Solved Windows Explorer closes itself down

clyde85 · Apr 11, 2011

My Windows Explorer crashes often. I received "Data Execution Prevention - Microsoft Windows." and it closes down. I also noticed that my internet connection isn't as fast as before. I ran an antivirus (Eset Nod 32) but I found nothing. I also ran Malwarebytes and also found nothing.

I hope somebody could figure out what's wrong with my computer. Please help.

Here are the log files requested:

Malwarebyte's Log File:

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6330

Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

4/11/2011 5:21:19 PM
mbam-log-2011-04-11 (17-21-19).txt

Scan type: Quick scan
Objects scanned: 150179
Time elapsed: 1 minute(s), 26 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

GMER log file:

GMER 1.0.15.15570 - http://www.gmer.net
Rootkit quick scan 2011-04-11 17:30:05
Windows 5.1.2600 Service Pack 2 Harddisk0\DR0 -> \Device\Ide\IdeDeviceP2T0L0-19 ST3250310AS rev.4.AAA
Running: y8qpn90q.exe; Driver: D:\DOCUME~1\ST6FE9~1.MIC\LOCALS~1\Temp\kgtdqpog.sys

---- Devices - GMER 1.0.15 ----

AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET)
AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET)
AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys

---- EOF - GMER 1.0.15 ----

DDS.txt Log File:

