Inactive "The maximum number of secrets that may be stored in a single system has exceeded..."

Status
Not open for further replies.
My computer is running fine, it's just telling me that the Windows File Protection wants the CD and wants to replace the files it finds with the original ones. I don't know whether or not to say Yes or No so I just put it aside.

I can't install the recovery console installation because I lost connection to the internet from the computer for some reason. It happened right after I ran TDSSKiller.exe and is still going on. You told me I could skip it for now. It's not a problem with the internet so I think something changed in the computer.
 
My computer is running fine, it's just telling me that the Windows File Protection wants the CD and wants to replace the files it finds with the original ones. I don't know whether or not to say Yes or No so I just put it aside.
Say no.

I forgot you lost your connection. Sorry about that.

Let's try some basic steps....

Make sure, your computer is set to obtain IP address automatically.
1. Go Start>Settings>Control Panel (Vista/7 users: Start>Control Panel)
2. Double click Network Connections (Vista/7 users: Network and Sharing Center)
3. Vista/7 users - From the list of tasks on the left, click Manage network connections.
4. For a wired network connection, right-click Local Area Connection, and then select Properties.
For a wireless network connection, right-click Wireless Network Connection, and then select Properties.
5. From the General tab (Vista/7 users: Networking tab), click Internet Protocol (TCP/IP), make sure it is checked, and then click Properties
6. Click Obtain an IP Address Automatically, and then click OK.

If that doesn't work...
Turn off computer. Disconnect router, and modem from power source for 1 minute. At the same time disconnect ethernet cable as well.
Reconnect everything.
Restart computer.

If that doesn't work, bypass router, and connect computer straight to the modem.

If that doesn't work...
Go Start>Run (Start search in Vista), type in:
cmd
Click OK (in Vista and 7, while holding CTRL, and SHIFT, press Enter).

In Command Prompt window, type in following commands, and hit Enter after each one:
ipconfig /flushdns
ipconfig /registerdns
ipconfig /release
ipconfig /renew
net stop "dns client"
net start "dns client"


Restart computer.

If that doesn't work...
Go Start>Run (Start search in Vista and 7), type in:
cmd
Click OK (in Vista, while holding CTRL, and SHIFT, press Enter).

At Command Prompt, type in:
netsh int ip reset reset.log
Hit Enter.
Type in:
netsh winsock reset catalog
Hit Enter.

Restart computer.


If that doesn't work...
Download, install, and run WinSockFix: http://www.softpedia.com/get/Tweak/Network-Tweak/WinSockFix.shtml (doesn't work in Vista and 7)
Restart computer, and check again.

If that doesn't work...
Download Dial-A-Fix (DAF) (doesn't work in Vista and 7):
http://wiki.lunarsoft.net/wiki/Dial-a-fix#Mirrors.2Fdownload_locations.2C_and_articles

Have XP CD available in case DAF needs a file. Likely not!

Check all boxes on the screen (clear any restrictions if it shows any)
Then click GO!

When the entire page is finished click the HammerHead at bottom to go to the second DAF page.

Here, one at a time, do the below:

Reinstall BITS
Reinstall Windows Firewall
Repair Permissions
Reset networking

Watch for any File not found or other errors and make note as this may lead to the fix!

Restart computer.
 
I tried to open cmd and ipconfig but the window wouldn't open so I tried a reset. Upon resetting though, my computer suddenly blue screens and resets right after the Windows XP loading screen. I can't get back on now.
 
I mean it shows Windows XP loading up but then it just blue screens and goes back to the computer loading page and Windows XP loading screen and loops around over and over.
 
It said :

STOP: c0000139 (Entry Point Not Found)
The procedure entry point GdiGetBitmapBitsSize could not be located in the dynamic link library GDI32.dll
 
Let's see, if we can look at your computer booting from an external source.

Please download OTLPE (filesize 120,9 MB)

  • When downloaded double click on OTLPENet.exe and make sure there is a blank CD in your CD drive. This will automatically create a bootable CD.
  • Reboot your system using the boot CD you just created.
    • Note : If you do not know how to set your computer to boot from CD follow the steps here
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    gdi32.dll
    /md5stop
  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Hmm, I'm trying to get it to boot from my USB but it keeps telling me to remove disks and other media as it loads up and only works when I take out the USB. I think I just need to get the right settings. I'll keep trying tomorrow. If you think I'm doing anything wrong, feel free to tell me. Thanks.
 
So, so far I've had no luck booting from my USB. I followed the instructions as it was written but it always tells me to "remove disks and other media". So I googled how to make a bootable USB and I've reformated over and over and even used an HP Drive Utility to reformat into a bootable USB, rechecked over and over to make sure the BIOS boots from the USB first but nothing changed.

I ended up going to cmd and did the command BootSect.exe /nt60 F: and copied the bootmgr file from the folders provided with the eeepcfr folder and it doesn't stop at "Remove Disks and Other Media" anymore but it takes me to a screen and tells me

File : BOOT/BCD
Status: 0xc000000f.
Info: An error occurred while attempting to read the boot configuration data.

Am I going in the right direction? Am I completely off? Is my computer just completely screwed? Lol, thanks.
 
Got my hands on a CDR and booted Reatogo from the CD successfully. Ran the OTL scan.

