Solved Boot malware?

[Broni]

Looks good

How is computer doing?

Now you need to install some AV program.
I suggest one of these:
- Avast! free antivirus: http://www.avast.com/eng/download-avast-home.html
- free Microsoft Security Essentials: http://windows.microsoft.com/en-GB/windows/products/security-essentials
- free Comodo Antivirus: http://www.comodo.com/home/internet-security/antivirus.php
Update, run full scan, report on any findings.

When done....

Download OTL to your Desktop.

• Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
• Click the Scan All Users checkbox.
• Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

• Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
• When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
• Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

 

[kenobi575]

OTL log

virus scan clear


OTL logfile created on: 1/1/2012 12:35:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admiral\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 58.22% Memory free
2.45 Gb Paging File | 1.96 Gb Available in Paging File | 79.96% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.07 Gb Total Space | 63.24 Gb Free Space | 58.52% Space Free | Partition Type: NTFS
Drive D: | 3.71 Gb Total Space | 1.67 Gb Free Space | 45.12% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 981.05 Mb Total Space | 56.50 Mb Free Space | 5.76% Space Free | Partition Type: FAT

Computer Name: ALBERT | User Name: Admiral | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/12/31 21:07:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admiral\Desktop\OTL.exe
PRC - [2011/12/27 11:37:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE
PRC - [2011/07/28 16:58:54 | 004,514,992 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boincmgr.exe
PRC - [2011/07/28 16:58:50 | 000,070,832 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinctray.exe
PRC - [2011/07/28 16:58:48 | 000,902,320 | ---- | M] (Space Sciences Laboratory) -- C:\Program Files\BOINC\boinc.exe
PRC - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe
PRC - [2011/03/25 21:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE
PRC - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) -- C:\WINDOWS\system32\lxeecoms.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/01/22 10:13:32 | 001,201,448 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
PRC - [2008/01/22 10:13:20 | 000,152,872 | ---- | M] (Nero AG) -- C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
PRC - [2005/01/20 18:15:32 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2004/08/13 16:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
PRC - [2004/08/13 16:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
PRC - [2003/07/18 02:31:22 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) -- C:\WINDOWS\system32\Crypserv.exe
PRC - [2003/06/20 03:41:54 | 000,914,528 | ---- | M] (Zone Labs Inc.) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2002/09/24 15:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\AutoDisk\ADService.exe
PRC - [2002/09/04 13:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) -- C:\Program Files\Iomega\System32\AppServices.exe
PRC - [2001/10/31 11:59:20 | 000,073,728 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\vptray.exe
PRC - [2001/10/29 13:38:50 | 000,466,944 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\rtvscan.exe
PRC - [2001/10/29 13:33:18 | 000,032,768 | ---- | M] (Symantec Corporation) -- C:\Program Files\NavNT\defwatch.exe
PRC - [2000/09/18 17:12:40 | 000,014,336 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\MSGSYS.EXE


========== Modules (No Company Name) ==========

MOD - [2011/07/05 10:14:54 | 000,081,920 | ---- | M] () -- C:\Program Files\BOINC\zlib1.dll
MOD - [2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeedrpp.dll
MOD - [2009/05/29 09:09:48 | 001,159,168 | ---- | M] () -- C:\Program Files\Lexmark\Pro700 Series\lxeedrs.dll
MOD - [2009/05/06 09:04:36 | 000,466,944 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\resource.dll
MOD - [2009/05/06 09:03:44 | 000,372,736 | ---- | M] () -- C:\Program Files\Lexmark Toolbar\toolband.dll
MOD - [2009/05/06 04:15:16 | 000,167,936 | ---- | M] () -- C:\Program Files\Lexmark\Pro700 Series\lxeemicro.dll
MOD - [2009/03/10 00:43:49 | 000,155,648 | ---- | M] () -- C:\Program Files\Lexmark\Pro700 Series\lxeecaps.dll
MOD - [2005/06/28 12:59:48 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\PhotoImpression 5\Share\PIHook.dll
MOD - [2003/08/02 22:20:57 | 000,126,976 | R--- | M] () -- C:\Program Files\SpywareGuard\spywareguard.dll
MOD - [2003/07/29 08:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL
MOD - [2001/10/29 13:51:02 | 000,045,056 | ---- | M] () -- C:\WINDOWS\system32\NavLogon.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (SAVScan)
SRV - File not found [Auto | Stopped] -- -- (NPFMntor)
SRV - File not found [Auto | Stopped] -- -- (navapsvc)
SRV - File not found [Disabled | Stopped] -- -- (Iomega Activity Disk2)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2011/12/27 11:37:01 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto | Running] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/05/06 10:03:10 | 000,191,752 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/04/22 07:21:10 | 000,092,592 | ---- | M] (TomTom) [Auto | Running] -- C:\Program Files\TomTom HOME 2\TomTomHOMEService.exe -- (TomTomHOMEService)
SRV - [2011/03/25 21:32:40 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/11/29 10:41:26 | 000,058,944 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_Helper_3004.dll -- (nosGetPlusHelper) getPlus(R)
SRV - [2010/04/14 14:01:23 | 000,598,696 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxeecoms.exe -- (lxee_device)
SRV - [2010/04/14 14:01:11 | 000,193,192 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxeeserv.exe -- (lxeeCATSCustConnectService)
SRV - [2008/08/29 10:00:30 | 000,033,752 | ---- | M] (NOS Microsystems Ltd.) [On_Demand | Stopped] -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus(R) Helper) getPlus(R)
SRV - [2007/05/08 15:30:48 | 000,323,584 | ---- | M] (soft Xpansion) [On_Demand | Stopped] -- C:\Program Files\Common Files\WPE\wpeserv.exe -- (WPEServ)
SRV - [2005/01/20 18:15:32 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)
SRV - [2004/08/18 10:45:02 | 000,066,688 | ---- | M] (Symantec Corporation) [Auto | Stopped] -- C:\Program Files\Common Files\Symantec Shared\Script Blocking\SBServ.exe -- (SBService)
SRV - [2004/08/13 16:17:48 | 000,164,984 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe -- (ccSetMgr)
SRV - [2004/08/13 16:17:46 | 000,078,968 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe -- (ccPwdSvc)
SRV - [2004/08/13 16:17:40 | 000,197,752 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe -- (ccEvtMgr)
SRV - [2004/08/13 15:00:44 | 000,206,048 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe -- (SNDSrvc)
SRV - [2004/07/21 12:24:04 | 000,173,160 | ---- | M] (Symantec Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe -- (SPBBCSvc)
SRV - [2003/07/18 02:31:22 | 000,061,440 | ---- | M] (CrypKey (Canada) Ltd.) [Auto | Running] -- C:\WINDOWS\System32\Crypserv.exe -- (Crypkey License)
SRV - [2003/06/20 03:41:54 | 000,914,528 | ---- | M] (Zone Labs Inc.) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2002/09/24 15:39:48 | 000,151,552 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\AutoDisk\ADService.exe -- (_IOMEGA_ACTIVE_DISK_SERVICE_)
SRV - [2002/09/04 13:11:04 | 000,073,728 | ---- | M] (Iomega Corporation) [Auto | Running] -- C:\Program Files\Iomega\System32\AppServices.exe -- (Iomega App Services)
SRV - [2001/10/29 13:38:50 | 000,466,944 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\rtvscan.exe -- (Norton AntiVirus Server)
SRV - [2001/10/29 13:33:18 | 000,032,768 | ---- | M] (Symantec Corporation) [Auto | Running] -- C:\Program Files\NavNT\defwatch.exe -- (DefWatch)


========== Driver Services (SafeList) ==========

DRV - [2011/12/27 11:36:52 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2011/12/27 11:36:52 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- C:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS -- (SASDIFSV)
DRV - [2010/10/13 03:00:00 | 001,371,184 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\navex15.sys -- (NAVEX15)
DRV - [2010/10/13 03:00:00 | 000,086,064 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20101013.002\naveng.sys -- (NAVENG)
DRV - [2010/08/18 18:28:56 | 000,012,872 | ---- | M] ( SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | On_Demand | Stopped] -- C:\Program Files\SUPERAntiSpyware\SASENUM.SYS -- (SASENUM)
DRV - [2008/08/08 19:27:19 | 000,102,664 | ---- | M] (Trend Micro Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm)
DRV - [2008/02/27 12:49:00 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2008/01/28 15:56:47 | 000,018,304 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2008/01/28 15:56:38 | 000,019,712 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2007/04/11 09:23:32 | 000,035,328 | ---- | M] (Service & Quality Technology.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Capt905c.sys -- (SQTECH905C)
DRV - [2007/03/22 11:57:14 | 000,028,672 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elagopro.sys -- (elagopro)
DRV - [2007/03/22 11:57:14 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\elaunidr.sys -- (elaunidr)
DRV - [2006/11/10 14:05:00 | 000,018,688 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2005/12/06 09:12:08 | 001,355,456 | ---- | M] (C-Media Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cmuda3.sys -- (cmuda3)
DRV - [2005/11/21 00:48:21 | 000,016,512 | ---- | M] (Adaptec) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (Aspi32)
DRV - [2005/03/15 16:25:44 | 000,127,574 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MR97310c.sys -- (MR97310_USB_DUAL_CAMERA)
DRV - [2004/10/20 14:39:32 | 000,040,724 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2004/10/18 17:05:12 | 000,042,968 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Sunkfilt39.sys -- (SunkFilt39)
DRV - [2004/08/13 15:00:24 | 000,266,368 | ---- | M] (Symantec Corporation) [Kernel | System | Running] -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS -- (SYMTDI)
DRV - [2004/08/13 15:00:22 | 000,025,824 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS -- (SYMREDRV)
DRV - [2004/08/09 15:59:32 | 000,103,952 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Running] -- C:\Program Files\Symantec\SYMEVENT.SYS -- (SymEvent)
DRV - [2004/07/21 12:24:02 | 000,341,096 | ---- | M] (Symantec Corporation) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys -- (SPBBCDrv)
DRV - [2004/06/28 12:08:56 | 000,042,752 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2004/06/17 17:56:22 | 000,220,032 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2004/06/17 17:55:38 | 000,685,056 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/06/17 17:55:04 | 001,041,536 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2004/05/17 02:00:54 | 000,012,928 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nvnetbus.sys -- (nvnetbus)
DRV - [2004/05/17 02:00:52 | 000,033,280 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENETFD.sys -- (NVENETFD)
DRV - [2004/04/02 03:40:00 | 000,021,760 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/07/29 01:18:32 | 000,028,518 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\ckldrv.sys -- (NetworkX)
DRV - [2003/06/20 03:41:46 | 000,177,696 | ---- | M] (Zone Labs Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
DRV - [2002/09/04 13:11:08 | 000,030,258 | ---- | M] (Iomega Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys -- (iomdisk)
DRV - [2001/10/29 09:50:16 | 000,009,296 | ---- | M] () [Kernel | Auto | Running] -- C:\Program Files\NavNT\Navapel.sys -- (NAVAPEL)
DRV - [2001/10/29 09:49:18 | 000,178,304 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\NavNT\navap.sys -- (NAVAP)
DRV - [2001/08/17 15:49:32 | 000,019,968 | ---- | M] (Macronix International Co., Ltd. ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mxnic.sys -- (mxnic)
DRV - [1998/02/23 17:56:50 | 000,031,104 | ---- | M] (Play Incorporated) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\SNAPTHN.SYS -- (SnapTHN)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/


IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-20\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie

IE - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.emachines.com/
IE - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprphtml5videoshim;version=12.0.1.609: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\MozillaPlugins\nprphtml5videoshim.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=12.0.1.609: c:\program files\real\realplayer\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=: File not found
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.79\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@viewpoint.com/VMP: C:\Program Files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll ()
FF - HKLM\Software\MozillaPlugins\yaxmpb@yahoo.com/YahooActiveXPluginBridge;version=1.0.0.1: C:\Program Files\Yahoo!\Common\npyaxmpb.dll (Yahoo! Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{9A06DF9C-F52C-49b2-9F10-1FA2A3C407CC}: C:\Program Files\Trend Micro\TrendProtect\FF\{9A06DF9C-F52C-49b2-9F10-1FA2A3C407CC} [2008/07/04 13:05:31 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{065D968F-8EEA-42D9-AC3B-844488D344D1}: C:\Documents and Settings\Owner\Local Settings\Application Data\{065D968F-8EEA-42D9-AC3B-844488D344D1}
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\Firefox\Ext [2010/12/21 11:36:24 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/11/11 09:24:13 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 8.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/18 08:04:28 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2011/01/12 22:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Thunderbird 2.0.0.17\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins [2011/04/09 11:24:09 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Components: C:\Program Files\Netscape\Navigator 9\components [2011/07/15 19:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Netscape Navigator 9.0.0.5\extensions\\Plugins: C:\Program Files\Netscape\Navigator 9\plugins [2011/07/15 19:44:22 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.11\Extensions\\Components: C:\Program Files\mozilla.org\SeaMonkey\Components [2011/01/12 22:56:04 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\SeaMonkey 1.1.11\Extensions\\Plugins: C:\Program Files\mozilla.org\SeaMonkey\Plugins [2011/04/09 11:24:10 | 000,000,000 | ---D | M]

[2011/11/11 09:24:25 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/21 23:14:53 | 000,000,000 | ---D | M] (Greasemonkey) -- C:\Program Files\Mozilla Firefox\extensions\{e4a8a97b-f2ed-450b-b12d-ee082ba24781}
[2011/11/11 09:24:12 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2007/03/26 13:17:38 | 000,149,008 | ---- | M] (Trend Micro Inc.) -- C:\Program Files\mozilla firefox\components\WRSForFireFox.dll
[2011/07/02 19:22:06 | 000,466,944 | ---- | M] (Catalina Marketing Corporation) -- C:\Program Files\mozilla firefox\plugins\NPcol400.dll
[2011/07/13 16:52:56 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2011/05/04 03:52:23 | 000,476,904 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/07/13 16:52:58 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2011/10/18 16:56:09 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml
[2009/01/20 11:34:52 | 000,031,679 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\orbitsearch.xml
[2011/11/11 09:24:13 | 000,002,040 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\twitter.xml