.
DDS (Ver_11-03-05.01) - NTFSx86
Run by St.Michael at 17:30:47.79 on Mon 04/11/2011
Internet Explorer: 6.0.2900.2180
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1012.591 [GMT 8:00]
.
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
.
============== Running Processes ===============
.
D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
D:\WINDOWS\system32\svchost.exe -k DcomLaunch
svchost.exe
D:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
D:\WINDOWS\system32\spoolsv.exe
D:\WINDOWS\Explorer.EXE
D:\WINDOWS\RTHDCPL.EXE
D:\WINDOWS\system32\igfxpers.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
D:\Program Files\Common Files\Java\Java Update\jusched.exe
D:\Program Files\DivX\DivX Update\DivXUpdate.exe
D:\WINDOWS\system32\igfxsrvc.exe
D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
D:\Program Files\RocketDock\RocketDock.exe
D:\Program Files\Bonjour\mDNSResponder.exe
D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
D:\Program Files\Java\jre6\bin\jqs.exe
D:\WINDOWS\System32\svchost.exe -k HTTPFilter
D:\Documents and Settings\St.Michael\Desktop\dds.scr
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File
BHO: DivX Plus Web Player HTML5 <video>: {326e768d-4182-46fd-9c16-1449a49795f4} - d:\program files\divx\divx plus web player\npdivx32.dll
BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - e:\progra~1\spybot~1\SDHelper.dll
BHO: DivX HiQ: {593ddec6-7468-4cdd-90e1-42dadaa222e9} - d:\program files\divx\divx plus web player\npdivx32.dll
BHO: Yahoo! IE Services Button: {5bab4b5b-68bc-4b02-94d6-2fc0de4a7897} - d:\program files\yahoo!\common\yiesrvc.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - d:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - d:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No File
uRun: [SpybotSD TeaTimer] e:\program files\spybot - search & destroy\TeaTimer.exe
uRun: [RocketDock] "d:\program files\rocketdock\RocketDock.exe"
mRun: [RTHDCPL] RTHDCPL.EXE
mRun: [SkyTel] SkyTel.EXE
mRun: [IgfxTray] d:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] d:\windows\system32\hkcmd.exe
mRun: [Persistence] d:\windows\system32\igfxpers.exe
mRun: [egui] "d:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice
mRun: [SunJavaUpdateSched] "d:\program files\common files\java\java update\jusched.exe"
mRun: [DivXUpdate] "d:\program files\divx\divx update\DivXUpdate.exe" /CHECKNOW
dRunOnce: [nlsf] cmd.exe /C move /Y "%SystemRoot%\System32\syssetub.dll" "%SystemRoot%\System32\syssetup.dll"
dRunOnce: [tscuninstall] %systemroot%\system32\tscupgrd.exe
IE: E&xport to Microsoft Excel - d:\progra~1\micros~1\office11\EXCEL.EXE/3000
IE: {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - d:\program files\yahoo!\common\yiesrvc.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - d:\progra~1\micros~1\office11\REFIEBAR.DLL
IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - e:\progra~1\spybot~1\SDHelper.dll
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - d:\program files\yahoo!\common\Yinsthelper.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab
TCP: {148290E1-EB23-47C8-8527-8CAD3AFE7B9B} = 208.67.222.222,208.67.220.220
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - d:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: !SASWinLogon - d:\program files\superantispyware\SASWINLO.DLL
Notify: DfLogon - LogonDll.dll
Notify: igfxcui - igfxdev.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - d:\program files\superantispyware\SASSEH.DLL
.
================= FIREFOX ===================
.
FF - ProfilePath - d:\docume~1\st6fe9~1.mic\applic~1\mozilla\firefox\profiles\uv7v33rl.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
FF - plugin: d:\program files\divx\divx ovs helper\npovshelper.dll
FF - plugin: d:\program files\divx\divx plus web player\npdivx32.dll
FF - plugin: d:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll
.
============= SERVICES / DRIVERS ===============
.
R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [2004-8-8 93568]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2008-2-20 33800]
R1 SASDIFSV;SASDIFSV;d:\program files\superantispyware\sasdifsv.sys [2010-2-18 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\superantispyware\SASKUTIL.SYS [2010-5-11 67656]
R2 ekrn;Eset Service;d:\program files\eset\eset nod32 antivirus\ekrn.exe [2008-2-20 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;d:\windows\system32\regedt32.exe [2006-1-13 3584]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\program files\garena\safedrv.sys --> e:\program files\garena\safedrv.sys [?]
.
=============== Created Last 30 ================
.
2011-04-06 00:27:51 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-04-05 02:11:12 -------- d-s---w- d:\documents and settings\st.michael\UserData
2011-04-05 02:01:26 98816 ----a-w- d:\windows\sed.exe
2011-04-05 02:01:26 89088 ----a-w- d:\windows\MBR.exe
2011-04-05 02:01:26 256512 ----a-w- d:\windows\PEV.exe
2011-04-05 02:01:26 161792 ----a-w- d:\windows\SWREG.exe
2011-03-25 00:58:37 -------- d-----w- d:\docume~1\alluse~1\applic~1\DivX
2011-03-17 09:03:15 172032 ----a-w- d:\windows\system32\AniGIF.ocx
.
==================== Find3M ====================
.
2011-02-02 13:40:23 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-02-02 11:19:39 73728 ----a-w- d:\windows\system32\javacpl.cpl
.
============= FINISH: 17:31:08.62 ===============

Attach.txt Log File:

.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_11-03-05.01)
.
Microsoft Windows XP Professional
Boot Device: \Device\HarddiskVolume1
Install Date: 1/12/2009 7:54:03 PM
System Uptime: 4/11/2011 5:11:35 PM (0 hours ago)
.
Motherboard: Intel Corporation | | DG31PR
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | J3E1 | 2199/800mhz
Processor: Intel(R) Pentium(R) Dual CPU E2200 @ 2.20GHz | J3E1 | 2199/800mhz
.
==== Disk Partitions =========================
.
C: is FIXED (FAT32) - 29 GiB total, 3.976 GiB free.
D: is FIXED (NTFS) - 98 GiB total, 3.642 GiB free.
E: is FIXED (NTFS) - 106 GiB total, 11.426 GiB free.
F: is CDROM ()
G: is CDROM ()
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP25: 3/18/2009 4:51:56 PM - Removed Java(TM) 6 Update 11
RP26: 3/18/2009 4:52:14 PM - Installed Java(TM) 6 Update 12
RP27: 3/28/2009 2:14:39 AM - Installed Java(TM) 6 Update 13
RP28: 4/30/2009 5:23:04 PM - Avira AntiVir Personal - 4/30/2009 10:23
RP29: 4/30/2009 5:25:45 PM - Avira AntiVir Personal - 4/30/2009 10:25
RP30: 4/30/2009 5:27:38 PM - Avira AntiVir Personal - 4/30/2009 10:27
RP31: 4/30/2009 5:30:48 PM - Avira AntiVir Personal - 4/30/2009 10:30
RP32: 5/10/2009 9:16:15 PM - Avira AntiVir Personal - 5/10/2009 14:16
RP33: 5/11/2009 12:41:00 AM - Scanned
RP34: 5/13/2009 5:11:19 PM - Installed ESET NOD32 Antivirus
RP35: 6/4/2009 8:25:23 AM - Removed ESET NOD32 Antivirus
RP36: 6/4/2009 8:33:01 AM - Installed ESET NOD32 Antivirus
RP37: 6/12/2009 3:31:42 PM - Installed Java(TM) 6 Update 14
RP38: 6/12/2009 6:59:38 PM - Removed Safari
RP39: 7/4/2009 11:42:48 PM - Removed ESET NOD32 Antivirus
RP40: 7/4/2009 11:52:04 PM - Installed ESET NOD32 Antivirus
RP41: 8/27/2009 4:29:03 PM - Installed Java(TM) 6 Update 15
RP42: 10/17/2009 3:02:33 PM - System Checkpoint
RP43: 10/23/2009 9:19:57 AM - Restore Operation
RP44: 10/23/2009 9:22:49 AM - Restore Operation
RP45: 10/23/2009 10:43:37 AM - Restore Operation
RP46: 10/23/2009 10:49:01 AM - Restore Operation
RP47: 10/23/2009 11:09:51 AM - Removed ESET NOD32 Antivirus
RP48: 10/23/2009 11:14:16 AM - Installed ESET NOD32 Antivirus
RP49: 10/23/2009 11:20:32 AM - Removed ESET NOD32 Antivirus
RP50: 10/23/2009 11:20:52 AM - Removed ESET NOD32 Antivirus
RP51: 10/23/2009 11:43:46 AM - Removed Safari
RP52: 10/23/2009 12:13:56 PM - Installed Avast
RP53: 10/26/2009 9:31:22 AM - System Checkpoint
RP54: 10/26/2009 12:57:23 PM - Installed ESET NOD32 Antivirus
RP55: 10/26/2009 1:00:59 PM - Installed Eset Nod32
RP56: 11/10/2009 9:58:20 AM - System Checkpoint
RP57: 11/25/2009 9:08:44 AM - Installed Java(TM) 6 Update 17
RP58: 1/30/2010 6:48:29 PM - System Checkpoint
RP59: 1/30/2010 8:30:33 PM - Removed Garena
RP60: 3/7/2010 8:55:31 AM - Installed Xara3D6
RP61: 3/12/2010 6:38:46 AM - Installed Java(TM) 6 Update 18
RP62: 4/1/2010 9:48:10 AM - Removed Java(TM) 6 Update 12
RP63: 4/1/2010 9:48:37 AM - Installed Java(TM) 6 Update 19
RP64: 5/13/2010 5:47:49 PM - Installed Java(TM) 6 Update 20
RP65: 8/23/2010 3:08:21 PM - Installed Java(TM) 6 Update 21
RP66: 10/21/2010 9:04:33 AM - Virgin
RP67: 10/24/2010 12:00:50 PM - Restore Operation
RP68: 11/2/2010 8:09:07 AM - Installed Java(TM) 6 Update 22
RP69: 11/21/2010 9:55:40 AM - System Checkpoint
RP70: 1/11/2011 5:53:17 AM - System Checkpoint
RP71: 1/11/2011 8:18:58 AM - Installed Java(TM) 6 Update 23
RP72: 2/24/2011 9:17:18 AM - Installed Java(TM) 6 Update 24
RP73: 3/5/2011 2:16:05 PM - IObit Uninstaller RestorePoint
RP74: 4/3/2011 5:18:04 PM - mao lagi
RP75: 4/4/2011 8:45:49 AM - Removed Xara3D6
RP76: 4/6/2011 8:07:06 AM - System Checkpoint
RP77: 4/6/2011 8:16:28 AM - Removed SUPERAntiSpyware Free Edition
RP78: 4/7/2011 5:24:33 PM - System Checkpoint
.
==== Installed Programs ======================
.
.
µTorrent
7-Zip 4.65
Adobe Flash Player 10 ActiveX
Adobe Flash Player 10 Plugin
Adobe Photoshop 7.0
Any Video Converter 2.5.2
Apple Software Update
AVI Movie Player
Bonjour
Camtasia Studio 6
Canon Camera Access Library
Canon Camera Support Core Library
Canon Digital Camera Solution Disk 34 Software Starter Guide
Canon Direct Print User Guide
Canon G.726 WMP-Decoder
Canon MovieEdit Task for ZoomBrowser EX
Canon PowerShot A470 Camera User Guide
Canon RAW Image Task for ZoomBrowser EX
Canon Utilities CameraWindow
Canon Utilities CameraWindow DC
Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
Canon Utilities EOS Utility
Canon Utilities MyCamera
Canon Utilities MyCamera DC
Canon Utilities PhotoStitch
Canon Utilities RemoteCapture Task for ZoomBrowser EX
Canon Utilities ZoomBrowser EX
Canon ZoomBrowser EX Memory Card Utility
CCleaner
Chikka Messenger V4
CyberLink PowerDVD 8
DivX Plus DirectShow Filters
DivX Setup
DivX Version Checker
ESET NOD32 Antivirus
Foxit Reader
Garena 2010
Intel(R) Graphics Media Accelerator Driver
Java Auto Updater
Java(TM) 6 Update 24
LimeWire 4.18.8
Malwarebytes' Anti-Malware
Microsoft .NET Framework 2.0
Microsoft Office Professional Edition 2003
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
mIRC
Mozilla Firefox 4.0 (x86 en-US)
Nero Suite
NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
On2 VP7 Personal Edition
QuickTime Alternative 1.67
Realtek High Definition Audio Driver
RocketDock 1.3.5
Safari
Skype™ 4.0
Software Update for Web Folders
SUPERAntiSpyware
VC80CRTRedist - 8.0.50727.4053
VideoLAN VLC media player 0.8.6d
VobSub v2.23 (Remove Only)
Win AVI HelixSDK
Winamp
WinAVI Video Converter
Yahoo! Browser Services
Yahoo! Install Manager
Yahoo! Messenger
YouTube Downloader 2.7.1
.
==== Event Viewer Messages From Past Week ========
.
4/6/2011 9:02:05 AM, error: Service Control Manager [7023] - The Automatic Updates service terminated with the following error: The specified module could not be found.
4/6/2011 9:02:05 AM, error: Service Control Manager [7009] - Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service to connect.
4/6/2011 9:02:05 AM, error: Service Control Manager [7001] - The Canon Camera Access Library 8 service depends on the Windows Image Acquisition (WIA) service which failed to start because of the following error: The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
4/6/2011 9:02:05 AM, error: Service Control Manager [7000] - The Eset Nod32 Boot service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
.
==== End Of File ===========================