Here is the log:

OTL logfile created on: 8/26/2011 3:42:22 PM - Run
OTLPE by OldTimer - Version 3.1.48.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 2 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 89.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 150.94 Gb Total Space | 24.08 Gb Free Space | 15.95% Space Free | Partition Type: NTFS
Drive D: | 81.94 Gb Total Space | 1.89 Gb Free Space | 2.31% Space Free | Partition Type: NTFS
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet001

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto] -- -- (npkcmsvc)
SRV - File not found [Auto] -- -- (HDD & SSD access service)
SRV - [2011/08/11 19:38:07 | 000,116,608 | ---- | M] (SUPERAntiSpyware.com) [Auto] -- C:\Program Files\SUPERAntiSpyware\SASCORE.EXE -- (!SASCORE)
SRV - [2011/06/15 23:20:35 | 003,435,096 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
SRV - [2010/02/19 13:37:14 | 000,517,096 | ---- | M] (Adobe Systems Incorporated) [On_Demand] -- C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe -- (SwitchBoard)
SRV - [2009/11/12 13:32:46 | 003,427,996 | ---- | M] (INCA Internet Co., Ltd.) [On_Demand] -- C:\WINDOWS\System32\GameMon.des -- (npggsvc)
SRV - [2009/09/23 14:38:18 | 000,935,208 | -H-- | M] (Nero AG) [Auto] -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe -- (Nero BackItUp Scheduler 4.0)
SRV - [2008/11/24 14:18:20 | 000,655,624 | -H-- | M] (Acresso Software Inc.) [On_Demand] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (XDva389)
DRV - File not found [Kernel | On_Demand] -- -- (XDva388)
DRV - File not found [Kernel | On_Demand] -- -- (XDva387)
DRV - File not found [Kernel | On_Demand] -- -- (XDva386)
DRV - File not found [Kernel | On_Demand] -- -- (XDva385)
DRV - File not found [Kernel | On_Demand] -- -- (XDva383)
DRV - File not found [Kernel | On_Demand] -- -- (XDva380)
DRV - File not found [Kernel | On_Demand] -- -- (XDva375)
DRV - File not found [Kernel | On_Demand] -- -- (XDva370)
DRV - File not found [Kernel | On_Demand] -- -- (XDva362)
DRV - File not found [Kernel | On_Demand] -- -- (XDva359)
DRV - File not found [Kernel | On_Demand] -- -- (XDva358)
DRV - File not found [Kernel | On_Demand] -- -- (XDva354)
DRV - File not found [Kernel | On_Demand] -- -- (XDva352)
DRV - File not found [Kernel | On_Demand] -- -- (XDva351)
DRV - File not found [Kernel | On_Demand] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand] -- -- (XDva347)
DRV - File not found [Kernel | On_Demand] -- -- (XDva346)
DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva341)
DRV - File not found [Kernel | On_Demand] -- -- (XDva337)
DRV - File not found [Kernel | On_Demand] -- -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (XDva328)
DRV - File not found [Kernel | On_Demand] -- -- (XDva326)
DRV - File not found [Kernel | On_Demand] -- -- (XDva296)
DRV - File not found [Kernel | On_Demand] -- -- (XDva285)
DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (WDC_SAM)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | On_Demand] -- -- (npkcrypt)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | On_Demand] -- -- (mcdbus)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (i2omgmt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleXNt)
DRV - File not found [Kernel | On_Demand] -- -- (EagleNT)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (catchme)
DRV - File not found [Kernel | Auto] -- -- (adfs)
DRV - [2011/07/22 12:27:02 | 000,012,880 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2011/07/12 17:55:22 | 000,067,664 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System] -- C:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/11/04 00:00:00 | 000,002,304 | ---- | M] () [Kernel | Auto] -- C:\WINDOWS\system32\HtsysmNT.sys -- (Htsysm)
DRV - [2009/10/13 04:50:00 | 000,133,632 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mkd2kfNT.sys -- (Mkd2kfNt)
DRV - [2009/07/13 04:37:00 | 000,079,360 | ---- | M] (AhnLab, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Mkd2Nadr.sys -- (Mkd2Nadr)
DRV - [2009/06/08 10:44:51 | 000,721,904 | ---- | M] (Duplex Secure Ltd.) [Kernel | Boot] -- C:\WINDOWS\system32\drivers\sptd.sys -- (sptd)
DRV - [2008/12/26 13:56:04 | 000,017,792 | ---- | M] (Avnex) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\vcsvad.sys -- (VCSVADHWSer) Avnex Virtual Audio Device (WDM)
DRV - [2008/08/21 18:49:56 | 000,008,320 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgpfl.sys -- (motccgpfl)
DRV - [2008/08/21 18:49:22 | 000,018,688 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motccgp.sys -- (motccgp)
DRV - [2008/04/30 18:07:10 | 001,073,320 | ---- | M] (Bison Electronics. Inc. ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\BisonC07.sys -- (Cam5607)
DRV - [2008/04/27 11:14:54 | 003,626,112 | R--- | M] (Intel Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\NETw5x32.sys -- (NETw5x32) Intel(R)
DRV - [2008/04/16 21:33:00 | 004,707,328 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2008/04/10 22:55:04 | 000,084,240 | R--- | M] (JMicron Technology Corp.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jmcr.sys -- (JMCR)
DRV - [2008/03/26 16:49:00 | 001,094,272 | R--- | M] (Motorola Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2008/03/07 00:57:12 | 000,106,624 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2008/03/06 12:51:14 | 000,003,840 | ---- | M] () [Kernel | System] -- C:\WINDOWS\System32\Drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/10/10 17:41:50 | 000,042,112 | ---- | M] (Motorola Inc) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motodrv.sys -- (MotDev)
DRV - [2007/06/18 15:18:26 | 000,023,680 | ---- | M] (Motorola) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2004/08/03 21:07:00 | 000,040,320 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\nmnt.sys -- (nm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========



IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577

IE - HKU\Administrator_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.orbitdownloader.com/
IE - HKU\Administrator_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0




========== FireFox ==========

FF - prefs.js..browser.search.order.1: "Google"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000004
FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:4.2.0.5198
FF - prefs.js..extensions.enabledItems: {35379F86-8CCB-4724-AE33-4278DE266C70}:1.0.5
FF - prefs.js..network.proxy.backup.ftp: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.socks: "80.63.56.146"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.share_proxy_settings: true


FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=:
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Browser Plugin,version=1.0.0: C:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX,Inc.)
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX Player Plugin,version=1.0.0: File not found
FF - HKLM\Software\MozillaPlugins\@divx.com/DivX VOD Helper,version=1.0.0: C:\Program Files\DivX\DivX OVS Helper\npovshelper.dll (DivX, LLC.)
FF - HKLM\Software\MozillaPlugins\@foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf: C:\Program Files\Foxit Software\Foxit Reader\plugins\npFoxitReaderPlugin.dll (Foxit Corporation)
FF - HKLM\Software\MozillaPlugins\@gamersfirst.com/LiveLauncher: File not found
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: C:\Program Files\Microsoft Silverlight\3.0.40624.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@movenetworks.com/Quantum Media Player:
FF - HKLM\Software\MozillaPlugins\@nexon.net/NxGame: C:\Documents and Settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll (Nexon)
FF - HKLM\Software\MozillaPlugins\@ogplanet.com/npOGPPlugin: C:\WINDOWS\system32\npOGPPlugin.dll (OGPlanet)
FF - HKLM\Software\MozillaPlugins\@pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.12.69: C:\Program Files\Real Alternative\Browser\Plugins\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.12.69: C:\Program Files\Real Alternative\Browser\Plugins\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nsJSRealPlayerPlugin;version=:
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKCU\Software\MozillaPlugins\@talk.google.com/GoogleTalkPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgoogletalk.dll (Google)
FF - HKCU\Software\MozillaPlugins\@talk.google.com/O3DPlugin: C:\Documents and Settings\Administrator\Application Data\Mozilla\plugins\npgtpo3dautoplugin.dll ()
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Documents and Settings\Administrator\Local Settings\Application Data\Google\Update\1.3.21.65\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\pandonetworks.com/PandoWebPlugin: C:\Program Files\Pando Networks\Media Booster\npPandoWebPlugin.dll (Pando Networks)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/30 11:16:43 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/24 02:07:01 | 000,000,000 | ---D | M]

