start,
    click Run, type CMD, and then click OK. At the command prompt, type CHKDSK /F,
    and then press ENTER. 4. If the problem persists, restore the file from a backup
    copy. 5. Determine whether other files on the same disk can be opened. If not, the
    disk might be damaged. If it is a hard disk, contact your administrator or computer
    hardware vendor for further assistance. Additional Data Error value: C000009C Disk
    type: 3

    Error - 07/11/2010 5.15.32 | Computer Name = PRIVATE-A7D0BBD | Source = Application Error | ID = 1000
    Description = Faulting application explorer.exe, version 6.0.2900.2180, faulting
    module wininet.dll, version 6.0.2900.3676, fault address 0x00038016.

    [ OSession Events ]
    Error - 09/05/2010 12.52.31 | Computer Name = PRIVATE-A7D0BBD | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 9999.9999.9999.9999. This session lasted
    172 seconds with 60 seconds of active time. This session ended with a crash.

    Error - 10/06/2010 9.01.27 | Computer Name = PRIVATE-A7D0BBD | Source = Microsoft Office 12 Sessions | ID = 7001
    Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
    12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 87
    seconds with 0 seconds of active time. This session ended with a crash.

    [ System Events ]
    Error - 06/11/2010 21.16.19 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 06/11/2010 21.16.22 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 07/11/2010 5.15.20 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 07/11/2010 5.15.39 | Computer Name = PRIVATE-A7D0BBD | Source = Service Control Manager | ID = 7009
    Description = Timeout (30000 milliseconds) waiting for the Akamai NetSession Interface
    service to connect.

    Error - 07/11/2010 5.15.39 | Computer Name = PRIVATE-A7D0BBD | Source = Service Control Manager | ID = 7000
    Description = The NanoServiceMain service failed to start due to the following error:
    %%2

    Error - 07/11/2010 5.17.17 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 07/11/2010 5.17.19 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 07/11/2010 5.17.22 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 07/11/2010 5.17.25 | Computer Name = PRIVATE-A7D0BBD | Source = Disk | ID = 262151
    Description = The device, \Device\Harddisk1\D, has a bad block.

    Error - 07/11/2010 5.18.29 | Computer Name = PRIVATE-A7D0BBD | Source = DCOM | ID = 10005
    Description = DCOM got error "%1058" attempting to start the service mcmscsvc with
    arguments "" in order to run the server: {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2}


    < End of report >
     
  15. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Regarding McAfee, you may need to reinstall it.
    If you do, make sure, you uninstall it first, using this tool: http://www.softpedia.com/get/Tweak/Uninstallers/McAfee-Consumer-Product-Removal-Tool.shtml

    Now, Windows Explorer...
    Navigate to these Explorer locations:
    C:\WINDOWS\explorer.exe
    C:\WINDOWS\ERDNT\cache\explorer.exe
    C:\WINDOWS\SoftwareDistribution\Download\9866fb57abdc0ea2f5d4e132d055ba4e\explorer.exe
    C:\WINDOWS\system32\dllcache\explorer.exe

    In each case, double click on explorer.exe and see, if Windows Explorer will open.
    Note, which location will work.

    I'll review your OTL logs, when we fix Explorer issue.

    I assume, we're talking about Windows Explorer, not Internet Explorer?
     
  16. temir

    temir TS Rookie Topic Starter Posts: 87

    That's right! We're talking about Windows Explorer, not IE.

    So i can also proceed reinstalling McAfee? I can't install McAfee from Normal Mode, it stalls when i open the Setup. I can install it from Safe Mode.
     
  17. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Uninstall McAfee first, using the tool, I listed in my previous reply (very important!).
     
  18. temir

    temir TS Rookie Topic Starter Posts: 87

    none of those explorer.exe work, open Windows Explorer.
     
  19. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    We'll get back to the issue.
    Go ahead with reinstalling McAfee and I'll review your OTL logs at the same time.
     
  20. temir

    temir TS Rookie Topic Starter Posts: 87

    ok, i'll give it a try now from Normal Mode
     
  21. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Using SystemLook, you already have...
    [*]Double-click SystemLook.exe to run it.
    [*]Vista users:: Right click on SystemLook.exe, click Run As Administrator
    [*]Copy the content of the following box into the main textfield:
    Code:
    :filefind
    wininet.dll
    
    [*]Click the Look button to start the scan.
    [*]When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    [/list]Note: The log can also be found on your Desktop entitled SystemLook.txt

    =========================================================================

    Run OTL
    • Under the Custom Scans/Fixes box at the bottom, paste in the following

      Code:
      :OTL
      SRV - File not found [Auto | Stopped] -- C:\Program Files\Panda Security\Panda Cloud Antivirus\PSANHost.exe -- (NanoServiceMain)
      O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
      O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
      O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe File not found
      [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
      [2009/10/29 19.32.23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Panda Security
      @Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Temir.PRIVATE-A7D0BBD.000\Desktop\religions.pdf:SummaryInformation
      @Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F35A93AD
      
      
      :Services
      
      :Reg
      
      :Files
      
      :Commands
      [purity]
      [emptytemp]
      [emptyflash]
      [Reboot]
      
    • Then click the Run Fix button at the top
    • Let the program run unhindered, reboot the PC when it is done
    • You will get a log that shows the results of the fix. Please post it.
     
  22. temir

    temir TS Rookie Topic Starter Posts: 87

    Well, i uninstalled with that removal tool McAfee and now i'm trying to reinstall McAfee, but the setup isn't working. It tries to open, but hangs.
     
  23. temir

    temir TS Rookie Topic Starter Posts: 87

    BTW, what antivirus/security program would you suggest?
     
  24. Broni

    Broni Malware Annihilator Posts: 47,172   +264

    Leave McAfee alone for now.
    Judging from OTL Event Viewer entries, you may have some system files issues.

    Run steps from my previous reply.
     
  25. temir

    temir TS Rookie Topic Starter Posts: 87

    now i'll do the steps with SystemLook
     
Topic Status:
Not open for further replies.


Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...


Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.