Broni · Apr 11, 2011

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running tools or applying updates other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

=====================================================================

Download MBRCheck to your desktop

Double click MBRCheck.exe to run (Vista and Windows 7 users, right click and select Run as Administrator).
It will show a black screen with some data on it.
Enter N to exit.
A report called MBRcheckxxxx.txt will be on your desktop
Open this report and post its content in your next reply.

=====================================================================

Please download ComboFix from Here or Here to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

Please, never rename Combofix unless instructed.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
- Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
- Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
NOTE1. If Combofix asks you to install Recovery Console, please allow it.
NOTE 2. If Combofix asks you to update the program, always do so.
- Close any open browsers.
- WARNING: Combofix will disconnect your machine from the Internet as soon as it starts
- Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
- If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
Double click on combofix.exe & follow the prompts.
When finished, it will produce a report for you.
Please post the "C:\ComboFix.txt"

**Note 1: Do not mouseclick combofix's window while it's running. That may cause it to stall
**Note 2 for AVG users: ComboFix will not run until AVG is uninstalled as a protective measure against the anti-virus. This is because AVG "falsely" detects ComboFix (or its embedded files) as a threat and may remove them resulting in the tool not working correctly which in turn can cause "unpredictable results". Since AVG cannot be effectively disabled before running ComboFix, the author recommends you to uninstall AVG first.
Use AppRemover to uninstall it: https://www.techspot.com/downloads/5514-appremover.html
We can reinstall it when we're done with CF.
**Note 3: If you receive an error "Illegal operation attempted on a registery key that has been marked for deletion", restart computer to fix the issue.

Make sure, you re-enable your security programs, when you're done with Combofix.

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

NOTE.
If, for some reason, Combofix refuses to run, try one of the following:

1. Run Combofix from Safe Mode.

2. Delete Combofix file, download fresh one, but rename combofix.exe to your_name.exe BEFORE saving it to your desktop.
Do NOT run it yet.

Please download and run the below tool named Rkill (courtesy of BleepingComputer.com) which may help allow other programs to run.

There are 4 different versions. If one of them won't run then download and try to run the other one.

Vista and Win7 users need to right click Rkill and choose Run as Administrator

You only need to get one of these to run, not all of them. You may get warnings from your antivirus about this tool, ignore them or shutdown your antivirus.

Rkill.com
Rkill.scr
Rkill.exe

Double-click on the Rkill desktop icon to run the tool.
If using Vista or Windows 7 right-click on it and choose Run As Administrator.
A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully.
If not, delete the file, then download and use the one provided in Link 2.
If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs.
Do not reboot until instructed.
If the tool does not run from any of the links provided, please let me know.

Once you've gotten one of them to run, immediately run your_name.exe by double clicking on it.

If normal mode still doesn't work, run BOTH tools from safe mode.

In case #2, please post BOTH logs, rKill and Combofix.

DO NOT make any other changes to your computer (like installing programs, using other cleaning tools, etc.), until it's officially declared clean!!!

clyde85 · Apr 12, 2011

Hi,

Thanks for replying. I downloaded the softwares you suggested and ran them.

Here is the MBRCheck logfile:

MBRCheck, version 1.2.3
(c) 2010, AD

Command-line:
Windows Version: Windows XP Professional
Windows Information: Service Pack 2 (build 2600)
Logical Drives Mask: 0x0000007c