[2009/03/15 22:38:13 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/08/17 20:59:41 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions
[2010/08/08 16:21:52 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/08/17 20:59:41 | 000,000,000 | ---D | M] (BitDefender QuickScan) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions\{e001c731-5e37-4538-a5cb-8168736a2360}
[2009/04/01 18:08:49 | 000,000,000 | ---D | M] (Move Media Player) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\z1748ax6.default\extensions\moveplayer@movenetworks.com
[2011/03/27 15:12:17 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/19 09:10:49 | 000,000,000 | ---D | M] (Skype extension for Firefox) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}
File not found (No name found) --
() (No name found) -- C:\DOCUMENTS AND SETTINGS\ADMINISTRATOR\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\Z1748AX6.DEFAULT\EXTENSIONS\{E968FC70-8F95-4AB9-9E79-304DE2A71EE1}.XPI
[2008/10/02 00:51:36 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/02/11 16:23:25 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0011-ABCDEFFEDCBA}
[2009/07/10 09:50:17 | 000,000,000 | ---D | M] (Java Console) -- C:\PROGRA~1\MOZILL~1\EXTENSIONS\{CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA}
[2009/02/11 16:23:14 | 000,000,000 | -H-D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/08/16 14:09:22 | 000,000,000 | ---D | M] (OneClick YouTube Downloader) -- C:\PROGRAM FILES\ORBITDOWNLOADER\ADDONS\ONECLICKYOUTUBEDOWNLOADER
[2011/04/30 11:16:43 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2010/01/01 04:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/08/24 14:00:01 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbitdownloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O3 - HKU\Administrator_ON_C\..\Toolbar\WebBrowser: (Grab Pro) - {C55BBCD6-41AD-48AD-9953-3609C48EACC7} - C:\Program Files\Orbitdownloader\GrabPro.dll ()
O4 - HKLM..\Run: [AdobeAAMUpdater-1.0] C:\Program Files\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS4ServiceManager] C:\Program Files\Common Files\Adobe\CS4ServiceManager\CS4ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AdobeCS5ServiceManager] C:\Program Files\Common Files\Adobe\CS5ServiceManager\CS5ServiceManager.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [BisonHK] C:\WINDOWS\BisonCam\BisonHK.exe (mychat)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [DeLay] C:\WINDOWS\BisonCam\DeLay.exe (Bison Inc.)
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\Program Files\NVIDIA Corporation\nView\nwiz.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PSQLLauncher] C:\Program Files\Protector Suite QL\launcher.exe (UPEK Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SwitchBoard] C:\Program Files\Common Files\Adobe\SwitchBoard\SwitchBoard.exe (Adobe Systems Incorporated)
O4 - HKU\Administrator_ON_C..\Run: [DAEMON Tools Lite] C:\Program Files\DAEMON Tools Lite\daemon.exe (DT Soft Ltd)
O4 - HKU\Administrator_ON_C..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe ()
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Shortcut to kevin.lnk = C:\Documents and Settings\Administrator\Desktop\Bypass\kevin.exe (KevinSoft)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk = C:\Program Files\Orbitdownloader\orbitdm.exe (Orbitdownloader.com)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoMovingBands = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCloseDragDropBands = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetTaskbar = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoToolbarsOnTaskbar = 0
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\Administrator_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\LocalService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\systemprofile_ON_C\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbitdownloader\orbitmxt.dll (Orbitdownloader.com)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {2BC66F54-93A8-11D3-BEB6-00105AA9B6AE} http://security.symantec.com/sscv6/SharedContent/vc/bin/AvSniff.cab (Symantec AntiVirus scanner)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/MessengerGamesContent/GameContent/Default/uno1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} http://security.symantec.com/sscv6/SharedContent/common/bin/cabsa.cab (Symantec RuFSI Utility Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0014-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_14-windows-i586.cab (Java Plug-in 1.6.0_14)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: GinaDLL - (vrlogon.dll) - C:\WINDOWS\System32\vrlogon.dll (UPEK Inc.)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\psfus: DllName - C:\WINDOWS\system32\psqlpwd.dll - C:\WINDOWS\system32\psqlpwd.dll (UPEK Inc.)
O24 - Desktop WallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: B:\Documents and Settings\Default User\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/10/01 21:46:40 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2011/08/22 14:16:13 | 000,000,000 | R--D | M] - C:\Autorun.inf -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\AUTMGR32.EXE" /START "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/08/24 22:39:21 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/08/24 13:45:30 | 004,182,515 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/23 22:53:08 | 000,454,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mrxsmb.sys
[2011/08/23 22:43:22 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/08/23 22:43:22 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/08/23 22:43:22 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/08/23 22:43:22 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/08/23 22:43:15 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/08/23 22:43:08 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/08/22 22:28:23 | 000,607,017 | R--- | C] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/08/22 22:02:27 | 000,000,000 | ---D | C] -- C:\Program Files\Avira
[2011/08/22 14:16:13 | 000,000,000 | R--D | C] -- C:\Autorun.inf
[2011/08/22 14:06:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Start Menu\Programs\Virus Secure Lab
[2011/08/22 13:59:51 | 000,000,000 | ---D | C] -- C:\Program Files\Virus Secure Lab
[2011/08/18 17:45:32 | 000,000,000 | ---D | C] -- C:\Program Files\Sophos
[2011/08/18 00:32:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
[2011/08/18 00:28:30 | 000,000,000 | ---D | C] -- C:\Program Files\Foxit Software
[2011/08/17 23:07:16 | 000,000,000 | ---D | C] -- C:\Program Files\Spybot - Search & Destroy
[2011/08/17 23:07:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
[2011/08/17 22:46:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
[2011/08/17 22:46:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/17 22:46:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2011/08/17 22:46:00 | 000,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2011/08/17 22:29:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/08/17 21:00:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2011/08/17 20:30:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2011/08/17 20:30:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/08/17 20:17:57 | 000,331,776 | ---- | C] (EasyTech) -- C:\WINDOWS\System32\EasyRedirect.dll
[2011/08/17 20:17:55 | 000,000,000 | ---D | C] -- C:\Program Files\Easy-Hide-IP
[2011/08/17 12:37:25 | 000,000,000 | ---D | C] -- C:\CherryDeGames
[2011/08/16 14:09:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Orbit
[2011/08/11 14:00:58 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual
[2011/08/07 19:15:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\PCSX2
[2011/08/07 19:13:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCSX2
[2011/08/07 19:13:27 | 000,000,000 | ---D | C] -- C:\Program Files\PCSX2 0.9.8
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/08/25 15:59:22 | 2678,984,704 | -HS- | M] () -- C:\hiberfil.sys
[2011/08/25 15:59:22 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/08/24 22:48:05 | 000,001,010 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1767777339-725345543-500UA.job
[2011/08/24 22:08:05 | 000,000,900 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/08/24 14:00:12 | 000,001,554 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Orbit.lnk
[2011/08/24 14:00:12 | 000,000,000 | R--D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/08/24 14:00:01 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/08/24 13:59:58 | 000,000,896 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/08/24 03:48:00 | 000,000,958 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1409082233-1767777339-725345543-500Core.job
[2011/08/24 02:00:00 | 000,000,358 | ---- | M] () -- C:\WINDOWS\tasks\AdobeAAMUpdater-1.0-JIMMAWAT-Administrator.job
[2011/08/23 22:39:38 | 004,182,515 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/08/22 23:51:57 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/08/22 23:49:04 | 001,405,744 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/08/22 22:28:29 | 000,607,017 | R--- | M] (Swearware) -- C:\Documents and Settings\Administrator\Desktop\dds.scr
[2011/08/22 22:22:03 | 000,302,592 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\nley09pc.exe
[2011/08/22 22:01:09 | 067,889,832 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_en.exe
[2011/08/22 19:28:41 | 000,096,539 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\1006.pdf
[2011/08/22 14:06:08 | 000,002,017 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Virus Effect Remover.lnk
[2011/08/18 21:14:30 | 000,967,934 | ---- | M] () -- C:\WINDOWS\umcat_01.db
[2011/08/18 18:21:37 | 000,493,622 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/08/18 18:21:37 | 000,084,000 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/08/18 13:09:34 | 000,001,813 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Chrome.lnk
[2011/08/18 00:32:32 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/08/18 00:32:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Foxit Reader 5.0
[2011/08/17 22:46:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\SUPERAntiSpyware
[2011/08/17 22:29:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Security Task Manager