O1 HOSTS File: ([2011/12/31 20:25:50 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Documents and Settings\All Users\Application Data\Real\RealPlayer\BrowserRecordPlugin\IE\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (bho2gr Class) - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll (Headlight Software, Inc.)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (CNavExtBho Class) - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Documents and Settings\Owner\My Documents\Norton AntiVirus\NAVShExt.dll File not found
O2 - BHO: (Lexmark Printable Web) - {D2C5E510-BE6D-42CC-9F61-E4F939078474} - C:\Program Files\Lexmark Printable Web\bho.dll ()
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (BhoMisc Class) - {E3578B37-6346-4EC1-A82B-38273A100DCF} - C:\Program Files\Trend Micro\TrendProtect\MSIE\WRS.dll (Trend Micro Inc.)
O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
O3 - HKLM\..\Toolbar: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKLM\..\Toolbar: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\Owner\My Documents\Norton AntiVirus\NAVShExt.dll File not found
O3 - HKLM\..\Toolbar: (Bing Bar) - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (TrendProtect) - {F83BE649-1CC3-48EE-B2E2-0826CEF3822A} - C:\Program Files\Trend Micro\TrendProtect\MSIE\WRS.dll (Trend Micro Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\Owner\My Documents\Norton AntiVirus\NAVShExt.dll File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\Owner\My Documents\Norton AntiVirus\NAVShExt.dll File not found
O3 - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\..\Toolbar\ShellBrowser: (Lexmark Toolbar) - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll ()
O3 - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\..\Toolbar\ShellBrowser: (Norton AntiVirus) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Documents and Settings\Owner\My Documents\Norton AntiVirus\NAVShExt.dll File not found
O4 - HKLM..\Run: [boincmgr] C:\Program Files\BOINC\boincmgr.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [boinctray] C:\Program Files\BOINC\boinctray.exe (Space Sciences Laboratory)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [vptray] C:\Program Files\NavNT\vptray.exe (Symantec Corporation)
O4 - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe (Nero AG)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-2287679051-2000395447-3454571231-1015\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra 'Tools' menuitem : Flash Saver - {09EA1F80-F40A-11D1-B792-444553540001} - C:\Program Files\Flash saver\save.htm ()
O9 - Extra 'Tools' menuitem : Skype add-on for Internet Explorer - {5067A26B-1337-4436-8AFE-EE169C2DA79F} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra Button: Send to 'Perfect PDF Creator Essentials' - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\Cosmi\Perfect PDF Creator Essentials\pdfshell.dll (soft Xpansion)
O9 - Extra 'Tools' menuitem : Send to 'Perfect PDF Creator Essentials' - {722FE9B2-6895-42D9-9984-F4CB26616023} - C:\Program Files\Cosmi\Perfect PDF Creator Essentials\pdfshell.dll (soft Xpansion)
O9 - Extra Button: Add to Wish List - {76c5fb99-dd0a-4186-9e75-65d1bf3da283} - C:\Program Files\Amazon\Add to Wish List IE Extension\run.htm ()
O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/templates/ieawsdc.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://go.microsoft.com/fwlink/?linkid=67633 (Office Genuine Advantage Validation Tool)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebook.com/controls/2008.10.10_v5.5.8/FacebookPhotoUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1851174C-97BD-4217-A0CC-E908F60D5B7A} http://h50203.www5.hp.com/HPISWeb/Customer/cabs/HPISDataManager.CAB (Hewlett-Packard Online Support Services)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\yinsthelper.dll (YInstStarter Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1325033240453 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} http://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.com/controls/cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0026-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_26-windows-i586.cab (Java Plug-in 1.6.0_26)
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe.com/products/acrobat/nos/gp.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {FF1CD9A3-00CD-45C1-8182-4EEC229A182D} https://www.plaxo.com/activex/plx_upldr-2k-xp.cab (Plaxo Auto-Import Utility)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{8A48CAB4-5DA2-4C89-98E5-C2D712B952E7}: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\mso-offdap - No CLSID value found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\trendprotect {BC3A5F6F-12A0-4B14-A184-32939F413823} - C:\Program Files\Trend Micro\TrendProtect\MSIE\WRS.dll (Trend Micro Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) -C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) -C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - (C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL) - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\NavLogon: DllName - (C:\WINDOWS\system32\NavLogon.dll) - C:\WINDOWS\system32\NavLogon.dll ()
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\emachines.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/26 13:04:39 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/08/08 17:24:26 | 000,000,045 | -HS- | M] () - D:\autorun.inf.aug.8 -- [ FAT32 ]
O32 - AutoRun File - [2008/05/06 07:26:23 | 000,000,309 | R--- | M] () - G:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk /r \??\J
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.iac2 - C:\Program Files\Replay Converter\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)

 

[kenobi575]