Kernel Drivers (total 116):
0x804D7000 \WINDOWS\system32\ntkrnlpa.exe
0x806E2000 \WINDOWS\system32\hal.dll
0xF7B56000 \WINDOWS\system32\KDCOM.DLL
0xF7A66000 \WINDOWS\system32\BOOTVID.dll
0xF7527000 ACPI.sys
0xF7B58000 \WINDOWS\system32\DRIVERS\WMILIB.SYS
0xF7516000 pci.sys
0xF7656000 isapnp.sys
0xF7C1E000 pciide.sys
0xF78D6000 \WINDOWS\system32\DRIVERS\PCIIDEX.SYS
0xF7666000 MountMgr.sys
0xF74F7000 ftdisk.sys
0xF7B5A000 dmload.sys
0xF74D1000 dmio.sys
0xF78DE000 PartMgr.sys
0xF7676000 VolSnap.sys
0xF74B9000 atapi.sys
0xF7686000 disk.sys
0xF7696000 \WINDOWS\system32\DRIVERS\CLASSPNP.SYS
0xF749A000 fltMgr.sys
0xF7488000 sr.sys
0xF76A6000 PxHelp20.sys
0xF7471000 KSecDD.sys
0xF73E4000 Ntfs.sys
0xF73B7000 NDIS.sys
0xF739D000 Mup.sys
0xF7386000 DeepFrz.sys
0xF6AE3000 \SystemRoot\system32\DRIVERS\igxpmp32.sys
0xF6ACF000 \SystemRoot\system32\DRIVERS\VIDEOPRT.SYS
0xF6AAA000 \SystemRoot\system32\DRIVERS\HDAudBus.sys
0xF6A91000 \SystemRoot\system32\DRIVERS\Rtenicxp.sys
0xF7976000 \SystemRoot\system32\DRIVERS\usbuhci.sys
0xF6A6E000 \SystemRoot\system32\DRIVERS\USBPORT.SYS
0xF797E000 \SystemRoot\system32\DRIVERS\usbehci.sys
0xF7776000 \SystemRoot\system32\DRIVERS\i8042prt.sys
0xF7986000 \SystemRoot\system32\DRIVERS\kbdclass.sys
0xF798E000 \SystemRoot\system32\DRIVERS\fdc.sys
0xF7786000 \SystemRoot\system32\DRIVERS\serial.sys
0xF7B22000 \SystemRoot\system32\DRIVERS\serenum.sys
0xF7796000 \SystemRoot\system32\DRIVERS\cdrom.sys
0xF77A6000 \SystemRoot\system32\DRIVERS\redbook.sys
0xF6A4B000 \SystemRoot\system32\DRIVERS\ks.sys
0xF77B6000 \SystemRoot\system32\DRIVERS\imapi.sys
0xF77C6000 \SystemRoot\system32\DRIVERS\intelppm.sys
0xF7D4C000 \SystemRoot\system32\DRIVERS\audstub.sys
0xF77D6000 \SystemRoot\system32\DRIVERS\rasl2tp.sys
0xF7B2E000 \SystemRoot\system32\DRIVERS\ndistapi.sys
0xF6A34000 \SystemRoot\system32\DRIVERS\ndiswan.sys
0xF77E6000 \SystemRoot\system32\DRIVERS\raspppoe.sys
0xF77F6000 \SystemRoot\system32\DRIVERS\raspptp.sys
0xF7996000 \SystemRoot\system32\DRIVERS\TDI.SYS
0xF6A23000 \SystemRoot\system32\DRIVERS\psched.sys
0xF7806000 \SystemRoot\system32\DRIVERS\msgpc.sys
0xF799E000 \SystemRoot\system32\DRIVERS\ptilink.sys
0xF79A6000 \SystemRoot\system32\DRIVERS\raspti.sys
0xF69F2000 \SystemRoot\system32\DRIVERS\rdpdr.sys
0xF7816000 \SystemRoot\system32\DRIVERS\termdd.sys
0xF79AE000 \SystemRoot\system32\DRIVERS\mouclass.sys
0xF7B70000 \SystemRoot\system32\DRIVERS\swenum.sys
0xF69BE000 \SystemRoot\system32\DRIVERS\update.sys
0xF7B4A000 \SystemRoot\system32\DRIVERS\mssmbios.sys
0xF7836000 \SystemRoot\System32\Drivers\NDProxy.SYS
0xA8E43000 \SystemRoot\system32\drivers\RtkHDAud.sys