[2011/08/17 21:51:07 | 000,000,170 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/08/17 20:23:43 | 000,002,544 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/17 20:23:43 | 000,001,248 | ---- | M] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/08/16 14:09:23 | 000,000,726 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Orbit.lnk
[2011/08/16 14:09:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Orbit
[2011/08/16 14:05:40 | 000,404,640 | ---- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2011/08/11 14:40:27 | 000,000,000 | ---- | M] () -- C:\WINDOWS\iPlayer.INI
[2011/08/08 00:58:20 | 000,614,403 | ---- | M] () -- C:\WINDOWS\BsSnap.pre
[2011/08/07 19:13:32 | 000,001,648 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\PCSX2 0.9.8 (r4600).lnk
[2011/08/07 19:13:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PCSX2
[2011/08/06 18:30:17 | 000,000,779 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\GamersFirst LIVE!.lnk
[2011/08/06 02:09:10 | 000,515,578 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Snapshot of me 1.png
[2011/08/06 02:07:30 | 000,031,344 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 22.png
[2011/08/06 02:07:26 | 000,028,530 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 21.png
[2011/08/04 01:11:28 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word.lnk
[2011/08/01 13:00:27 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/08/25 15:59:22 | 2678,984,704 | -HS- | C] () -- C:\hiberfil.sys
[2011/08/23 22:43:22 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/08/23 22:43:22 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/08/23 22:43:22 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/08/23 22:43:22 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/08/23 22:43:22 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/08/22 23:48:54 | 001,405,744 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\tdsskiller.exe
[2011/08/22 22:22:03 | 000,302,592 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\nley09pc.exe
[2011/08/22 21:59:26 | 067,889,832 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\avira_antivir_personal_en.exe
[2011/08/22 19:28:40 | 000,096,539 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\1006.pdf
[2011/08/22 14:06:08 | 000,002,017 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Virus Effect Remover.lnk
[2011/08/18 17:31:55 | 000,967,934 | ---- | C] () -- C:\WINDOWS\umcat_01.db
[2011/08/18 00:32:32 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Foxit Reader 5.0.lnk
[2011/08/17 21:51:07 | 000,000,170 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\rk-proxy.reg
[2011/08/17 20:18:37 | 000,002,544 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirect.ini
[2011/08/17 20:18:37 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\EasyRedirectOff.ini
[2011/08/11 14:40:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\iPlayer.INI
[2011/08/07 19:13:32 | 000,001,648 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\PCSX2 0.9.8 (r4600).lnk
[2011/08/06 02:09:10 | 000,515,578 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Snapshot of me 1.png
[2011/08/06 02:07:30 | 000,031,344 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 22.png
[2011/08/06 02:07:26 | 000,028,530 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\Video call snapshot 21.png
[2011/06/26 15:48:06 | 000,001,301 | ---- | C] () -- C:\WINDOWS\IDChanger.ini
[2011/06/07 19:49:07 | 000,138,056 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\PnkBstrK.sys
[2011/03/27 03:42:15 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2011/03/22 16:16:52 | 000,002,304 | ---- | C] () -- C:\WINDOWS\System32\HtsysmNT.sys
[2011/02/17 00:46:56 | 000,000,209 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\D2Info0
[2010/11/07 23:49:11 | 000,000,096 | ---- | C] () -- C:\WINDOWS\System32\HsInfo.dat
[2010/09/25 04:51:23 | 000,000,262 | ---- | C] () -- C:\WINDOWS\{789289CA-F73A-4A16-A331-54D498CE069F}_WiseFW.ini
[2010/08/13 11:43:36 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb0.bin
[2010/08/13 11:43:33 | 000,233,804 | ---- | C] () -- C:\WINDOWS\System32\nvdrsdb1.bin
[2010/08/13 11:43:33 | 000,000,001 | ---- | C] () -- C:\WINDOWS\System32\nvdrssel.bin
[2010/08/13 11:41:48 | 002,195,030 | ---- | C] () -- C:\WINDOWS\System32\nvdata.bin
[2010/07/03 19:08:15 | 000,000,024 | ---- | C] () -- C:\WINDOWS\System32\sysogg.dll
[2010/07/03 19:01:29 | 000,233,472 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2010/06/12 12:56:39 | 000,001,199 | ---- | C] () -- C:\WINDOWS\PMontage.ini
[2010/06/12 02:29:23 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2010/06/07 19:58:48 | 000,000,129 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\default.rss
[2010/04/08 21:50:19 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/03/12 22:20:33 | 000,014,042 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\c58EA
[2010/02/27 15:07:16 | 008,676,883 | ---- | C] () -- C:\WINDOWS\System32\mp3Media2.dll
[2010/02/15 22:26:59 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth2.dll
[2010/02/15 22:26:59 | 000,001,024 | ---- | C] () -- C:\WINDOWS\System32\grcauth1.dll
[2010/02/15 22:26:59 | 000,000,100 | ---- | C] () -- C:\WINDOWS\System32\prsgrc.dll
[2010/02/15 22:24:01 | 000,001,025 | ---- | C] () -- C:\WINDOWS\System32\sysprs7.dll
[2010/02/15 22:24:01 | 000,000,205 | ---- | C] () -- C:\WINDOWS\System32\lsprst7.dll
[2010/02/10 02:54:44 | 000,047,284 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/10 02:29:20 | 000,000,600 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\winscp.rnd
[2009/12/25 17:10:31 | 000,141,200 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2009/12/25 17:10:26 | 000,281,656 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrB.exe
[2009/12/25 17:10:07 | 000,090,112 | ---- | C] () -- C:\WINDOWS\System32\PnkBstrA.exe
[2009/12/10 20:49:22 | 000,000,393 | ---- | C] () -- C:\WINDOWS\NJCOM.INI
[2009/11/07 14:20:32 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2009/08/26 22:46:52 | 016,047,146 | ---- | C] () -- C:\Documents and Settings\Administrator\virgin.flv
[2009/07/08 21:03:02 | 000,058,880 | ---- | C] () -- C:\WINDOWS\System32\bdmpegv.dll
[2009/06/21 23:44:44 | 092,700,842 | ---- | C] () -- C:\Documents and Settings\Administrator\43501.wmv
[2009/05/08 19:11:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\NSREX.INI
[2009/04/30 20:40:33 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/04/24 16:17:52 | 000,000,873 | ---- | C] () -- C:\WINDOWS\Njstarj.INI
[2009/04/23 00:27:06 | 000,001,235 | ---- | C] () -- C:\WINDOWS\entpack.ini
[2008/10/07 09:32:20 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Administrator\jagex_runescape_preferences.dat
[2008/10/02 16:51:24 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2008/10/02 00:13:45 | 000,069,632 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/02 00:08:07 | 000,164,352 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2008/10/02 00:08:07 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2008/10/02 00:08:06 | 002,041,363 | ---- | C] () -- C:\WINDOWS\System32\x264vfw.dll
[2008/10/02 00:08:05 | 000,755,027 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/10/02 00:08:05 | 000,159,839 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/10/02 00:08:05 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2008/10/02 00:01:13 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/10/01 23:40:42 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/10/01 22:38:15 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2008/10/01 22:01:40 | 000,049,152 | R--- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/10/01 21:56:04 | 000,015,190 | ---- | C] () -- C:\WINDOWS\M3000Twn.ini
[2008/10/01 21:55:58 | 000,000,188 | R--- | C] () -- C:\WINDOWS\OEM.ini
[2008/10/01 21:48:09 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/10/01 21:44:00 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/10/01 14:24:41 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/10/01 14:23:01 | 003,747,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/19 02:33:34 | 000,446,352 | ---- | C] () -- C:\WINDOWS\System32\OpenQuicktimeLib.dll
[2007/04/29 16:46:27 | 000,000,031 | ---- | C] () -- C:\WINDOWS\psr.INI
[2004/08/03 21:07:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/03 21:07:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/03 21:07:00 | 000,493,622 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/03 21:07:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/03 21:07:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/03 21:07:00 | 000,084,000 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/03 21:07:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/03 21:07:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/03 21:07:00 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2004/08/03 21:07:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/03 21:07:00 | 000,004,463 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/03 21:07:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/03 21:07:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/11/16 05:48:02 | 000,909,312 | ---- | C] () -- C:\WINDOWS\System32\vorbisenc.dll
[2003/11/16 05:48:00 | 001,060,864 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2003/11/15 12:54:18 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2002/10/06 18:42:58 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2002/01/25 08:04:50 | 000,005,440 | ---- | C] () -- C:\WINDOWS\System32\mciwa16.dll
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspsbext.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfidrv.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspfbase.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspaudrv.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\pspapdrv.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mciwaw95.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspwa.ini
[2002/01/25 08:04:50 | 000,000,221 | ---- | C] () -- C:\WINDOWS\System32\mcipspct.ini
[2002/01/25 08:04:50 | 000,000,220 | ---- | C] () -- C:\WINDOWS\System32\pspwave.ini
[2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspdss.ini
[2002/01/25 08:04:50 | 000,000,219 | ---- | C] () -- C:\WINDOWS\System32\pspddi.ini