otl pt. 2

Drivers32: MSVIDEO - C:\WINDOWS\System32\snapvnt.drv (Play Incorporated)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.dmb1 - m3jpeg32.dll File not found
Drivers32: vidc.ffds - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.MJPG - m3jpeg32.dll File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/01/01 00:33:27 | 000,584,192 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Admiral\Desktop\OTL.exe
[2011/12/31 21:24:50 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Local Settings\Application Data\Symantec
[2011/12/31 21:24:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Norton AntiVirus Corporate Edition
[2011/12/31 21:23:07 | 000,000,000 | ---D | C] -- C:\Program Files\NavNT
[2011/12/31 18:50:44 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/12/31 18:50:44 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/12/31 18:50:44 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/12/31 18:50:44 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/12/31 18:16:28 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admiral\PrivacIE
[2011/12/31 15:19:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Application Data\Windows Search
[2011/12/31 15:15:02 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/12/31 15:14:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\My Documents\My Videos
[2011/12/31 15:14:46 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\Start Menu\Programs\Administrative Tools
[2011/12/31 14:47:53 | 004,358,797 | R--- | C] (Swearware) -- C:\Documents and Settings\Admiral\Desktop\ComboFix.exe
[2011/12/31 13:50:38 | 001,918,464 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Admiral\Desktop\aswMBR.exe
[2011/12/31 13:50:37 | 001,578,288 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admiral\Desktop\tdsskiller.exe
[2011/12/30 14:01:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Local Settings\Application Data\Ahead
[2011/12/30 13:59:36 | 000,000,000 | --SD | C] -- C:\Documents and Settings\Admiral\Application Data\Microsoft
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\Start Menu\Programs\Startup
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\Start Menu
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\SendTo
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\Recent
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\My Documents\My Pictures
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\My Documents\My Music
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\My Documents
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\Favorites
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\Application Data
[2011/12/30 13:59:36 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Admiral\Start Menu\Programs\Accessories
[2011/12/30 13:59:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admiral\IETldCache
[2011/12/30 13:59:36 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Admiral\Cookies
[2011/12/30 13:59:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Admiral\Local Settings
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Templates
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Application Data\SampleView
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\PrintHood
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\NetHood
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Local Settings\Application Data\Microsoft
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Application Data\McAfee
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Application Data\Identities
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Application Data\Gtek
[2011/12/30 13:59:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Admiral\Desktop
[2011/12/30 13:57:55 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Admiral\Desktop\Dabo.exe
[2011/12/30 13:06:47 | 000,000,000 | ---D | C] -- C:\TDSSKiller_Quarantine
[2011/12/28 19:41:22 | 000,015,872 | ---- | C] (Printing Communications Assoc., Inc. (PCAUSA)) -- C:\WINDOWS\System32\GTNDIS5.sys
[2011/12/28 19:41:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Compact Wireless-G USB Network Adapter with SpeedBooster
[2011/12/28 19:41:16 | 000,000,000 | ---D | C] -- C:\Program Files\Linksys
[2011/12/28 19:04:52 | 000,000,000 | ---D | C] -- C:\Wallpaper Master
[2011/12/27 20:17:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/12/27 15:01:54 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Desktop Search
[2011/12/27 15:01:54 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\GroupPolicy
[2011/12/27 14:54:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Real
[2011/12/27 14:41:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Identities
[2011/12/27 14:19:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Wallpaper Master
[2011/12/27 14:04:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/12/27 14:04:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/12/27 13:22:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/12/27 13:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/12/27 12:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Common Files
[2011/12/27 12:09:41 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\CM
[2011/12/26 23:25:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/12/26 23:10:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/12/26 23:10:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/01/24 15:40:04 | 000,442,368 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoin.dll
[2010/01/24 15:34:50 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeinpa.dll
[2010/01/24 15:34:50 | 000,356,352 | ---- | C] ( ) -- C:\WINDOWS\System32\LXEEhcp.dll
[2010/01/24 15:34:50 | 000,344,064 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeiesc.dll
[2010/01/24 15:34:49 | 001,048,576 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeserv.dll
[2010/01/24 15:34:49 | 000,847,872 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeusb1.dll
[2010/01/24 15:34:48 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeepmui.dll
[2010/01/24 15:34:48 | 000,577,536 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeelmpm.dll
[2010/01/24 15:34:47 | 000,324,264 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeeih.exe
[2010/01/24 15:34:19 | 000,688,128 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeehbn3.dll
[2010/01/24 15:34:18 | 000,598,696 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecoms.exe
[2010/01/24 15:34:18 | 000,372,736 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomm.dll
[2010/01/24 15:34:17 | 000,802,816 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecomc.dll
[2010/01/24 15:34:17 | 000,373,416 | ---- | C] ( ) -- C:\WINDOWS\System32\lxeecfg.exe
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/01/01 00:32:10 | 000,000,000 | ---- | M] () -- C:\WINDOWS\VPC32.INI
[2011/12/31 23:57:03 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/12/31 21:23:29 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2011/12/31 21:23:29 | 000,000,592 | ---- | M] () -- C:\WINDOWS\ODBC.INI
[2011/12/31 21:18:03 | 000,000,237 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2011/12/31 21:16:04 | 000,004,452 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/12/31 21:15:44 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/12/31 21:15:38 | 000,000,278 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
[2011/12/31 21:15:03 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/12/31 21:15:02 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/31 21:07:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admiral\Desktop\OTL.exe
[2011/12/31 20:25:50 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/12/31 19:47:31 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2011/12/31 15:09:47 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2011/12/31 14:36:40 | 004,358,797 | R--- | M] (Swearware) -- C:\Documents and Settings\Admiral\Desktop\ComboFix.exe
[2011/12/30 17:49:11 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 17:35:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admiral\Desktop\033ziusx.exe
[2011/12/30 14:00:31 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Admiral\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/30 13:24:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admiral\Desktop\Dabo.exe
[2011/12/30 11:48:51 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/12/28 19:41:10 | 000,000,670 | ---- | M] () -- C:\WINDOWS\System32\WLAN.INI
[2011/12/28 15:43:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admiral\Desktop\tdsskiller.exe
[2011/12/28 02:21:24 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admiral\Desktop\aswMBR.exe
[2011/12/27 22:31:36 | 000,000,722 | ---- | M] () -- C:\WINDOWS\pagan2.ini
[2011/12/27 22:20:41 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/12/27 18:19:19 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/12/27 18:19:19 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/12/27 18:10:32 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2011/12/27 15:02:02 | 000,462,880 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/12/27 15:02:02 | 000,078,826 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/12/27 11:37:07 | 000,000,286 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2287679051-2000395447-3454571231-1003.job
[2011/12/24 17:43:40 | 000,010,204 | ---- | M] () -- C:\WINDOWS\PaqRat.ini
[2011/12/24 17:18:04 | 000,000,004 | ---- | M] () -- C:\WINDOWS\CKSNNT.flg
[2011/12/21 22:50:05 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/12/15 14:31:30 | 000,399,936 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/12/10 15:24:06 | 000,020,464 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[3 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/01/01 00:32:10 | 000,000,000 | ---- | C] () -- C:\WINDOWS\VPC32.INI
[2011/12/31 18:50:44 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/12/31 18:50:44 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/12/31 18:50:44 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/12/31 18:50:44 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/12/31 18:50:44 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/12/31 18:35:33 | 2079,903,744 | -HS- | C] () -- C:\hiberfil.sys
[2011/12/31 18:33:41 | 000,000,577 | ---- | C] () -- C:\Documents and Settings\Admiral\My Documents\Top Drawer.lnk
[2011/12/31 15:12:53 | 000,000,512 | ---- | C] () -- C:\MBR.dat
[2011/12/31 02:20:13 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Admiral\Desktop\033ziusx.exe
[2011/12/30 17:48:26 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes Anti-Malware.lnk
[2011/12/30 14:00:31 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Admiral\Start Menu\Programs\Internet Explorer.lnk
[2011/12/30 14:00:17 | 000,000,788 | ---- | C] () -- C:\Documents and Settings\Admiral\Start Menu\Programs\Windows Media Player.lnk
[2011/12/30 13:59:37 | 000,000,815 | ---- | C] () -- C:\Documents and Settings\Admiral\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/12/30 13:59:37 | 000,000,769 | ---- | C] () -- C:\Documents and Settings\Admiral\Application Data\Microsoft\Internet Explorer\Quick Launch\MySpaceIM.lnk
[2011/12/30 13:59:37 | 000,000,079 | ---- | C] () -- C:\Documents and Settings\Admiral\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf
[2011/12/30 13:59:36 | 000,001,599 | ---- | C] () -- C:\Documents and Settings\Admiral\Start Menu\Programs\Remote Assistance.lnk
[2011/12/30 13:59:36 | 000,000,786 | ---- | C] () -- C:\Documents and Settings\Admiral\Desktop\Windows Media Player.lnk
[2011/12/30 13:59:36 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\Admiral\Start Menu\Programs\Outlook Express.lnk
[2011/12/28 19:41:22 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2011/12/28 19:41:22 | 000,031,930 | ---- | C] () -- C:\WINDOWS\System32\GTNDIS3.VXD
[2011/12/28 19:41:10 | 000,000,670 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI
[2011/12/27 18:10:44 | 000,003,038 | ---- | C] () -- C:\fix_svchost.bat
[2011/12/27 12:13:58 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/28 15:15:58 | 000,000,057 | ---- | C] () -- C:\WINDOWS\DcmLtbox-WS.ini
[2010/12/08 23:23:05 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Mladuwenuqav.dat
[2010/12/08 23:23:05 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Evamuram.bin
[2010/11/17 13:45:09 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/08/04 19:42:08 | 000,065,536 | ---- | C] () -- C:\WINDOWS\qt3wrap.dll
[2010/05/10 20:29:14 | 000,394,752 | ---- | C] () -- C:\WINDOWS\System32\LEARN32.DLL
[2010/01/24 15:40:07 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxeevs.dll
[2010/01/24 15:39:51 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\lxeegcfg.dll
[2010/01/24 15:39:49 | 000,294,912 | ---- | C] () -- C:\WINDOWS\System32\lxeecui.dll
[2010/01/24 15:39:49 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\lxeecuir.dll
[2010/01/24 15:35:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxeerwrd.ini
[2010/01/24 15:34:51 | 000,385,024 | ---- | C] () -- C:\WINDOWS\System32\LXEEinst.dll
[2010/01/24 15:34:47 | 000,323,584 | ---- | C] () -- C:\WINDOWS\System32\lxeeins.dll
[2010/01/24 15:34:47 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsb.dll
[2010/01/24 15:34:47 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\lxeeinsr.dll
[2010/01/24 15:34:47 | 000,057,344 | ---- | C] () -- C:\WINDOWS\System32\lxeejswr.dll
[2010/01/24 15:34:19 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxeegrd.dll
[2010/01/24 15:34:19 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\lxeecub.dll
[2010/01/24 15:34:18 | 000,253,952 | ---- | C] () -- C:\WINDOWS\System32\lxeecu.dll
[2010/01/24 15:34:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\lxeecur.dll
[2010/01/24 15:33:28 | 000,299,008 | ---- | C] () -- C:\WINDOWS\System32\LXEEsm.dll
[2010/01/24 15:33:28 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\LXEEsmr.dll
[2010/01/17 00:26:06 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\rmc_rtspdl.dll
[2009/09/05 19:50:04 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2009/03/14 18:20:08 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.exe
[2009/03/14 18:20:08 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\CMRMDRV3.DLL
[2009/03/14 18:20:08 | 000,000,464 | ---- | C] () -- C:\WINDOWS\CMUDA3.ini
[2008/10/20 22:46:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\System32\KM128814.DAT
[2008/10/20 22:46:43 | 000,000,041 | ---- | C] () -- C:\WINDOWS\KM128814.DAT
[2008/09/21 17:33:14 | 000,823,296 | ---- | C] () -- C:\WINDOWS\j3dcore-d3d.dll
[2008/09/21 17:33:14 | 000,163,840 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl.dll
[2008/09/21 17:33:14 | 000,049,152 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-chk.dll
[2008/09/21 17:33:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\j3dcore-ogl-cg.dll
[2008/08/27 20:51:04 | 000,118,784 | ---- | C] () -- C:\WINDOWS\SeaMonkeyUninstall.exe
[2008/08/27 20:50:50 | 000,118,784 | ---- | C] () -- C:\WINDOWS\GREUninstall.exe
[2008/08/22 22:27:53 | 000,000,039 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/08/22 20:37:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2008/08/22 18:49:48 | 000,000,012 | ---- | C] () -- C:\WINDOWS\compedia.ini
[2008/06/06 13:05:26 | 000,000,087 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2008/06/06 12:28:20 | 000,000,021 | ---- | C] () -- C:\WINDOWS\CC_SETUP.ini
[2008/05/26 21:59:42 | 000,018,904 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschematrivial.bin
[2008/05/26 21:59:40 | 000,106,605 | ---- | C] () -- C:\WINDOWS\System32\structuredqueryschema.bin
[2008/05/04 17:55:55 | 000,118,784 | ---- | C] () -- C:\WINDOWS\dx7ogl32.dll
[2008/04/12 10:38:54 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2008/03/10 23:09:02 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\mr310exv.dll
[2008/03/10 23:09:02 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\mr310exd.dll
[2008/03/10 23:09:02 | 000,015,164 | ---- | C] () -- C:\WINDOWS\mr310twc.ini
[2008/02/05 22:25:19 | 000,088,676 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/01/14 16:47:06 | 000,099,712 | ---- | C] () -- C:\WINDOWS\HPBroker.dll
[2007/12/25 22:07:23 | 000,000,061 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2007/09/21 21:30:24 | 000,010,294 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2007/07/26 22:58:08 | 003,920,833 | ---- | C] () -- C:\WINDOWS\Screen Saver 1.dat
[2007/07/08 16:08:23 | 000,028,689 | ---- | C] () -- C:\WINDOWS\FLYSETUP.EXE
[2007/06/17 15:35:30 | 000,000,026 | ---- | C] () -- C:\WINDOWS\Pp70.INI
[2007/05/13 20:29:13 | 001,936,528 | ---- | C] () -- C:\WINDOWS\System32\ltmm15.dll
[2007/03/09 02:12:32 | 000,027,648 | -HS- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/03/06 04:14:48 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2007/03/05 13:34:28 | 000,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2006/10/10 20:28:16 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acroread.INI
[2006/10/10 20:27:16 | 000,316,928 | ---- | C] () -- C:\WINDOWS\System32\INSIGHT.DLL
[2006/10/10 20:27:16 | 000,000,183 | ---- | C] () -- C:\WINDOWS\ETCR.INI
[2006/01/30 19:12:56 | 000,000,074 | ---- | C] () -- C:\WINDOWS\GlencoeSS.ini
[2005/09/12 22:13:16 | 000,127,184 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/09/12 22:13:16 | 000,000,016 | ---- | C] () -- C:\WINDOWS\americanflag.ini
[2005/09/03 18:47:30 | 000,000,054 | ---- | C] () -- C:\WINDOWS\setihome.ini
[2005/08/26 14:28:34 | 000,143,360 | ---- | C] () -- C:\WINDOWS\unzip.exe
[2005/08/26 14:28:20 | 000,024,576 | ---- | C] () -- C:\WINDOWS\shortcut.exe
[2005/08/26 14:27:58 | 000,045,056 | ---- | C] () -- C:\WINDOWS\devenum.exe
[2005/08/19 14:44:19 | 000,000,182 | ---- | C] () -- C:\WINDOWS\DoctorWhoSS.ini
[2005/08/13 23:24:59 | 000,000,012 | ---- | C] () -- C:\WINDOWS\float1.ini
[2005/08/13 23:21:56 | 000,040,960 | ---- | C] () -- C:\WINDOWS\Floating Cities1.exe
[2005/08/13 23:21:56 | 000,000,536 | ---- | C] () -- C:\WINDOWS\Floating Cities1.bin
[2005/08/13 23:21:56 | 000,000,018 | ---- | C] () -- C:\WINDOWS\cnc.ini
[2005/08/13 16:15:12 | 000,013,312 | ---- | C] () -- C:\WINDOWS\9598SSC.EXE
[2005/08/13 16:15:12 | 000,012,800 | ---- | C] () -- C:\WINDOWS\NTSSC.EXE
[2005/08/13 16:15:12 | 000,010,549 | ---- | C] () -- C:\WINDOWS\SSCKILLR.EXE
[2005/08/13 16:15:06 | 000,038,727 | ---- | C] () -- C:\WINDOWS\SETUP88.EXE
[2005/08/13 12:44:37 | 000,145,167 | ---- | C] () -- C:\WINDOWS\unstall.exe
[2005/08/12 22:19:32 | 000,000,951 | ---- | C] () -- C:\WINDOWS\PlanetDextersLab Screen Saver.ini
[2005/08/06 23:20:09 | 000,071,749 | ---- | C] () -- C:\WINDOWS\hcextoutput.dll
[2005/08/06 23:20:09 | 000,000,823 | ---- | C] () -- C:\WINDOWS\tsc.ini
[2005/08/06 22:25:49 | 000,000,170 | ---- | C] () -- C:\WINDOWS\GetServer.ini
[2005/08/03 18:00:11 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ieaw.exe
[2005/08/03 15:32:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\kkhpw.dat
[2005/08/03 09:12:58 | 000,000,062 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2005/08/03 07:52:07 | 000,000,000 | ---- | C] () -- C:\WINDOWS\imiqb.dll
[2005/08/03 03:08:19 | 000,000,402 | ---- | C] () -- C:\WINDOWS\!sfxunst.ini
[2005/08/02 23:25:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nthc.exe
[2005/08/02 22:54:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\xynud.dat
[2005/08/02 22:17:18 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\ssmute.ini
[2005/08/02 21:30:16 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\wvvup.dat
[2005/08/01 17:01:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iext32.exe
[2005/08/01 17:01:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atlsz.exe
[2005/08/01 14:07:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\icbke.dat
[2005/08/01 11:11:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\cpcqw.dat
[2005/08/01 09:10:17 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apphd.exe
[2005/08/01 05:44:08 | 000,000,592 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/31 17:23:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\aqead.dll
[2005/07/31 17:15:39 | 000,000,030 | ---- | C] () -- C:\WINDOWS\POOL.INI
[2005/07/31 15:04:12 | 000,000,050 | ---- | C] () -- C:\WINDOWS\SSIMB.INI
[2005/07/30 23:52:32 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\rvrga.dat
[2005/07/29 16:44:11 | 000,000,034 | ---- | C] () -- C:\WINDOWS\AuthMgr.INI
[2005/07/29 13:36:00 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/07/29 04:26:50 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uoneq.dll
[2005/07/28 16:08:01 | 000,197,753 | ---- | C] () -- C:\WINDOWS\gclnz.dat
[2005/07/28 03:53:19 | 000,000,000 | ---- | C] () -- C:\WINDOWS\zfcmb.dll
[2005/07/28 01:23:10 | 000,002,831 | ---- | C] () -- C:\WINDOWS\wavemix.ini
[2005/07/27 21:59:15 | 000,000,203 | ---- | C] () -- C:\WINDOWS\ScrAntic.ini
[2005/07/27 19:37:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\d3zz32.exe
[2005/07/26 23:33:01 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/07/26 12:20:13 | 000,197,753 | ---- | C] () -- C:\WINDOWS\cbpmo.dat
[2005/07/26 09:59:07 | 000,129,080 | ---- | C] () -- C:\WINDOWS\logow.sys
[2005/07/26 09:59:07 | 000,129,078 | ---- | C] () -- C:\WINDOWS\logos.sys
[2005/07/26 04:45:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ipqq.exe
[2005/07/25 21:40:49 | 000,092,672 | ---- | C] () -- C:\WINDOWS\uinst.exe
[2005/07/25 06:26:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mfcvq32.exe
[2005/07/24 20:12:34 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\ajavc.dat
[2005/07/24 17:17:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\afpzz.dat
[2005/07/24 02:40:18 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hjipi.dat
[2005/07/23 14:49:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wincd32.exe
[2005/07/23 00:50:38 | 000,197,753 | ---- | C] () -- C:\WINDOWS\System32\uvabz.dat
[2005/07/22 19:58:53 | 000,180,224 | ---- | C] () -- C:\WINDOWS\UninstallWSST.exe
[2005/07/22 13:54:13 | 000,000,151 | ---- | C] () -- C:\WINDOWS\WSST_Screen_Saver.ini
[2005/07/22 00:30:45 | 000,000,455 | ---- | C] () -- C:\WINDOWS\lexstat.ini
[2005/07/21 08:53:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\xifts.dll
[2005/07/21 07:39:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\crua32.exe
[2005/07/21 03:44:35 | 000,000,000 | ---- | C] () -- C:\WINDOWS\elqfs.dll
[2005/07/20 17:53:27 | 000,001,477 | ---- | C] () -- C:\WINDOWS\PicSaver.ini
[2005/07/20 02:28:48 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/07/19 23:01:59 | 000,000,027 | ---- | C] () -- C:\WINDOWS\FMONEY.INI
[2005/07/19 20:09:22 | 000,000,000 | ---- | C] () -- C:\WINDOWS\qfjlk.dll
[2005/07/19 12:15:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\crbi32.exe
[2005/07/19 02:01:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sdkmd32.exe
[2005/07/19 01:36:15 | 000,000,466 | ---- | C] () -- C:\WINDOWS\SSPRO.INI
[2005/07/18 08:12:15 | 000,268,965 | ---- | C] () -- C:\WINDOWS\ADZE-S.EXE
[2005/07/18 08:12:15 | 000,017,528 | ---- | C] () -- C:\WINDOWS\WISEGUY.EXE
[2005/07/18 08:10:24 | 000,213,834 | ---- | C] () -- C:\WINDOWS\Zodiac_Saver.exe
[2005/07/18 08:10:24 | 000,063,810 | ---- | C] () -- C:\WINDOWS\BINS.EXE
[2005/07/18 08:10:24 | 000,006,212 | ---- | C] () -- C:\WINDOWS\Zodiac_Saver.ini
[2005/07/18 07:09:02 | 000,522,752 | ---- | C] () -- C:\WINDOWS\chess.exe
[2005/07/18 07:08:59 | 000,009,728 | ---- | C] () -- C:\WINDOWS\chessdos.exe
[2005/07/18 07:07:30 | 000,028,518 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2005/07/18 07:07:30 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2005/07/18 07:07:30 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2005/07/18 07:07:30 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2005/07/18 06:53:56 | 000,000,106 | ---- | C] () -- C:\WINDOWS\S&D24.INI
[2005/07/18 06:53:31 | 000,000,131 | ---- | C] () -- C:\WINDOWS\chess.ini
[2005/07/18 06:50:34 | 000,000,886 | ---- | C] () -- C:\WINDOWS\SETUPEXE.INI
[2005/07/18 05:59:58 | 000,000,037 | ---- | C] () -- C:\WINDOWS\progman.ini
[2005/07/18 05:59:49 | 000,000,070 | ---- | C] () -- C:\WINDOWS\Battle.ini
[2005/07/18 05:52:09 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tephd.dat
[2005/07/18 05:13:07 | 000,000,344 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/07/18 01:27:21 | 000,214,528 | ---- | C] () -- C:\WINDOWS\Battle.exe
[2005/07/18 00:49:53 | 000,000,042 | ---- | C] () -- C:\WINDOWS\AlchemyMindworksUpdateList.INI
[2005/07/18 00:49:07 | 000,212,992 | ---- | C] () -- C:\WINDOWS\ALCHUNIN.EXE
[2005/07/17 21:46:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2005/07/17 21:15:28 | 000,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2005/07/17 18:52:46 | 000,000,722 | ---- | C] () -- C:\WINDOWS\pagan2.ini
[2005/07/17 18:41:54 | 001,322,529 | ---- | C] () -- C:\WINDOWS\mike98.exe
[2005/07/17 18:41:32 | 000,812,543 | ---- | C] () -- C:\WINDOWS\iconsnat361.exe
[2005/07/17 17:27:48 | 000,173,056 | ---- | C] () -- C:\WINDOWS\System32\emudll.dll
[2005/07/17 17:27:04 | 000,036,864 | ---- | C] () -- C:\WINDOWS\InstHelper.exe
[2005/07/17 17:21:30 | 000,077,312 | ---- | C] () -- C:\WINDOWS\pysoft_uninstaller.exe
[2005/07/17 17:20:17 | 000,027,648 | ---- | C] () -- C:\WINDOWS\Thk3216.dll
[2005/07/17 17:20:17 | 000,008,704 | ---- | C] () -- C:\WINDOWS\Timer16.dll
[2005/07/17 17:16:07 | 000,204,288 | ---- | C] () -- C:\WINDOWS\Image Compress 1.0.exe
[2005/07/17 12:12:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\adxcb.dat
[2005/07/17 11:19:43 | 000,020,728 | ---- | C] () -- C:\WINDOWS\Serandom2.ini
[2005/07/17 10:58:34 | 000,006,412 | ---- | C] () -- C:\WINDOWS\GCSPRO.INI
[2005/07/17 03:43:49 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\meyrh.dat
[2005/07/17 03:24:36 | 000,000,843 | ---- | C] () -- C:\WINDOWS\DRAGON.INI
[2005/07/17 02:09:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\mssu.exe
[2005/07/17 01:23:30 | 000,000,431 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/07/17 01:18:59 | 000,000,236 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2005/07/16 23:17:14 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/07/16 22:59:13 | 000,006,528 | ---- | C] () -- C:\WINDOWS\System32\drivers\Jupiter.sys
[2005/07/16 22:59:12 | 000,028,931 | ---- | C] () -- C:\WINDOWS\System32\JupitCo.exe
[2005/07/16 22:09:36 | 001,483,776 | ---- | C] () -- C:\WINDOWS\Mgxrdr32.dll
[2005/07/16 22:09:31 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\LFFPX7.DLL
[2005/07/16 22:09:31 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\LFKODAK.DLL
[2005/07/16 22:09:29 | 000,210,944 | ---- | C] () -- C:\WINDOWS\System32\MSVCRT10.DLL
[2005/07/16 22:08:49 | 000,082,944 | ---- | C] () -- C:\WINDOWS\System32\Ppiv20.dll
[2005/07/16 21:08:10 | 000,000,004 | ---- | C] () -- C:\WINDOWS\info147.sys
[2005/07/16 18:33:55 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/07/16 17:43:01 | 000,000,000 | ---- | C] () -- C:\WINDOWS\dnlao.dll
[2005/07/16 12:02:45 | 000,010,204 | ---- | C] () -- C:\WINDOWS\PaqRat.ini
[2005/07/15 06:00:39 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\eyugb.dat
[2005/07/14 10:17:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\tyhqd.dll
[2005/07/13 14:23:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\shbxw.dat
[2005/07/13 12:02:18 | 000,197,753 | ---- | C] () -- C:\WINDOWS\System32\pjxyz.dat
[2005/07/13 02:37:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\crqu32.exe
[2005/07/11 23:41:55 | 000,000,000 | ---- | C] () -- C:\WINDOWS\edbtj.dll
[2005/07/10 21:13:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hsfcw.dat
[2005/07/10 03:34:12 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\orvou.dat
[2005/07/09 18:19:37 | 000,000,000 | ---- | C] () -- C:\WINDOWS\uerfc.dll
[2005/07/06 00:53:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ieoz32.exe
[2005/07/06 00:53:28 | 000,000,000 | ---- | C] () -- C:\WINDOWS\atljx.exe
[2005/07/05 09:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\sysqg.exe
[2005/07/05 09:05:23 | 000,000,000 | ---- | C] () -- C:\WINDOWS\apike32.exe
[2005/07/04 20:20:04 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\xryon.dat
[2005/01/20 18:27:48 | 000,471,300 | ---- | C] () -- C:\WINDOWS\wallpe.exe
[2005/01/20 18:24:17 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/01/11 02:42:31 | 000,000,000 | ---- | C] () -- C:\WINDOWS\xaqrh.dat
[2004/12/21 10:13:56 | 000,191,136 | ---- | C] () -- C:\WINDOWS\System32\plx_upldr.dll
[2004/08/27 05:50:59 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/08/27 05:39:38 | 000,045,312 | ---- | C] () -- C:\WINDOWS\System32\drivers\ql12160.sys
[2004/08/27 04:54:47 | 000,516,096 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2004/08/26 13:01:37 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/26 11:12:43 | 000,001,222 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/08/26 11:12:43 | 000,000,487 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2004/08/26 11:12:13 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/26 11:12:10 | 000,462,880 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/26 11:12:10 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/26 11:12:10 | 000,078,826 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/26 11:12:10 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/26 11:12:08 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/26 11:12:07 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/26 11:12:05 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/26 11:12:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/26 11:11:59 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/26 11:11:54 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/26 11:11:46 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/26 05:54:01 | 000,399,936 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2003/03/28 09:26:24 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\LXBKIH.EXE
[2003/03/28 09:17:32 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\LXBKLCNP.DLL
[2002/11/13 11:40:22 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxbkvs.dll
[2002/09/13 07:40:06 | 000,000,266 | ---- | C] () -- C:\WINDOWS\System32\lxbkcoin.ini
[2002/03/13 14:46:46 | 000,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll
[2001/10/29 13:51:02 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\NavLogon.dll
[2001/01/19 11:50:20 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\INSTMON.EXE
[2000/09/18 17:12:40 | 000,023,040 | ---- | C] () -- C:\WINDOWS\System32\CSSMS_IN.DLL
[2000/07/14 23:00:00 | 000,030,720 | ---- | C] () -- C:\WINDOWS\regtlib.exe
[1999/10/06 17:48:28 | 000,016,476 | ---- | C] () -- C:\WINDOWS\System32\snapv16.drv
[1999/07/23 12:46:48 | 000,000,116 | ---- | C] () -- C:\WINDOWS\AuHCcup1.ini
[1999/07/23 09:53:20 | 000,129,536 | ---- | C] () -- C:\WINDOWS\AuHCcup1.dll
[1998/06/13 23:53:26 | 000,044,544 | ---- | C] () -- C:\WINDOWS\System32\Gif89.dll
[1997/11/10 14:18:48 | 000,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1996/04/09 21:50:00 | 000,066,048 | R--- | C] () -- C:\WINDOWS\System32\XNMTE450.DLL