0xA8E1F000 \SystemRoot\system32\drivers\portcls.sys
0xF7846000 \SystemRoot\system32\drivers\drmk.sys
0xF7856000 \SystemRoot\system32\DRIVERS\usbhub.sys
0xF7B74000 \SystemRoot\system32\DRIVERS\USBD.SYS
0xF7B76000 \SystemRoot\System32\Drivers\Fs_Rec.SYS
0xF7CC6000 \SystemRoot\System32\Drivers\Null.SYS
0xF7B78000 \SystemRoot\System32\Drivers\Beep.SYS
0xF79C6000 \SystemRoot\System32\drivers\vga.sys
0xF7B7A000 \SystemRoot\System32\Drivers\mnmdd.SYS
0xF7B7C000 \SystemRoot\System32\DRIVERS\RDPCDD.sys
0xF79CE000 \SystemRoot\System32\Drivers\Msfs.SYS
0xF79D6000 \SystemRoot\System32\Drivers\Npfs.SYS
0xF7B0E000 \SystemRoot\system32\DRIVERS\rasacd.sys
0xA8CFC000 \SystemRoot\system32\DRIVERS\ipsec.sys
0xA8CA4000 \SystemRoot\system32\DRIVERS\tcpip.sys
0xF7876000 \SystemRoot\system32\DRIVERS\epfwtdir.sys
0xA8C83000 \SystemRoot\system32\DRIVERS\ipnat.sys
0xA8C5B000 \SystemRoot\system32\DRIVERS\netbt.sys
0xF7886000 \SystemRoot\system32\DRIVERS\wanarp.sys
0xA8C39000 \SystemRoot\System32\drivers\afd.sys
0xF7896000 \SystemRoot\system32\DRIVERS\netbios.sys
0xA8C17000 \??\D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS
0xF79DE000 \??\D:\Program Files\SUPERAntiSpyware\SASDIFSV.SYS
0xA8BEC000 \SystemRoot\system32\DRIVERS\rdbss.sys
0xA8B7D000 \SystemRoot\system32\DRIVERS\mrxsmb.sys
0xF78A6000 \SystemRoot\System32\Drivers\Fips.SYS
0xA9F77000 \SystemRoot\system32\DRIVERS\hidusb.sys
0xF78B6000 \SystemRoot\system32\DRIVERS\HIDCLASS.SYS
0xF79E6000 \SystemRoot\system32\DRIVERS\HIDPARSE.SYS
0xA9F73000 \SystemRoot\system32\DRIVERS\mouhid.sys
0xF78C6000 \SystemRoot\system32\DRIVERS\easdrv.sys
0xA8B31000 \SystemRoot\System32\Drivers\Fastfat.SYS
0xBF800000 \SystemRoot\System32\win32k.sys
0xA8E1B000 \SystemRoot\System32\drivers\Dxapi.sys
0xF79F6000 \SystemRoot\System32\watchdog.sys
0xBF000000 \SystemRoot\System32\drivers\dxg.sys
0xF7C5B000 \SystemRoot\System32\drivers\dxgthk.sys
0xBF024000 \SystemRoot\System32\igxpgd32.dll
0xBF012000 \SystemRoot\System32\igxprd32.dll
0xBF04F000 \SystemRoot\System32\igxpdv32.DLL
0xBF1E7000 \SystemRoot\System32\igxpdx32.DLL
0xA8A2D000 \SystemRoot\system32\DRIVERS\ndisuio.sys
0xA87AC000 \SystemRoot\system32\drivers\wdmaud.sys
0xA8A91000 \SystemRoot\system32\drivers\sysaudio.sys
0xA84AD000 \SystemRoot\System32\Drivers\Cdfs.SYS
0xA8320000 \SystemRoot\system32\DRIVERS\mrxdav.sys
0xA82D3000 \SystemRoot\system32\DRIVERS\eamon.sys
0xA8259000 \SystemRoot\system32\DRIVERS\srv.sys
0xA8209000 \SystemRoot\system32\DRIVERS\secdrv.sys
0xA7FE8000 \SystemRoot\System32\Drivers\HTTP.sys
0xA7C4C000 \SystemRoot\system32\drivers\kmixer.sys
0xBFFA0000 \SystemRoot\System32\ATMFD.DLL
0x7C900000 \WINDOWS\system32\ntdll.dll