========== LOP Check ==========

[2008/10/01 23:49:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\acccore
[2011/02/17 00:46:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\app
[2011/08/02 22:35:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Azureus
[2011/06/01 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2008/10/01 23:57:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\CoreCodec
[2009/06/09 20:28:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DAEMON Tools Lite
[2010/01/26 14:24:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Deckadance
[2011/02/18 09:28:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\DiskAid
[2007/04/29 16:51:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Free Sound Recorder
[2008/10/01 23:22:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GrabPro
[2011/06/26 15:47:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IDCA
[2009/11/10 17:18:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\IObit
[2011/03/10 16:48:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\LolClient
[2010/01/29 14:25:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mediafour
[2010/07/11 17:47:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\My Games
[2010/01/06 20:29:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NCH Swift Sound
[2010/08/13 20:34:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NeopleLauncherDFO
[2009/01/17 02:33:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Nexon
[2009/12/11 12:33:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\NJStar
[2011/08/24 22:51:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Orbit
[2010/11/17 01:39:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Polynomial
[2011/01/29 23:16:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ProgSense
[2011/08/17 21:00:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\QuickScan
[2010/06/24 14:53:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Recu
[2011/06/14 17:43:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\StageManager.BD092818F67280F4B42B04877600987F0111B594.1
[2010/08/13 11:30:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SystemRequirementsLab
[2010/12/09 04:06:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Ubisoft
[2010/08/05 17:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Xilisoft
[2008/10/01 23:47:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2009/06/13 13:28:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Age of Empires 3
[2010/06/16 18:33:26 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/10/07 00:33:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
 