========== LOP Check ==========

[2011/12/28 02:31:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Opera
[2005/01/20 18:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SampleView
[2011/12/28 03:20:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2005/01/20 18:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admiral\Application Data\SampleView
[2011/12/31 15:19:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Admiral\Application Data\Windows Search
[2009/03/17 18:37:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\abelhadigital.com
[2011/12/31 21:18:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BOINC
[2005/07/16 17:32:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/08/24 15:17:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Cosmi
[2010/12/31 15:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hIjDh06300
[2010/08/17 19:38:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Pro700 Series
[2005/07/19 18:44:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Softdisk LLC
[2008/11/13 19:03:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TomTom
[2005/01/20 18:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/05/25 08:11:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Wallpaper Master
[2011/01/09 20:40:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WindSolutions
[2011/01/12 23:04:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/04/23 21:23:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2005/01/20 18:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corina\Application Data\SampleView
[2005/01/20 18:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Corina.ALBERT\Application Data\SampleView
[2005/01/20 18:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\SampleView
[2005/01/20 18:31:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\SampleView
[2011/12/31 21:11:39 | 000,032,606 | ---- | M] () -- C:\WINDOWS\Tasks\SCHEDLGU.TXT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2011/12/31 19:47:31 | 000,003,616 | ---- | M] () -- C:\aswMBR.txt
[2004/08/26 13:04:39 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2009/03/14 16:53:11 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/12/31 15:09:47 | 000,000,281 | -HS- | M] () -- C:\boot.ini
[2005/07/31 19:29:24 | 000,000,103 | ---- | M] () -- C:\BootErr.log
[2011/02/11 10:56:02 | 000,000,598 | ---- | M] () -- C:\CKINFO.TXT
[2004/08/03 22:00:00 | 000,260,272 | ---- | M] () -- C:\cmldr
[2011/12/31 20:30:15 | 000,012,131 | ---- | M] () -- C:\ComboFix.txt
[2004/08/26 13:04:39 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/12/27 18:10:32 | 000,003,038 | ---- | M] () -- C:\fix_svchost.bat
[2011/12/31 02:26:50 | 000,008,404 | ---- | M] () -- C:\gmer.log
[2011/12/31 02:29:09 | 000,002,715 | ---- | M] () -- C:\gmer2.log
[2011/12/31 02:39:51 | 000,011,987 | ---- | M] () -- C:\gmer3.log
[2011/12/31 21:15:02 | 2079,903,744 | -HS- | M] () -- C:\hiberfil.sys
[2011/12/30 14:02:54 | 000,013,942 | ---- | M] () -- C:\hijackthis.log
[2008/09/27 17:51:40 | 000,000,588 | ---- | M] () -- C:\hpfr3600.log
[2005/09/15 19:21:05 | 000,000,000 | ---- | M] () -- C:\inst.exe
[2004/08/26 13:04:39 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/01/20 18:25:41 | 000,000,837 | ---- | M] () -- C:\IPH.PH
[2009/03/16 19:19:07 | 000,000,229 | ---- | M] () -- C:\JavaRa.log
[2008/05/10 17:56:28 | 000,000,478 | ---- | M] () -- C:\LOG113.log
[2008/05/10 19:32:28 | 000,000,478 | ---- | M] () -- C:\LOG128.log
[2008/05/26 16:08:00 | 000,000,478 | ---- | M] () -- C:\LOG18.log
[2008/06/03 19:59:44 | 000,000,478 | ---- | M] () -- C:\LOG19.log
[2009/03/10 20:37:38 | 000,000,478 | ---- | M] () -- C:\LOG1E.log
[2008/06/03 20:53:56 | 000,000,478 | ---- | M] () -- C:\LOG22.log
[2008/06/19 20:36:29 | 000,000,478 | ---- | M] () -- C:\LOG23.log
[2008/09/27 18:10:26 | 000,000,478 | ---- | M] () -- C:\LOG2B.log
[2008/07/10 19:55:43 | 000,000,478 | ---- | M] () -- C:\LOG2D.log
[2008/05/24 12:56:25 | 000,000,478 | ---- | M] () -- C:\LOG3.log
[2008/07/10 20:04:34 | 000,000,478 | ---- | M] () -- C:\LOG30.log
[2008/07/10 20:07:09 | 000,000,478 | ---- | M] () -- C:\LOG31.log
[2008/05/13 18:43:58 | 000,000,478 | ---- | M] () -- C:\LOG37.log
[2008/10/08 18:33:28 | 000,000,478 | ---- | M] () -- C:\LOG4C.log
[2008/10/08 18:40:48 | 000,000,478 | ---- | M] () -- C:\LOG50.log
[2008/06/19 20:53:51 | 000,000,478 | ---- | M] () -- C:\LOG66.log
[2008/06/04 23:03:54 | 000,000,478 | ---- | M] () -- C:\LOG69.log
[2008/09/05 16:50:50 | 000,000,478 | ---- | M] () -- C:\LOG89.log
[2008/09/21 17:32:33 | 000,000,478 | ---- | M] () -- C:\LOGCE.log
[2008/05/10 16:01:11 | 000,000,478 | ---- | M] () -- C:\LOGED.log
[2010/08/18 16:19:30 | 000,000,109 | ---- | M] () -- C:\mbam-error.txt
[2011/12/31 19:47:31 | 000,000,512 | ---- | M] () -- C:\MBR.dat
[2004/08/26 13:04:39 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/04 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/06/19 21:47:28 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/12/31 21:14:41 | 704,643,072 | -HS- | M] () -- C:\pagefile.sys
[2007/05/20 12:04:52 | 000,177,435 | ---- | M] () -- C:\pc-decrap-reg.txt
[2008/03/24 18:53:04 | 000,000,168 | ---- | M] () -- C:\setupfax.log
[2011/12/28 15:54:30 | 000,067,726 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_28.12.2011_15.49.11_log.txt
[2011/12/30 12:00:22 | 000,065,830 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_11.57.57_log.txt
[2011/12/30 13:06:57 | 000,065,846 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_13.05.03_log.txt
[2011/12/30 13:25:20 | 000,129,826 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_13.10.13_log.txt
[2011/12/30 13:36:40 | 000,065,796 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_30.12.2011_13.35.21_log.txt
[2011/12/31 14:04:38 | 000,129,776 | ---- | M] () -- C:\TDSSKiller.2.6.25.0_31.12.2011_13.58.20_log.txt
[2008/07/04 13:05:40 | 000,000,092 | ---- | M] () -- C:\tmp.ini
[2005/07/31 00:28:50 | 000,000,239 | ---- | M] () -- C:\Trace.txt
[2011/12/27 18:06:45 | 006,216,032 | ---- | M] (Microsoft Corporation) -- C:\windowsupdateagent30-x86.exe
[2011/12/27 18:08:30 | 001,266,056 | ---- | M] (Microsoft Corporation) -- C:\WindowsXP-KB927891-v3-x86-ENU.exe
[2008/07/04 13:05:40 | 000,000,107 | ---- | M] () -- C:\wrs_ff_install.log
[2011/12/31 21:25:43 | 000,028,672 | ---- | M] () -- C:\_NavCClt.Log

< %systemroot%\Fonts\*.com >
[2006/04/18 14:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 13:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 14:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 13:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2004/08/26 13:03:59 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2003/07/29 08:27:40 | 000,078,336 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\LXBKPP5C.DLL

 

[kenobi575]