Processes (total 34):
0 System Idle Process
4 System
660 D:\WINDOWS\system32\smss.exe
708 csrss.exe
732 D:\WINDOWS\system32\winlogon.exe
776 D:\WINDOWS\system32\services.exe
788 D:\WINDOWS\system32\lsass.exe
948 D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe
980 D:\WINDOWS\system32\svchost.exe
1052 svchost.exe
1148 D:\WINDOWS\system32\svchost.exe
1244 svchost.exe
1348 svchost.exe
1516 D:\WINDOWS\system32\spoolsv.exe
1788 D:\WINDOWS\explorer.exe
1876 D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
1884 D:\WINDOWS\RTHDCPL.EXE
1908 D:\WINDOWS\system32\hkcmd.exe
1920 D:\WINDOWS\system32\igfxpers.exe
1932 D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
1984 D:\Program Files\Common Files\Java\Java Update\jusched.exe
2000 D:\WINDOWS\system32\igfxsrvc.exe
2020 D:\Program Files\DivX\DivX Update\DivXUpdate.exe
212 E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
220 D:\Program Files\RocketDock\RocketDock.exe
464 D:\Program Files\Bonjour\mDNSResponder.exe
496 D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
564 D:\Program Files\Java\jre6\bin\jqs.exe
580 alg.exe
2352 D:\WINDOWS\system32\svchost.exe
680 D:\Program Files\Safari\Safari.exe
2144 D:\Program Files\Safari\Safari.exe
3468 D:\Program Files\Microsoft Office\OFFICE11\WINWORD.EXE
3536 D:\Documents and Settings\St.Michael\Desktop\MBRCheck.exe