[2011/08/17 20:30:51 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/06/09 20:21:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/01 04:41:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Giraffic
[2010/02/09 16:30:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Mediafour
[2011/08/17 22:36:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2009/04/08 20:50:35 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2011/06/18 18:10:06 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Nexon
[2011/07/14 09:41:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NexonUS
[2011/08/06 18:30:37 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2009/04/23 10:07:58 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Pure Digital Technologies
[2011/08/24 02:06:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RegCure
[2011/07/18 22:48:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\regid.1986-12.com.adobe
[2010/02/15 22:26:36 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SafeNet Sentinel
[2011/08/18 00:43:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SecTaskMan
[2010/06/07 20:32:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/12/09 04:06:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2008/10/01 22:26:16 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\UIB
[2010/06/08 09:57:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Update
[2011/08/24 02:07:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2010/03/21 17:24:32 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2011/02/17 19:02:30 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\xOcean
[2010/07/30 15:00:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2010/01/06 17:50:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/06/08 11:27:27 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/11/09 13:14:47 | 000,000,714 | ---- | M] () -- C:\WINDOWS\Tasks\Test.job

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: GDI32.DLL >
[2008/10/23 09:01:36 | 000,283,648 | ---- | M] (Microsoft Corporation) MD5=0C07B16769E579F78C541773D0A2E7E0 -- C:\WINDOWS\system32\dllcache\gdi32.dll
[2008/10/23 09:01:36 | 000,283,648 | ---- | M] (Microsoft Corporation) MD5=0C07B16769E579F78C541773D0A2E7E0 -- C:\WINDOWS\system32\gdi32.dll
[2008/10/23 08:43:42 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=1C0D6C10F3E6B8EC4938ECF2ABA862ED -- C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll
[2008/10/23 08:51:04 | 000,284,160 | ---- | M] (Microsoft Corporation) MD5=6052410CB57D5522574E8DDAEFBC9D87 -- C:\WINDOWS\$hf_mig$\KB956802\SP2QFE\gdi32.dll
[2008/10/23 08:36:14 | 000,286,720 | ---- | M] (Microsoft Corporation) MD5=8B1F3320AEBB536E021A5014409862DE -- C:\WINDOWS\$hf_mig$\KB956802\SP3GDR\gdi32.dll
[2008/04/13 20:11:54 | 000,285,184 | ---- | M] (Microsoft Corporation) MD5=B015B9134DAD7E29E7D2D6B5F5C8C2FC -- C:\WINDOWS\SoftwareDistribution\Download\cf8ec753e88561d2ddb53e183dc05c3e\gdi32.dll
[2004/08/03 21:07:00 | 000,278,016 | ---- | M] (Microsoft Corporation) MD5=F5AEE133BF44521852819C2202D82453 -- C:\WINDOWS\$NtUninstallKB956802$\gdi32.dll

========== Files - Unicode (All) ==========
[2011/05/13 17:38:38 | 000,031,744 | ---- | M] ()(C:\Documents and Settings\Administrator\Desktop\?????.doc) -- C:\Documents and Settings\Administrator\Desktop\ドンジミー.doc
[2011/05/02 23:20:38 | 000,031,744 | ---- | C] ()(C:\Documents and Settings\Administrator\Desktop\?????.doc) -- C:\Documents and Settings\Administrator\Desktop\ドンジミー.doc
[2009/12/11 14:01:09 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Administrator\Desktop\~$? ??12.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ン ジミ12.doc
[2009/12/11 14:01:09 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Administrator\Desktop\~$? ??12.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ン ジミ12.doc
[2009/10/28 12:58:42 | 000,000,162 | -H-- | M] ()(C:\Documents and Settings\Administrator\Desktop\~$?? ???.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ドン ジミー.doc
[2009/10/28 12:58:42 | 000,000,162 | -H-- | C] ()(C:\Documents and Settings\Administrator\Desktop\~$?? ???.doc) -- C:\Documents and Settings\Administrator\Desktop\~$ドン ジミー.doc

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE
< End of report >
 
Do this on the computer you are posting from:
Copy the text in the codebox below:


Code:
:OTL
SRV - File not found [Auto] -- -- (npkcmsvc)
SRV - File not found [Auto] -- -- (HDD & SSD access service)
SRV - [2011/06/15 23:20:35 | 003,435,096 | ---- | M] () [Auto] -- C:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll -- (Akamai)
DRV - File not found [Kernel | On_Demand] -- -- (XDva389)
DRV - File not found [Kernel | On_Demand] -- -- (XDva388)
DRV - File not found [Kernel | On_Demand] -- -- (XDva387)
DRV - File not found [Kernel | On_Demand] -- -- (XDva386)
DRV - File not found [Kernel | On_Demand] -- -- (XDva385)
DRV - File not found [Kernel | On_Demand] -- -- (XDva383)
DRV - File not found [Kernel | On_Demand] -- -- (XDva380)
DRV - File not found [Kernel | On_Demand] -- -- (XDva375)
DRV - File not found [Kernel | On_Demand] -- -- (XDva370)
DRV - File not found [Kernel | On_Demand] -- -- (XDva362)
DRV - File not found [Kernel | On_Demand] -- -- (XDva359)
DRV - File not found [Kernel | On_Demand] -- -- (XDva358)
DRV - File not found [Kernel | On_Demand] -- -- (XDva354)
DRV - File not found [Kernel | On_Demand] -- -- (XDva352)
DRV - File not found [Kernel | On_Demand] -- -- (XDva351)
DRV - File not found [Kernel | On_Demand] -- -- (XDva349)
DRV - File not found [Kernel | On_Demand] -- -- (XDva347)
DRV - File not found [Kernel | On_Demand] -- -- (XDva346)
DRV - File not found [Kernel | On_Demand] -- -- (XDva343)
DRV - File not found [Kernel | On_Demand] -- -- (XDva341)
DRV - File not found [Kernel | On_Demand] -- -- (XDva337)
DRV - File not found [Kernel | On_Demand] -- -- (XDva332)
DRV - File not found [Kernel | On_Demand] -- -- (XDva328)
DRV - File not found [Kernel | On_Demand] -- -- (XDva326)
DRV - File not found [Kernel | On_Demand] -- -- (XDva296)
DRV - File not found [Kernel | On_Demand] -- -- (XDva285)
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5577
FF - prefs.js..network.proxy.backup.ftp: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ftp_port: 8118
FF - prefs.js..network.proxy.backup.socks: "80.63.56.146"
FF - prefs.js..network.proxy.backup.socks_port: 8118
FF - prefs.js..network.proxy.backup.ssl: "80.63.56.146"
FF - prefs.js..network.proxy.backup.ssl_port: 8118
FF - prefs.js..network.proxy.share_proxy_settings: true
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] C:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Reg Error: Value error.)
O37 - HKU\.DEFAULT\...exe [@ = secfile] -- "C:\WINDOWS\TEMP\AUTMGR32.EXE" /START "%1" %*
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Administrator\Desktop\*.tmp files -> C:\Documents and Settings\Administrator\Desktop\*.tmp -> ]
[2 C:\*.tmp files -> C:\*.tmp -> ]
[2011/03/27 03:42:15 | 000,000,328 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\18407220
[2010/03/12 22:20:33 | 000,014,042 | -HS- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\c58EA


:Services

:Reg

:Files
C:\WINDOWS\system32\gdi32.dll|C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll /replace

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Attempt to reboot normally into Windows.
 
Ran OTLPE and did a Fix. Here is the log:

========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\npkcmsvc deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\HDD & SSD access service deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Akamai deleted successfully.
C:\Program Files\Common Files\Akamai\netsession_win_e877e12.dll moved successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva389 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva388 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva387 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva386 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva385 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva383 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva380 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva375 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva370 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva362 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva359 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva358 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva354 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva352 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva351 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva349 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva347 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva346 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva343 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva341 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva337 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva332 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva328 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva326 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva296 deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\XDva285 deleted successfully.
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyOverride| /E : value set successfully!
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!
Prefs.js: "80.63.56.146" removed from network.proxy.backup.ftp
Prefs.js: 8118 removed from network.proxy.backup.ftp_port
Prefs.js: "80.63.56.146" removed from network.proxy.backup.socks
Prefs.js: 8118 removed from network.proxy.backup.socks_port
Prefs.js: "80.63.56.146" removed from network.proxy.backup.ssl
Prefs.js: 8118 removed from network.proxy.backup.ssl_port
Prefs.js: true removed from network.proxy.share_proxy_settings
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{5C255C8A-E604-49b4-9D64-90988571CECB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5C255C8A-E604-49b4-9D64-90988571CECB}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\DivXUpdate deleted successfully.
C:\Program Files\DivX\DivX Update\DivXUpdate.exe moved successfully.
Starting removal of ActiveX control {8FFBE65D-2C9C-4669-84BD-5829DC0B603C}
C:\WINDOWS\Downloaded Program Files\erma.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8FFBE65D-2C9C-4669-84BD-5829DC0B603C}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\Administrator_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\LocalService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\NetworkService_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\systemprofile_ON_C\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}\ not found.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\.exe\ deleted successfully.
Registry key HKEY_USERS\.DEFAULT\Software\Classes\secfile\ deleted successfully.
HKEY_LOCAL_MACHINE\Software\Classes\.exe\\|exefile /E : value set successfully!
C:\WINDOWS\System32\CONFIG.TMP deleted successfully.
C:\WINDOWS\System32\SET172.tmp deleted successfully.
C:\WINDOWS\System32\SET176.tmp deleted successfully.
C:\WINDOWS\System32\SET17E.tmp deleted successfully.
C:\WINDOWS\System32\SET1C5.tmp deleted successfully.
C:\WINDOWS\msdownld.tmp folder deleted successfully.
C:\WINDOWS\SET3.tmp deleted successfully.
C:\WINDOWS\SET4.tmp deleted successfully.
C:\WINDOWS\SET8.tmp deleted successfully.
C:\Documents and Settings\Administrator\Desktop\~WRL0259.tmp deleted successfully.
C:\Documents and Settings\Administrator\Desktop\~WRL2552.tmp deleted successfully.
C:\~WRL0486.tmp deleted successfully.
C:\~WRL2040.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\18407220 moved successfully.
C:\Documents and Settings\Administrator\Local Settings\Application Data\c58EA moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
File C:\WINDOWS\system32\gdi32.dll successfully replaced with C:\WINDOWS\$hf_mig$\KB956802\SP3QFE\gdi32.dll
========== COMMANDS ==========

OTLPE by OldTimer - Version 3.1.48.0 log created on 08262011_200032
 
Status
Not open for further replies.
Back