OTL pt. 3

[2009/11/04 08:14:19 | 000,157,696 | ---- | M] () -- C:\WINDOWS\system32\spool\prtprocs\w32x86\lxeedrpp.dll
[2007/04/09 12:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2002/05/14 15:50:34 | 000,011,264 | ---- | M] (BVRP Software) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wfxprint2000.dll
[2007/05/08 15:30:48 | 000,188,416 | ---- | M] (soft Xpansion) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\wpeproc.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2008/04/11 11:37:22 | 003,532,800 | ---- | M] () -- C:\WINDOWS\100 Happy Money 3.scr
[2005/07/18 08:12:15 | 000,057,447 | ---- | M] () -- C:\WINDOWS\ADZE-SCR.SCR
[2005/08/03 04:16:14 | 000,194,560 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\Batman Begins.scr
[2011/07/28 16:58:46 | 000,836,784 | ---- | M] (Space Sciences Laboratory) -- C:\WINDOWS\boinc.scr
[2005/08/13 20:00:53 | 001,295,241 | ---- | M] () -- C:\WINDOWS\Crystals.scr
[2008/11/20 17:38:58 | 000,413,696 | ---- | M] (ABF software, Inc.) -- C:\WINDOWS\CSS.scr
[2000/04/03 14:38:00 | 001,574,912 | ---- | M] () -- C:\WINDOWS\ds9saver.scr
[2005/08/13 23:21:56 | 000,215,306 | ---- | M] (Europress Software) -- C:\WINDOWS\Floating Cities1.scr
[2005/07/17 12:18:51 | 000,439,808 | ---- | M] (Oh My Goddess!) -- C:\WINDOWS\GAIA.SCR
[2010/08/04 19:42:08 | 000,837,632 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\guidesaverxp.scr
[2008/02/23 21:36:51 | 000,259,904 | ---- | M] (MacSourcery) -- C:\WINDOWS\Harry Potter Match.scr
[2008/02/23 21:32:46 | 000,259,904 | ---- | M] (MacSourcery) -- C:\WINDOWS\Harry Potter.scr
[2006/09/10 20:43:33 | 000,759,808 | ---- | M] (Jeffrey A. Menish) -- C:\WINDOWS\lingerie.scr
[2008/06/07 23:46:53 | 000,403,232 | ---- | M] (MacSourcery) -- C:\WINDOWS\Monopoly.scr
[1998/05/31 19:49:42 | 000,941,186 | ---- | M] () -- C:\WINDOWS\MOONMEN.SCR
[2003/11/19 08:57:44 | 000,135,168 | ---- | M] () -- C:\WINDOWS\Pagan II Saver.scr
[2003/10/07 09:36:17 | 000,843,776 | ---- | M] (nabocorp.) -- C:\WINDOWS\picsaver.scr
[2001/11/25 20:57:00 | 000,548,864 | ---- | M] (Preferred Computer Services) -- C:\WINDOWS\PlanetDextersLab Screen Saver.scr
[2007/07/26 22:58:08 | 000,466,944 | ---- | M] () -- C:\WINDOWS\Screen Saver 1.scr
[2008/03/15 21:06:55 | 000,471,040 | ---- | M] (ScreenTime Media) -- C:\WINDOWS\sd_gs_saver1.scr
[2003/03/10 11:27:54 | 000,081,920 | ---- | M] ( ) -- C:\WINDOWS\SETIhome.scr
[2004/08/30 18:47:20 | 000,524,288 | ---- | M] (Oh My Goddess!) -- C:\WINDOWS\She.scr
[2005/07/04 20:07:29 | 000,060,768 | ---- | M] () -- C:\WINDOWS\ssBEATING.SCR
[2005/08/13 23:35:52 | 000,111,724 | ---- | M] () -- C:\WINDOWS\ssID4HWSS.scr
[1999/05/09 11:53:30 | 000,064,608 | ---- | M] () -- C:\WINDOWS\ssINSTALDL.SCR
[2001/04/18 14:25:10 | 000,363,008 | ---- | M] () -- C:\WINDOWS\Tardis.scr
[1998/12/07 00:17:28 | 000,759,808 | ---- | M] (Jeffrey A. Menish) -- C:\WINDOWS\WetLook.scr
[2005/07/06 02:27:18 | 000,180,736 | ---- | M] (Preferred Computer Services) -- C:\WINDOWS\Zodiac_Saver.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2004/08/26 05:53:19 | 000,094,208 | ---- | M] () -- C:\WINDOWS\System32\config\default.sav
[2004/08/26 05:53:18 | 000,634,880 | ---- | M] () -- C:\WINDOWS\System32\config\software.sav
[2004/08/26 05:53:18 | 000,864,256 | ---- | M] () -- C:\WINDOWS\System32\config\system.sav

< %PROGRAMFILES%\bak. /s >
[2010/10/25 20:54:00 | 000,000,000 | ---D | M] -- C:\Program Files\CM\bak

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >
[2007/01/13 01:51:43 | 000,006,144 | -HS- | M] () -- C:\WINDOWS\system32\Thumbs.db
[3 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2011/12/30 14:00:29 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\Admiral\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2004/08/26 13:09:49 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Admiral\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2011/12/30 17:35:04 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Admiral\Desktop\033ziusx.exe
[2011/12/28 02:21:24 | 001,918,464 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Admiral\Desktop\aswMBR.exe
[2011/12/31 14:36:40 | 004,358,797 | R--- | M] (Swearware) -- C:\Documents and Settings\Admiral\Desktop\ComboFix.exe
[2011/12/30 13:24:24 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Admiral\Desktop\Dabo.exe
[2011/12/31 21:07:26 | 000,584,192 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Admiral\Desktop\OTL.exe
[2011/12/28 15:43:44 | 001,578,288 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Admiral\Desktop\tdsskiller.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/11/19 00:15:05 | 000,012,113 | ---- | M] () -- C:\WINDOWS\mr310twc.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2011/12/30 14:00:30 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Admiral\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/03/02 22:35:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\cmn_upld.log
[2010/01/24 16:41:53 | 000,000,252 | ---- | M] () -- C:\Documents and Settings\All Users\FastPics.log
[2010/01/30 15:17:39 | 000,000,427 | ---- | M] () -- C:\Documents and Settings\All Users\lxee.log
[2010/08/17 19:37:50 | 000,129,200 | ---- | M] () -- C:\Documents and Settings\All Users\lxeeJSW.log
[2011/12/31 21:16:19 | 000,173,204 | ---- | M] () -- C:\Documents and Settings\All Users\lxeescan.log
[2010/03/02 22:35:35 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\LxWbGwLog.log
[2010/01/24 15:33:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\UpdaterLog.txt

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >
Floating Cities1.exe
Harry Potter Match.exe
Harry Potter.exe
Image Compress 1.0.exe
PlanetDextersLab Screen Saver.exe
Roman Numerals.exe

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/12/31 21:26:04 | 000,016,384 | -HS- | M] () -- C:\Documents and Settings\Admiral\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 21:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 19:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2004/08/04 10:06:34 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2004/08/04 10:06:34 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2008/05/02 09:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 12:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 19:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2004/08/04 10:06:36 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2004/08/04 10:06:36 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2004/08/04 10:06:36 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2005/11/15 18:27:30 | 000,005,120 | -HS- | M] () -- C:\Program Files\Messenger\Thumbs.db
[2004/08/04 10:06:36 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/08/04 10:06:36 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Files - Unicode (All) ==========
[2005/07/20 13:16:31 | 000,000,000 | ---D | M](C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\€
[2005/07/20 13:16:31 | 000,000,000 | ---D | C](C:\WINDOWS\System32\?) -- C:\WINDOWS\System32\€

========== Alternate Data Streams ==========

@Alternate Data Stream - 976 bytes -> C:\WINDOWS\Vampirella Logo.bmp:Sorbet Icon
@Alternate Data Stream - 976 bytes -> C:\WINDOWS\Starfield 3.bmp:Sorbet Icon
@Alternate Data Stream - 916 bytes -> C:\WINDOWS\Star Scene.bmp:Sorbet Icon
@Alternate Data Stream - 916 bytes -> C:\WINDOWS\Pool.bmp:Sorbet Icon
@Alternate Data Stream - 916 bytes -> C:\WINDOWS\Desert Sands.bmp:Sorbet Icon
@Alternate Data Stream - 916 bytes -> C:\WINDOWS\bck_entd.bmp:Sorbet Icon
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\BATS.SCR:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\lingerie.scr:SummaryInformation
@Alternate Data Stream - 88 bytes -> C:\WINDOWS\GAIA.SCR:SummaryInformation
@Alternate Data Stream - 856 bytes -> C:\WINDOWS\Transformers 2.bmp:Sorbet Icon
@Alternate Data Stream - 856 bytes -> C:\WINDOWS\bricks.bmp:Sorbet Icon
@Alternate Data Stream - 796 bytes -> C:\WINDOWS\horgahn.bmp:Sorbet Icon
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\notebook.bmp:Sorbet Icon
@Alternate Data Stream - 76 bytes -> C:\WINDOWS\Dark Edge.bmp:Sorbet Icon
@Alternate Data Stream - 736 bytes -> C:\WINDOWS\modalnodes.bmp:Sorbet Icon
@Alternate Data Stream - 736 bytes -> C:\WINDOWS\Blessed Be.bmp:Sorbet Icon
@Alternate Data Stream - 676 bytes -> C:\WINDOWS\bg-stratego.bmp:Sorbet Icon
@Alternate Data Stream - 676 bytes -> C:\WINDOWS\Batman & Robin.bmp:Sorbet Icon
@Alternate Data Stream - 616 bytes -> C:\WINDOWS\Green Grid.bmp:Sorbet Icon
@Alternate Data Stream - 436 bytes -> C:\WINDOWS\Space Scene.bmp:Sorbet Icon
@Alternate Data Stream - 436 bytes -> C:\WINDOWS\Fire Border.bmp:Sorbet Icon
@Alternate Data Stream - 436 bytes -> C:\WINDOWS\CelebPics.bmp:Sorbet Icon
@Alternate Data Stream - 436 bytes -> C:\WINDOWS\6090_lg.bmp:Sorbet Icon
@Alternate Data Stream - 4248 bytes -> C:\WINDOWS\1STBOOT.BMP:Sorbet Icon
@Alternate Data Stream - 197753 bytes -> C:\WINDOWS\Marisol's Blue.bmp:yklysw
@Alternate Data Stream - 197753 bytes -> C:\WINDOWS\Iran Art.bmp:wbxnvk
@Alternate Data Stream - 197753 bytes -> C:\WINDOWS\_default.pif:xfbcdw
@Alternate Data Stream - 197753 bytes -> C:\WINDOWS\_default.pif:ljbfmy
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\tealrosebk1.bmp:Sorbet Icon
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\Dark Passage.bmp:Sorbet Icon
@Alternate Data Stream - 196 bytes -> C:\WINDOWS\Bat Border.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Zapotec.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\White Satin.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Water.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Water Drops.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Water Drops 2.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Sun Wall.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Sun Surface.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Strawberries.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\stars 2.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Star Field.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\SQUARES.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\spmoney1.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Soap Bubbles.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Shower Wall.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\sgc confidential.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\SGC Back.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Script Tiles.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\River Sumida.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Rhododendron.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\redstarfield.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\redback.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Red Velvet.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\rainforest_hills_dark.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Purple Velvet.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Purple Plasma.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Prairie Wind.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\pentblk.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Party Gods.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Mystique POD.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Marisol's Blue.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\klingbac.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\honeymosaic.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Greenstone.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Green Tile.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gone Fishing.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gold Weave.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gold Plasma.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gold Cloth.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Forest.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\forest 2.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\FeatherTexture.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\emachines_32.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Dune18.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Concrete wall.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Coffee Bean.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Circles.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\celtsnakebr.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Cat-vat.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Carved Stone.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Bubbles.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\bricks 2.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Brick Wall 2.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue-Green Velvet.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Rivets.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Plasma.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Lace 16.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Diamond Ghost.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\bgcircle.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\bb8.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\background.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\APPentCBtn.bmp:Sorbet Icon
@Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Altair 4 Sky.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\wood.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Violet Cloud.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Thundercat Blue.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Orange Circles.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\moonlit night.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Knight.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Green Velvet.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Greatest American Hero.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Dark Blue Velvet.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Brown Tardis.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Black Thatch.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\atari3.bmp:Sorbet Icon
@Alternate Data Stream - 1756 bytes -> C:\WINDOWS\9.bmp:Sorbet Icon
@Alternate Data Stream - 1696 bytes -> C:\WINDOWS\pent-but.bmp:Sorbet Icon
@Alternate Data Stream - 1696 bytes -> C:\WINDOWS\OEMLOGO.BMP:Sorbet Icon
@Alternate Data Stream - 1696 bytes -> C:\WINDOWS\leatherbound3.bmp:Sorbet Icon
@Alternate Data Stream - 1696 bytes -> C:\WINDOWS\italback.bmp:Sorbet Icon
@Alternate Data Stream - 1696 bytes -> C:\WINDOWS\FLOCK.bmp:Sorbet Icon
@Alternate Data Stream - 1696 bytes -> C:\WINDOWS\ataribk.bmp:Sorbet Icon
@Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Shining Stars.bmp:Sorbet Icon
@Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Metal Links.bmp:Sorbet Icon
@Alternate Data Stream - 1636 bytes -> C:\WINDOWS\MARBLE.bmp:Sorbet Icon
@Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Houndstooth.bmp:Sorbet Icon
@Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Galactic Symbols.bmp:Sorbet Icon
@Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Emblems.bmp:Sorbet Icon
@Alternate Data Stream - 1636 bytes -> C:\WINDOWS\2600 wall paper.bmp:Sorbet Icon
@Alternate Data Stream - 1576 bytes -> C:\WINDOWS\uhura1b1.bmp:Sorbet Icon
@Alternate Data Stream - 1576 bytes -> C:\WINDOWS\SWLM_G_Lotus.bmp:Sorbet Icon
@Alternate Data Stream - 1576 bytes -> C:\WINDOWS\roundels.bmp:Sorbet Icon
@Alternate Data Stream - 1576 bytes -> C:\WINDOWS\Japan1.bmp:Sorbet Icon
@Alternate Data Stream - 1576 bytes -> C:\WINDOWS\Japan.bmp:Sorbet Icon
@Alternate Data Stream - 1576 bytes -> C:\WINDOWS\Holodeck.bmp:Sorbet Icon
@Alternate Data Stream - 1516 bytes -> C:\WINDOWS\panic_background.bmp:Sorbet Icon
@Alternate Data Stream - 1516 bytes -> C:\WINDOWS\Lightning Bolt.bmp:Sorbet Icon
@Alternate Data Stream - 1516 bytes -> C:\WINDOWS\Lavender Roses.bmp:Sorbet Icon
@Alternate Data Stream - 1516 bytes -> C:\WINDOWS\Blue Cube.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\VIR.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\TAUR.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Silver Sheets.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\SCO.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\SAG.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\PISC.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\LIB.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\LEO.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Julian Cabeza.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Two.bmp:Sorbet Icon

 

[kenobi575]

OTL pt.4

@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Three.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Four.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Five.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Godzilla.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\GEM.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\egypt2.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\CAP.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\CAN.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\bkg.bmp:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\ARI.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\AQU.BMP:Sorbet Icon
@Alternate Data Stream - 1456 bytes -> C:\WINDOWS\12WALL1.BMP:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\UFP Back.bmp:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\stars 3.bmp:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Question Mark.bmp:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Lake Sunset.bmp:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Julian's Artwork.bmp:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\bwfinal.bmp:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Birthday Wallpaper.bmp:Sorbet Icon
@Alternate Data Stream - 1396 bytes -> C:\WINDOWS\ARCHES.bmp:Sorbet Icon
@Alternate Data Stream - 136 bytes -> C:\WINDOWS\Olive Green.bmp:Sorbet Icon
@Alternate Data Stream - 136 bytes -> C:\WINDOWS\Dark Passage 2.bmp:Sorbet Icon
@Alternate Data Stream - 136 bytes -> C:\WINDOWS\china.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\wabperifire.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\The Tardis.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\stars.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\OEMWALL.BMP:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Ocean.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Iran Art.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd4.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd3.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd2.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd1.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\greenbrick.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\gornlog2.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Godzilla 2.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\frogger 2600.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Crystal Ball.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Clouds.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Cancun_Sunset.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\bgi0207a.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\am.bmp:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\86WALL3.BMP:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\86WALL2.BMP:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\86WALL1.BMP:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\64WALL2.BMP:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\64WALL1.BMP:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\10WALL2.BMP:Sorbet Icon
@Alternate Data Stream - 1336 bytes -> C:\WINDOWS\10WALL1.BMP:Sorbet Icon
@Alternate Data Stream - 1276 bytes -> C:\WINDOWS\World Map.bmp:Sorbet Icon
@Alternate Data Stream - 1276 bytes -> C:\WINDOWS\Phantom Streaks.bmp:Sorbet Icon
@Alternate Data Stream - 1276 bytes -> C:\WINDOWS\Money.bmp:Sorbet Icon
@Alternate Data Stream - 1276 bytes -> C:\WINDOWS\Chocolates.bmp:Sorbet Icon
@Alternate Data Stream - 1216 bytes -> C:\WINDOWS\Kernunnos.bmp:Sorbet Icon
@Alternate Data Stream - 1216 bytes -> C:\WINDOWS\electric.bmp:Sorbet Icon
@Alternate Data Stream - 1216 bytes -> C:\WINDOWS\Champagne Glasses.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Transformers.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\silkpink.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Nebula.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Lover's Tree.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\glyph-bg.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Ent 1701.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\DS9.bmp:Sorbet Icon
@Alternate Data Stream - 1156 bytes -> C:\WINDOWS\bloodstone.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\stonewall.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Starfield 4.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Star Spiral.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Star Field 2.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Kathy Signature.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Doc & Dalek.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Computer Text.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\clouds 2.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Cherries.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Chemistrytheme Wallpaper.bmp:Sorbet Icon
@Alternate Data Stream - 1096 bytes -> C:\WINDOWS\blessed.bmp:Sorbet Icon
@Alternate Data Stream - 1036 bytes -> C:\WINDOWS\Twi'lek Background.bmp:Sorbet Icon
@Alternate Data Stream - 1036 bytes -> C:\WINDOWS\honeycomb.bmp:Sorbet Icon
@Alternate Data Stream - 1036 bytes -> C:\WINDOWS\CLRNOTES.bmp:Sorbet Icon
@Alternate Data Stream - 1036 bytes -> C:\WINDOWS\Chinese Star.bmp:Sorbet Icon

< End of report

 

[kenobi575]

Extras

OTL Extras logfile created on: 1/1/2012 12:35:32 AM - Run 1
OTL by OldTimer - Version 3.2.31.0 Folder = C:\Documents and Settings\Admiral\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.94 Gb Total Physical Memory | 1.13 Gb Available Physical Memory | 58.22% Memory free
2.45 Gb Paging File | 1.96 Gb Available in Paging File | 79.96% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 108.07 Gb Total Space | 63.24 Gb Free Space | 58.52% Space Free | Partition Type: NTFS
Drive D: | 3.71 Gb Total Space | 1.67 Gb Free Space | 45.12% Space Free | Partition Type: FAT32
Drive G: | 6.67 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive H: | 981.05 Mb Total Space | 56.50 Mb Free Space | 5.76% Space Free | Partition Type: FAT

Computer Name: ALBERT | User Name: Admiral | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Image Eye index] -- C:\Program Files\Image Eye\ImageEye.exe -index "%1\"
Directory [PaqRat.Browse] -- "C:\Program Files\Insanely Great Things\PaqRat\paqrat.exe" "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"8097:TCP" = 8097:TCP:*:Enabled:EarthLink UHP Modem Support

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\PublicProfile]
"enablefirewall" = 0

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\lxeecoms.exe" = C:\WINDOWS\system32\lxeecoms.exe:*:Enabledro700 Series Server -- ( )
"C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe" = C:\Program Files\Abbyy FineReader 6.0 Sprint\Scan\ScanMan6.exe:*:Enabled:ABBYY FineReader -- (ABBYY (BIT Software))
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- (Opera Software)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{02C2F0BB-B480-4121-BE86-33B70E53070B}" = Perfect PDF Creator Essentials
"{1017A80C-6F09-4548-A84D-EDD6AC9525F0}" = Lexmark Toolbar
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{228F6876-A313-40A3-91C0-C3CBE6997D09}" = Symantec
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java(TM) 6 Update 26
"{26A24AE4-039D-4CA4-87B4-2F83216023F0}" = Java(TM) 6 Update 23
"{28C2DED6-325B-4CC7-983A-1777C8F7FBAB}" = RealUpgrade 1.1
"{2908F0CB-C1D4-447F-97A2-CFC135C9F8D4}" = Internet Worm Protection
"{2934DCB0-F8EE-11E0-A4A5-B8AC6F97B88E}" = Google Earth Plug-in
"{2A697B53-0DE3-42DA-B41D-C3F804B1C538}" = iTunes
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{2DA85B02-13C0-4E6D-9A76-22E6B3DD0CB2}" = SymNet
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java(TM) 6 Update 7
"{32A9C5B3-D166-4C6D-A11E-A54473150000}" = Java 3D 1.5.2
"{341E1C05-5091-418F-B862-C28253A99F25}" = BOINC
"{34EEB1F5-E939-40A1-A6BA-957282A4B2C8}" = Norton AntiVirus Help
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E9}" = Microsoft Digital Image Library 10
"{3F854FE1-FC68-4D80-9AF2-439B6981F24A}" = EnGraph QuickTimeKiller
"{416D80BA-6F6D-4672-B7CF-F54DA2F80B44}" = Microsoft Works
"{42756145-9997-4D28-809B-8756BFD00109}" = Microsoft Digital Image Pro 10
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4F2713B0-26B8-4921-83B8-5936AB2C1205}" = Kidware.Net Photo Color
"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features
"{56C049BE-79E9-4502-BEA7-9754A3E60F9B}" = neroxml
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5863B6EF-76D0-4FF8-AA2F-EEBE7CC49DAA}" = ArcSoft PhotoImpression 5
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{65563451-00B6-458C-9F9A-03A7757355A6}" = Compact Wireless-G USB Network Adapter with SpeedBooster
"{65E4833F-CA1B-11D5-A227-0050BA4AC847}" = Combat
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6ED53E0C-EAC0-4F0F-947D-6BA817E4C8C3}" = HostsMan 3.2.70 Beta6
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7770E71B-2D43-4800-9CB3-5B6CAAEBEBEA}" = RealNetworks - Microsoft Visual C++ 2008 Runtime
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{77F9D52A-C8D7-4FE8-8510-19FC6CF75BC3}" = Access Drivers
"{7F76233C-68C4-4921-B906-DE7FFE8A3848}" = ClassMaster 4.0
"{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"{83d96ed0-98aa-4515-8ddc-816f3efdd104}" = MyDSC2
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{8AB0E0DC-E80D-43D5-956C-7A4840938411}" = ArcSoft Collage Creator
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{8ECBE643-8230-11D5-9D6B-00A024112F81}" = VDMSound 2.0.4
"{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}" = TomTom HOME Visual Studio Merge Modules
"{90110409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91190409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Publisher 2003
"{98EFD8F0-08DE-48DB-B922-A2EBAB711033}" = Nero 7 Essentials
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1960A82-DB70-474D-A86B-FA74466103C6}" = Drivers Install For Linksys Easylink Advisor
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9CA9E18-F14C-4875-83A5-2CC40340FA95}" = Microsoft Global IME for Office XP (Korean)
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X (10.0.1)
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{BD12EB47-DBDF-11D3-BEEA-00A0CC272509}" = Norton AntiVirus Corporate Edition
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C7A8AA10-B632-42F8-9F57-A16FDCE0601E}" = Clock Screen Saver
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBDF1A29-D7F6-4E65-89F5-3300D475D6B9}" = Bing Bar
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}" = getPlus(R) for Adobe
"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype™ 4.1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D1B3874F-3057-11D6-B2EA-0050BA18806B}" = Camera Driver
"{D2C5E510-BE6D-42CC-9F61-E4F939078474}" = Lexmark Printable Web
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D327AFC9-7BAA-473A-8319-6EB7A0D40138}" = Symantec Script Blocking Installer
"{D5462C8A-D08C-4163-8293-82F2E11A2760}" = Trend Micro TrendProtect for Internet Explorer
"{DC1D7AD2-583A-4024-9041-387E8FFA5D8C}" = MediaFACE II
"{DC367608-64A7-4BF7-92F4-8BAA25BA02DB}" = ccCommon
"{E5EE9939-259F-4DE2-8023-5C49E16A4F43}" = Norton AntiVirus Parent MSI
"{E699EC58-B5A5-4C6A-9EA2-E22D52A80CD2}" = Trend Micro TrendProtect for Firefox
"{E6B87DC4-2B3D-4483-ADFF-E483BF718991}" = OpenOffice.org 3.1
"{E9DF086C-8771-4DA0-919B-5437CA1F12A7}" = USB-Flash Disk
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{F45298E5-0083-426F-A668-1A2C5F04B8A0}" = FaxTools
"{F64306A5-4C32-41bb-B153-53986527FAB4}" = Norton WMI Update
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"100 Happy Money 3 Screen Saver_is1" = 100 Happy Money Screen Saver 3.0
"7-Zip" = 7-Zip 4.57
"Absolute Uninstaller_is1" = Absolute Uninstaller 2.5
"Active Disk" = Active Disk
"Activision_AsteroidsUninstallKey" = Asteroids
"Activision_SpaceInvadersUninstallKey" = Space Invaders
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 11 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 11 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"aignesamdeadlink_is1" = AM-DeadLink 3.1
"Amazon Add to Wish List IE Extension" = Amazon Add to Wish List IE Extension 1.1
"AOL YGP Screensaver" = AOL You've Got Pictures Screensaver
"Atomic Clock Sync" = Atomic Clock Sync
"Autorun Eater_is1" = Autorun Eater v2.3
"Belarc Advisor" = Belarc Advisor 7.2
"BigFix" = BigFix
"CCleaner" = CCleaner
"Checkmate" = Checkmate
"CleanUp!" = CleanUp!
"Clue" = Clue
"C-Media PCI Sound" = Xtreme Sound PCI
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = SoftV92 Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dancing Pagans Screensaver" = Dancing Pagans Screensaver
"Destiny of the Doctors" = Destiny of the Doctors
"D-Fend v2" = D-Fend v2
"DirectXMediaRuntime" = DirectX Media Runtime 5.1
"DoctorWho3D" = www.UselessCreations.com - Doctor Who 3D Screensaver v1.5
"doPDF 6 printer_is1" = doPDF 6.2 printer
"DVD Audio Ripper 4" = DVD Audio Ripper 4
"Easy Video Downloader_is1" = Easy Video Downloader v. 2.1
"EasyLinkAdvisor" = Linksys EasyLink Advisor 1.6 (0044)
"Enterprise3D" = www.UselessCreations.com - Enterprise 3D Screensaver v1.0
"ESET Online Scanner" = ESET Online Scanner v3
"ETCR" = ETCR
"Flash Capture_is1" = Flash Capture 1.20
"Flash saver" = Flash saver
"GetRight" = GetRight
"Ghoul's Delight Screen Saver" = Ghoul's Delight Screen Saver
"GIF Construction Set Professional" = GIF Construction Set Professional
"Gliding Balls Screensaver" = Gliding Balls Screensaver
"Graphic Converter 2003" = Graphic Converter 2003
"Halloween Haunting 2003" = Halloween Haunting 2003 Screen Saver
"Hampster Dance" = Hampster Dance
"Hieroglyphs Screen Saver" = Hieroglyphs Screen Saver
"HijackThis" = HijackThis 2.0.2
"hp deskjet 3600 series_Driver" = hp deskjet 3600 series
"Icon Snatcher Version 3.6.1_is1" = Icon Snatcher Version 3.6.1
"Icon Viewer 3.5_is1" = Icon Viewer 3.5
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie8" = Windows Internet Explorer 8
"Image Eye" = Image Eye v7.1
"Innovatools Add/Remove Plus!_is1" = Innovatools Add/Remove Plus! 5.0
"InstallShield_{81EED1A1-AE78-4B11-BE47-C6AE9F5E87F1}" = Digital Media Reader
"IomegaWare" = IomegaWare 4.0.2
"JMV Sorbet" = JMV Sorbet
"KC Softwares KCleaner_is1" = KC Softwares KCleaner
"KOIELangPack" = Korean Language Support
"Lexmark Pro700 Series" = Lexmark Pro700 Series
"Lexmark X1100 Series" = Lexmark X1100 Series
"LiveReg" = LiveReg (Symantec Corporation)
"LiveUpdate" = LiveUpdate 2.5 (Symantec Corporation)
"Make-Your-Own-Opoly" = Make-Your-Own-Opoly
"Malwarebytes' Anti-Malware_is1" = Malwarebytes Anti-Malware version 1.60.0.1800
"Mavericks Casino" = Mavericks Casino
"McDougal Littell Test Generator" = McDougal Littell Test Generator
"Microangelo 98" = Microangelo 98
"Micrografx Picture Publisher 7" = Micrografx Picture Publisher 7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Missile Command" = Missile Command
"Mozilla Firefox 8.0 (x86 en-US)" = Mozilla Firefox 8.0 (x86 en-US)
"Mozilla Thunderbird (2.0.0.17)" = Mozilla Thunderbird (2.0.0.17)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"NCR Label Formats for MS Word Setup" = NCR Label Formats for MS Word Setup
"Nero BurnRights!UninstallKey" = Nero BurnRights
"Netscape Navigator (9.0.0.5)" = Netscape Navigator (9.0.0.5)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"OE-Mail Recovery_is1" = OE-Mail Recovery 1.7.6
"Opera 11.51.1087" = Opera 11.51
"Pagan Daybook II" = Pagan Daybook II
"Pagan Heart Balls Screensaver Screensaver" = Pagan Heart Balls Screensaver Screensaver
"Pagan Heart Balls2 Screensaver" = Pagan Heart Balls2 Screensaver
"Pagan Heart Faces Screensaver" = Pagan Heart Faces Screensaver
"PaqRat" = PaqRat
"Picasa2" = Picasa 2
"PictureItSuite_v10" = Microsoft Digital Image Suite 10
"Pop-Up Stopper" = Pop-Up Stopper
"Project1 Screensaver" = Project1 Screensaver
"Quick StartUp_is1" = Quick StartUp 2.3
"RealPlayer 12.0" = RealPlayer
"Registry Repair_is1" = Glarysoft Registry Repair 2.7
"sd_gs_saver1" = sd_gs_saver1 Screen Saver
"SeaMonkey (1.1.11)" = SeaMonkey (1.1.11)
"Serandom Screensaver Licensed Version_is1" = Serandom Screensaver v2
"SereneScreen Aquarium_is1" = SereneScreen Aquarium
"She Screen Saver" = She Screen Saver
"SinkSub Pro" = SinkSub Pro
"Snappy40" = Snappy Video Snapshot 4.0
"Speccy" = Speccy
"Spellbound_is1" = Spellbound
"SpywareBlaster_is1" = SpywareBlaster 4.5
"SpywareGuard_is1" = SpywareGuard v2.2
"ST4UNST #1" = Runes the Ancient Oracle
"ST6UNST #1" = PlanetDextersLab Screen Saver
"ST6UNST #2" = VBGold TurboSplit V.1.2
"Star Trek: The Game Show" = Star Trek: The Game Show
"TomTom HOME" = TomTom HOME 2.8.2.2264
"Tweak UI 2.10" = Tweak UI
"Undersea Screensaver" = Undersea Screensaver
"USA Flag" = USA Flag
"ViewpointMediaPlayer" = Viewpoint Media Player
"Wallpaper Master_is1" = Wallpaper Master Pro v1.51
"WetLook" = WetLook
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XP Icon Wars Screensaver" = XP Icon Wars Screensaver
"Yahoo! Companion" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager
"ZoneAlarm" = ZoneAlarm

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/28/2011 8:16:32 PM | Computer Name = ALBERT | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Incorrect function.

Error - 12/28/2011 8:51:59 PM | Computer Name = ALBERT | Source = Userenv | ID = 1505
Description = Windows cannot load the user's profile but has logged you on with
the default profile for the system. DETAIL - Incorrect function.

Error - 12/28/2011 8:58:42 PM | Computer Name = ALBERT | Source = Application Hang | ID = 1002
Description = Hanging application iexplore.exe, version 8.0.6001.18702, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 12/31/2011 7:44:31 PM | Computer Name = ALBERT | Source = True Vector Engine | ID = 1
Description =

Error - 12/31/2011 7:44:33 PM | Computer Name = ALBERT | Source = True Vector Engine | ID = 1
Description =

Error - 12/31/2011 7:44:39 PM | Computer Name = ALBERT | Source = True Vector Engine | ID = 1
Description =

Error - 12/31/2011 7:45:06 PM | Computer Name = ALBERT | Source = True Vector Engine | ID = 1
Description =

Error - 12/31/2011 7:45:06 PM | Computer Name = ALBERT | Source = True Vector Engine | ID = 1
Description =

Error - 12/31/2011 10:11:15 PM | Computer Name = ALBERT | Source = MsiInstaller | ID = 10005
Description = Product: Norton AntiVirus Corporate Edition -- Error 25012.Setup has
detected that one or more Norton AntiVirus device drivers have been marked for
deletion. You must re-start Windows NT before Norton AntiVirus can be re-installed.

Error - 1/1/2012 1:09:15 AM | Computer Name = ALBERT | Source = Norton AntiVirus | ID = 16711685
Description = Virus Found!Virus name: Backdoor.Trojan in File: C:\WINDOWS\Purge
Directory\Back up\Themes\icchess.zip>>Chess/Chess.exe>>Chess.scr by: Manual scan.
Action: Clean failed : Quarantine succeeded : Virus Found!Virus name: in File:
C:\WINDOWS\Purge Directory\Back up\Themes\icchess.zip by: Manual scan. Action:
Clean failed : Quarantine succeeded :

[ System Events ]
Error - 12/31/2011 10:18:41 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:18:50 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:18:59 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:19:07 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:19:15 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:19:23 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:19:32 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:19:40 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:19:48 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.

Error - 12/31/2011 10:19:55 PM | Computer Name = ALBERT | Source = Cdrom | ID = 262155
Description = The driver detected a controller error on \Device\CdRom0.


< End of report >

 

[Broni]

I can't proceed.
You didn't say:

How is computer doing?

 

[kenobi575]

The computer is doing much better - I am in normal mode and have been able to run all scans from there. I can see no further sign of the infection. Did you get the enitire logs? I had to break up the OTL into parts - it was so large.

 

[Broni]

Good news

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  SRV - [2003/06/20 03:41:54 | 000,914,528 | ---- | M] (Zone Labs Inc.) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
  DRV - [2003/06/20 03:41:46 | 000,177,696 | ---- | M] (Zone Labs Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\vsdatant.sys -- (vsdatant)
  O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
  O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
  O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Key error.)
  O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} http://wwwimages.adobe.com/www.adobe...bat/nos/gp.cab (Reg Error: Key error.)
  O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
  [2010/12/31 15:12:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\hIjDh06300
  @Alternate Data Stream - 976 bytes -> C:\WINDOWS\Vampirella Logo.bmp:Sorbet Icon
  @Alternate Data Stream - 976 bytes -> C:\WINDOWS\Starfield 3.bmp:Sorbet Icon
  @Alternate Data Stream - 916 bytes -> C:\WINDOWS\Star Scene.bmp:Sorbet Icon
  @Alternate Data Stream - 916 bytes -> C:\WINDOWS\Pool.bmp:Sorbet Icon
  @Alternate Data Stream - 916 bytes -> C:\WINDOWS\Desert Sands.bmp:Sorbet Icon
  @Alternate Data Stream - 916 bytes -> C:\WINDOWS\bck_entd.bmp:Sorbet Icon
  @Alternate Data Stream - 88 bytes -> C:\WINDOWS\System32\BATS.SCR:SummaryInformation
  @Alternate Data Stream - 88 bytes -> C:\WINDOWS\lingerie.scr:SummaryInformation
  @Alternate Data Stream - 88 bytes -> C:\WINDOWS\GAIA.SCR:SummaryInformation
  @Alternate Data Stream - 856 bytes -> C:\WINDOWS\Transformers 2.bmp:Sorbet Icon
  @Alternate Data Stream - 856 bytes -> C:\WINDOWS\bricks.bmp:Sorbet Icon
  @Alternate Data Stream - 796 bytes -> C:\WINDOWS\horgahn.bmp:Sorbet Icon
  @Alternate Data Stream - 76 bytes -> C:\WINDOWS\notebook.bmp:Sorbet Icon
  @Alternate Data Stream - 76 bytes -> C:\WINDOWS\Dark Edge.bmp:Sorbet Icon
  @Alternate Data Stream - 736 bytes -> C:\WINDOWS\modalnodes.bmp:Sorbet Icon
  @Alternate Data Stream - 736 bytes -> C:\WINDOWS\Blessed Be.bmp:Sorbet Icon
  @Alternate Data Stream - 676 bytes -> C:\WINDOWS\bg-stratego.bmp:Sorbet Icon
  @Alternate Data Stream - 676 bytes -> C:\WINDOWS\Batman & Robin.bmp:Sorbet Icon
  @Alternate Data Stream - 616 bytes -> C:\WINDOWS\Green Grid.bmp:Sorbet Icon
  @Alternate Data Stream - 436 bytes -> C:\WINDOWS\Space Scene.bmp:Sorbet Icon
  @Alternate Data Stream - 436 bytes -> C:\WINDOWS\Fire Border.bmp:Sorbet Icon
  @Alternate Data Stream - 436 bytes -> C:\WINDOWS\CelebPics.bmp:Sorbet Icon
  @Alternate Data Stream - 436 bytes -> C:\WINDOWS\6090_lg.bmp:Sorbet Icon
  @Alternate Data Stream - 4248 bytes -> C:\WINDOWS\1STBOOT.BMP:Sorbet Icon
  @Alternate Data Stream - 197753 bytes -> C:\WINDOWS\Marisol's Blue.bmp:yklysw
  @Alternate Data Stream - 197753 bytes -> C:\WINDOWS\Iran Art.bmp:wbxnvk
  @Alternate Data Stream - 197753 bytes -> C:\WINDOWS\_default.pif:xfbcdw
  @Alternate Data Stream - 197753 bytes -> C:\WINDOWS\_default.pif:ljbfmy
  @Alternate Data Stream - 196 bytes -> C:\WINDOWS\tealrosebk1.bmp:Sorbet Icon
  @Alternate Data Stream - 196 bytes -> C:\WINDOWS\Dark Passage.bmp:Sorbet Icon
  @Alternate Data Stream - 196 bytes -> C:\WINDOWS\Bat Border.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Zapotec.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\White Satin.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Water.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Water Drops.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Water Drops 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Sun Wall.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Sun Surface.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Strawberries.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\stars 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Star Field.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\SQUARES.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\spmoney1.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Soap Bubbles.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Shower Wall.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\sgc confidential.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\SGC Back.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Script Tiles.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Santa Fe Stucco.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\River Sumida.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Rhododendron.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\redstarfield.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\redback.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Red Velvet.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\rainforest_hills_dark.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Purple Velvet.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Purple Plasma.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Prairie Wind.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\pentblk.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Party Gods.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Mystique POD.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Marisol's Blue.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\klingbac.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\honeymosaic.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Greenstone.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Green Tile.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gone Fishing.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gold Weave.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gold Plasma.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Gold Cloth.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Forest.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\forest 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\FeatherTexture.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\emachines_32.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Dune18.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Concrete wall.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Coffee Bean.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Circles.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\celtsnakebr.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Cat-vat.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Carved Stone.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Bubbles.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\bricks 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Brick Wall 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue-Green Velvet.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Rivets.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Plasma.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Lace 16.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Blue Diamond Ghost.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\bgcircle.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\bb8.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\background.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\APPentCBtn.bmp:Sorbet Icon
  @Alternate Data Stream - 1816 bytes -> C:\WINDOWS\Altair 4 Sky.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\wood.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Violet Cloud.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Thundercat Blue.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Orange Circles.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\moonlit night.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Knight.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Green Velvet.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Greatest American Hero.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Dark Blue Velvet.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Brown Tardis.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\Black Thatch.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\atari3.bmp:Sorbet Icon
  @Alternate Data Stream - 1756 bytes -> C:\WINDOWS\9.bmp:Sorbet Icon
  @Alternate Data Stream - 1696 bytes -> C:\WINDOWS\pent-but.bmp:Sorbet Icon
  @Alternate Data Stream - 1696 bytes -> C:\WINDOWS\OEMLOGO.BMP:Sorbet Icon
  @Alternate Data Stream - 1696 bytes -> C:\WINDOWS\leatherbound3.bmp:Sorbet Icon
  @Alternate Data Stream - 1696 bytes -> C:\WINDOWS\italback.bmp:Sorbet Icon
  @Alternate Data Stream - 1696 bytes -> C:\WINDOWS\FLOCK.bmp:Sorbet Icon
  @Alternate Data Stream - 1696 bytes -> C:\WINDOWS\ataribk.bmp:Sorbet Icon
  @Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Shining Stars.bmp:Sorbet Icon
  @Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Metal Links.bmp:Sorbet Icon
  @Alternate Data Stream - 1636 bytes -> C:\WINDOWS\MARBLE.bmp:Sorbet Icon
  @Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Houndstooth.bmp:Sorbet Icon
  @Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Galactic Symbols.bmp:Sorbet Icon
  @Alternate Data Stream - 1636 bytes -> C:\WINDOWS\Emblems.bmp:Sorbet Icon
  @Alternate Data Stream - 1636 bytes -> C:\WINDOWS\2600 wall paper.bmp:Sorbet Icon
  @Alternate Data Stream - 1576 bytes -> C:\WINDOWS\uhura1b1.bmp:Sorbet Icon
  @Alternate Data Stream - 1576 bytes -> C:\WINDOWS\SWLM_G_Lotus.bmp:Sorbet Icon
  @Alternate Data Stream - 1576 bytes -> C:\WINDOWS\roundels.bmp:Sorbet Icon
  @Alternate Data Stream - 1576 bytes -> C:\WINDOWS\Japan1.bmp:Sorbet Icon
  @Alternate Data Stream - 1576 bytes -> C:\WINDOWS\Japan.bmp:Sorbet Icon
  @Alternate Data Stream - 1576 bytes -> C:\WINDOWS\Holodeck.bmp:Sorbet Icon
  @Alternate Data Stream - 1516 bytes -> C:\WINDOWS\panic_background.bmp:Sorbet Icon
  @Alternate Data Stream - 1516 bytes -> C:\WINDOWS\Lightning Bolt.bmp:Sorbet Icon
  @Alternate Data Stream - 1516 bytes -> C:\WINDOWS\Lavender Roses.bmp:Sorbet Icon
  @Alternate Data Stream - 1516 bytes -> C:\WINDOWS\Blue Cube.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\VIR.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\TAUR.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Silver Sheets.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\SCO.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\SAG.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\PISC.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\LIB.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\LEO.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Julian Cabeza.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Two.bmp:Sorbet Icon 
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Three.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Four.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Holodeck Five.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\Godzilla.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\GEM.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\egypt2.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\CAP.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\CAN.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\bkg.bmp:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\ARI.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\AQU.BMP:Sorbet Icon
  @Alternate Data Stream - 1456 bytes -> C:\WINDOWS\12WALL1.BMP:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\UFP Back.bmp:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\stars 3.bmp:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Question Mark.bmp:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Lake Sunset.bmp:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Julian's Artwork.bmp:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\bwfinal.bmp:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\Birthday Wallpaper.bmp:Sorbet Icon
  @Alternate Data Stream - 1396 bytes -> C:\WINDOWS\ARCHES.bmp:Sorbet Icon
  @Alternate Data Stream - 136 bytes -> C:\WINDOWS\Olive Green.bmp:Sorbet Icon
  @Alternate Data Stream - 136 bytes -> C:\WINDOWS\Dark Passage 2.bmp:Sorbet Icon
  @Alternate Data Stream - 136 bytes -> C:\WINDOWS\china.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\wabperifire.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\The Tardis.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\stars.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\OEMWALL.BMP:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Ocean.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Iran Art.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd4.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd3.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd2.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\IBMBkgd1.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\greenbrick.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\gornlog2.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Godzilla 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\frogger 2600.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Crystal Ball.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Clouds.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\Cancun_Sunset.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\bgi0207a.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\am.bmp:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\86WALL3.BMP:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\86WALL2.BMP:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\86WALL1.BMP:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\64WALL2.BMP:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\64WALL1.BMP:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\10WALL2.BMP:Sorbet Icon
  @Alternate Data Stream - 1336 bytes -> C:\WINDOWS\10WALL1.BMP:Sorbet Icon
  @Alternate Data Stream - 1276 bytes -> C:\WINDOWS\World Map.bmp:Sorbet Icon
  @Alternate Data Stream - 1276 bytes -> C:\WINDOWS\Phantom Streaks.bmp:Sorbet Icon
  @Alternate Data Stream - 1276 bytes -> C:\WINDOWS\Money.bmp:Sorbet Icon
  @Alternate Data Stream - 1276 bytes -> C:\WINDOWS\Chocolates.bmp:Sorbet Icon
  @Alternate Data Stream - 1216 bytes -> C:\WINDOWS\Kernunnos.bmp:Sorbet Icon
  @Alternate Data Stream - 1216 bytes -> C:\WINDOWS\electric.bmp:Sorbet Icon
  @Alternate Data Stream - 1216 bytes -> C:\WINDOWS\Champagne Glasses.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Transformers.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\silkpink.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Nebula.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Lover's Tree.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\glyph-bg.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\Ent 1701.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\DS9.bmp:Sorbet Icon
  @Alternate Data Stream - 1156 bytes -> C:\WINDOWS\bloodstone.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\stonewall.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Starfield 4.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Star Spiral.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Star Field 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Kathy Signature.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Doc & Dalek.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Computer Text.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\clouds 2.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Cherries.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\Chemistrytheme Wallpaper.bmp:Sorbet Icon
  @Alternate Data Stream - 1096 bytes -> C:\WINDOWS\blessed.bmp:Sorbet Icon
  @Alternate Data Stream - 1036 bytes -> C:\WINDOWS\Twi'lek Background.bmp:Sorbet Icon
  @Alternate Data Stream - 1036 bytes -> C:\WINDOWS\honeycomb.bmp:Sorbet Icon
  @Alternate Data Stream - 1036 bytes -> C:\WINDOWS\CLRNOTES.bmp:Sorbet Icon
  @Alternate Data Stream - 1036 bytes -> C:\WINDOWS\Chinese Star.bmp:Sorbet Icon
  
  
  :Services
  
  :Reg
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
  "DisableMonitoring" =-
  [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
  "DisableMonitoring" =-
  
  :Files
  
  :Commands
  [purity]
  [emptytemp]
  [emptyflash]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• You will get a log that shows the results of the fix. Please post it.

==============================================================

1. Update your Java version here: http://www.java.com/en/download/installed.jsp

Note 1: UNCHECK any pre-checked toolbar and/or software offered with the Java update. The pre-checked toolbars/software are not part of the Java update.

Note 2: The Java Quick Starter (JQS.exe) adds a service to improve the initial startup time of Java applets and applications. If you don't want to run another extra service, go to Start > Control Panel > Java > Advanced > Miscellaneous and uncheck the box for Java Quick Starter. Click OK and restart your computer.

2. Now, we need to remove old Java version and its remnants...

Download JavaRa to your desktop and unzip it to its own folder

• Run JavaRa.exe (Vista users! Right click on JavaRa.exe, click Run As Administrator), pick the language of your choice and click Select. Then click Remove Older Versions.
• Accept any prompts.

============================================================

Last scans...

1. Download Security Check from HERE, and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  
  NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

• Disable your antivirus program
• Tick the box next to YES, I accept the Terms of Use
• Click Start
• Accept any security warnings from your browser.
• Check Scan archives
• Click Start
• ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
• When the scan completes, click on List of found threats
• Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
• NOTE. If Eset won't find any threats, it won't produce any log.

 

[kenobi575]

OTL log - now doing the rest...

All processes killed
========== OTL ==========
Service vsmon stopped successfully!
Service vsmon deleted successfully!
C:\WINDOWS\system32\ZoneLabs\vsmon.exe moved successfully.
Error: Unable to stop service vsdatant!
Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsdatant deleted successfully.
File move failed. C:\WINDOWS\system32\vsdatant.sys scheduled to be moved on reboot.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7}\ not found.
Starting removal of ActiveX control {E2883E8F-472F-4FB0-9522-AC9BF37916A7}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{E2883E8F-472F-4FB0-9522-AC9BF37916A7}\ not found.
Folder C:\Documents and Settings\All Users\Application Data\hIjDh06300\ not found.
ADS C:\WINDOWS\Vampirella Logo.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Starfield 3.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Star Scene.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Pool.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Desert Sands.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bck_entd.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\System32\BATS.SCR:SummaryInformation deleted successfully.
ADS C:\WINDOWS\lingerie.scr:SummaryInformation deleted successfully.
ADS C:\WINDOWS\GAIA.SCR:SummaryInformation deleted successfully.
ADS C:\WINDOWS\Transformers 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bricks.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\horgahn.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\notebook.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Dark Edge.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\modalnodes.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Blessed Be.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bg-stratego.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Batman & Robin.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Green Grid.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Space Scene.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Fire Border.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\CelebPics.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\6090_lg.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\1STBOOT.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Marisol's Blue.bmp:yklysw deleted successfully.
ADS C:\WINDOWS\Iran Art.bmp:wbxnvk deleted successfully.
ADS C:\WINDOWS\_default.pif:xfbcdw deleted successfully.
ADS C:\WINDOWS\_default.pif:ljbfmy deleted successfully.
ADS C:\WINDOWS\tealrosebk1.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Dark Passage.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Bat Border.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Zapotec.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\White Satin.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Water.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Water Drops.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Water Drops 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Sun Wall.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Sun Surface.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Strawberries.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\stars 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Star Field.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\SQUARES.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\spmoney1.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Soap Bubbles.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Shower Wall.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\sgc confidential.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\SGC Back.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Script Tiles.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Santa Fe Stucco.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\River Sumida.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Rhododendron.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\redstarfield.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\redback.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Red Velvet.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\rainforest_hills_dark.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Purple Velvet.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Purple Plasma.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Prairie Wind.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\pentblk.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Party Gods.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Mystique POD.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Marisol's Blue.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\klingbac.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\honeymosaic.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Greenstone.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Green Tile.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Gone Fishing.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Gold Weave.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Gold Plasma.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Gold Cloth.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Forest.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\forest 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\FeatherTexture.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\emachines_32.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Dune18.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Concrete wall.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Coffee Bean.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Circles.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\celtsnakebr.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Cat-vat.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Carved Stone.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Bubbles.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bricks 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Brick Wall 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Blue-Green Velvet.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Blue Rivets.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Blue Plasma.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Blue Lace 16.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Blue Diamond Ghost.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bgcircle.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bb8.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\background.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\APPentCBtn.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Altair 4 Sky.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\wood.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Violet Cloud.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Thundercat Blue.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Orange Circles.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\moonlit night.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Knight.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Green Velvet.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Greatest American Hero.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Dark Blue Velvet.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Brown Tardis.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Black Thatch.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\atari3.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\9.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\pent-but.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\OEMLOGO.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\leatherbound3.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\italback.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\FLOCK.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\ataribk.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Shining Stars.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Metal Links.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\MARBLE.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Houndstooth.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Galactic Symbols.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Emblems.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\2600 wall paper.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\uhura1b1.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\SWLM_G_Lotus.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\roundels.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Japan1.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Japan.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Holodeck.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\panic_background.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Lightning Bolt.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Lavender Roses.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Blue Cube.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\VIR.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\TAUR.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Silver Sheets.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\SCO.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\SAG.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\PISC.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\LIB.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\LEO.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Julian Cabeza.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Holodeck Two.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Holodeck Three.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Holodeck Four.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Holodeck Five.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Godzilla.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\GEM.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\egypt2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\CAP.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\CAN.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bkg.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\ARI.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\AQU.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\12WALL1.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\UFP Back.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\stars 3.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Question Mark.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Lake Sunset.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Julian's Artwork.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bwfinal.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Birthday Wallpaper.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\ARCHES.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Olive Green.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Dark Passage 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\china.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\wabperifire.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\The Tardis.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\stars.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\OEMWALL.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Ocean.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Iran Art.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\IBMBkgd4.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\IBMBkgd3.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\IBMBkgd2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\IBMBkgd1.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\greenbrick.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\gornlog2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Godzilla 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\frogger 2600.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Crystal Ball.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Clouds.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Cancun_Sunset.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bgi0207a.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\am.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\86WALL3.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\86WALL2.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\86WALL1.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\64WALL2.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\64WALL1.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\10WALL2.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\10WALL1.BMP:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\World Map.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Phantom Streaks.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Money.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Chocolates.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Kernunnos.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\electric.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Champagne Glasses.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Transformers.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\silkpink.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Nebula.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Lover's Tree.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\glyph-bg.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Ent 1701.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\DS9.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\bloodstone.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\stonewall.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Starfield 4.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Star Spiral.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Star Field 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Kathy Signature.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Doc & Dalek.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Computer Text.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\clouds 2.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Cherries.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Chemistrytheme Wallpaper.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\blessed.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Twi'lek Background.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\honeycomb.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\CLRNOTES.bmp:Sorbet Icon deleted successfully.
ADS C:\WINDOWS\Chinese Star.bmp:Sorbet Icon deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus\\DisableMonitoring deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall\\DisableMonitoring deleted successfully.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 240 bytes

User: Admiral
->Temp folder emptied: 4318086 bytes
->Temporary Internet Files folder emptied: 5336348 bytes

User: All Users

User: Corina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Corina.ALBERT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 1440 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 10247 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 16083 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 9404 bytes

Total Files Cleaned = 9.00 mb


[EMPTYFLASH]

User: Administrator

User: Admiral

User: All Users

User: Corina

User: Corina.ALBERT

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.31.0 log created on 01012012_144614

Files\Folders moved on Reboot...
C:\WINDOWS\system32\vsdatant.sys moved successfully.

Registry entries deleted on Reboot...

 

[kenobi575]

Error: Unable to stop service vsdatant!

The MBR program made reference to whatever this is - highlighted in yellow. What is it?

 

[Broni]

Zone Alarm leftovers.

Go on....

 

[kenobi575]

JavaRa ran w/o incident. I downloaded SecurityCheck from the link you posted and my TrendMicro IE monitor flashed a red warning - the website that program came from is flagged as potentially dangerous. I virus scanned the program itself and it is clean.

Should I proceed with the Security Check program?

 

[Broni]

Yes. It's totally safe.

 

[kenobi575]

Security Check log

Results of screen317's Security Check version 0.99.24
Windows XP Service Pack 3 x86
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Disabled!
ESET Online Scanner v3
Norton AntiVirus Help
Norton AntiVirus Corporate Edition
Norton AntiVirus Parent MSI
ZoneAlarm
```````````````````````````````
Anti-malware/Other Utilities Check:
Ad-Aware
SpywareBlaster 4.5
SpywareGuard v2.2
Spybot - Search & Destroy
SUPERAntiSpyware Free Edition
Trend Micro TrendProtect for Internet Explorer
Trend Micro TrendProtect for Firefox
HostsMan 3.2.70 Beta6
HijackThis 2.0.2
CCleaner
KC Softwares KCleaner
Java(TM) 6 Update 30
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Java 3D 1.5.2
Java 2 Runtime Environment, SE v1.4.2
Out of date Java installed!
Adobe Flash Player 11.1.102.55
Adobe Reader X (10.0.1) Adobe Reader Out of Date!
Mozilla Thunderbird (2.0.0) Thunderbird Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
``````````End of Log````````````

 

[Broni]

Uninstall:
Java(TM) 6 Update 23
Java(TM) 6 Update 7
Java 3D 1.5.2
Java 2 Runtime Environment, SE v1.4.2

Update Adobe Reader

You can download it from https://www.techspot.com/downloads/2083-adobe-reader-dc.html
After installing the latest Adobe Reader, uninstall all previous versions (if present).
Note. If you already have Adobe Photoshop® Album Starter Edition installed or do not wish to have it installed UNcheck the box which says Also Download Adobe Photoshop® Album Starter Edition.

Alternatively, you can uninstall Adobe Reader (33.5 MB), download and install Foxit PDF Reader(3.5MB) from HERE.
It's a much smaller file to download and uses a lot less resources than Adobe Reader.
Note: When installing FoxitReader, make sure to UN-check any pre-checked toolbar, or any other garbage.

 

[kenobi575]

I will uninstall those java elements and update Adobe as soon as Eset finishes scanning; 4 hours and only 50% done.

 

[Broni]

No problem

 

[kenobi575]

Eset finally finished at 12:30 - foound and deleted 2 things.

C:\WINDOWS\Purge Directory\Back up\Nero-6.6.1.15a.exe Win32/Toolbar.AskSBar application deleted - quarantined
C:\WINDOWS\Purge Directory\Back up\Backup 2\kcleaner.exe multiple threats deleted - quarantined

 

[kenobi575]

I removed most of the java entries you listed, there is no Java(TM) 6 Update 7 and update 23 gave a fatal error in add/remove programs and didn't remove. No apparent harm to my computer though.
It is still there in add/remove programs and ccleaner.

 

[kenobi575]

The adobe reader link you provided doesn't work - it just keeps opening repeated windows but never downloads anything.

 

[Broni]

Adobe link works fine for me.
Try different browser.

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

• Under the Custom Scans/Fixes box at the bottom, paste in the following:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot the PC when it is done
• Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

• Double-click OTL.exe to start the program.
• Close all other programs apart from OTL as this step will require a reboot
• On the OTL main screen, press the CLEANUP button
• Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current.

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. (Windows XP only) Run defrag at your convenience.

11. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

12. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

13. Please, let me know, how your computer is doing.

 

[kenobi575]

The computer appears fine but I am using a new profile since I had to change permissions on the old one to get at my files - the computer loads up a bit slower than I remember. MSconfig shows me nothing unusual and I can find nothing wrong.

Do I need to reinstal Zone Alarm? It does sound like we pretty much killed it earlier.

Here is the OTL log - I'll do the rest tomorrow after work.

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Opera cache emptied: 0 bytes

User: Admiral
->Temp folder emptied: 2401 bytes
->Temporary Internet Files folder emptied: 12972851 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 6962653 bytes
->Flash cache emptied: 456 bytes

User: All Users

User: Corina
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Corina.ALBERT
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 389796 bytes

Total Files Cleaned = 19.00 mb


[EMPTYFLASH]

User: Administrator

User: Admiral
->Flash cache emptied: 0 bytes

User: All Users

User: Corina

User: Corina.ALBERT

User: Default User

User: Guest
->Flash cache emptied: 0 bytes

User: LocalService
->Flash cache emptied: 0 bytes

User: NetworkService
->Flash cache emptied: 0 bytes

User: Owner

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.31.0 log created on 01022012_013115

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

 

[Broni]

Is ZoneAlarm your current AV and firewall?
I'm asking because I can see Norton running as well.

 

[kenobi575]

I want it to be - it's just the firewall. I did reinstall Norton as my AV when you asked me to put one in. Zone Alarm is currently not running according to Windows.