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`00007e00 (FAT32)
\\.\D: --> \\.\PhysicalDrive0 at offset 0x00000007`52c65e00 (NTFS)
\\.\E: --> \\.\PhysicalDrive0 at offset 0x0000001f`bcabf600 (NTFS)

PhysicalDrive0 Model Number: ST3250310AS, Rev: 4.AAA

Size Device Name MBR Status
--------------------------------------------
232 GB \\.\PhysicalDrive0 Windows XP MBR code detected
SHA1: DA38B874B7713D1B51CBC449F4EF809B0DEC644A

Done!

Here is the ComboFix Log File:

ComboFix 11-04-12.01 - St.Michael 04/13/2011 9:13.4.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1012.557 [GMT 8:00]
Running from: d:\documents and settings\St.Michael\Desktop\ComboFix.exe
AV: ESET NOD32 Antivirus 3.0 *Disabled/Updated* {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0}
* Created a new restore point
.
.
((((((((((((((((((((((((( Files Created from 2011-03-13 to 2011-04-13 )))))))))))))))))))))))))))))))
.
.
2011-04-13 01:11 . 2011-04-13 01:12 -------- d-----r- D:\32788R22FWJFW
2011-04-06 00:27 . 2011-04-06 00:28 -------- d-----w- d:\program files\SUPERAntiSpyware
2011-04-05 02:11 . 2011-04-05 02:11 -------- d-s---w- d:\documents and settings\St.Michael\UserData
2011-03-25 00:58 . 2011-04-10 08:49 -------- d-----w- d:\documents and settings\All Users\Application Data\DivX
2011-03-17 09:03 . 2011-03-17 09:03 172032 ----a-w- d:\windows\system32\AniGIF.ocx
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-02-02 13:40 . 2010-05-13 09:49 472808 ----a-w- d:\windows\system32\deployJava1.dll
2011-02-02 11:19 . 2010-04-01 01:48 73728 ----a-w- d:\windows\system32\javacpl.cpl
2011-03-18 17:53 . 2011-04-08 01:00 142296 ----a-w- d:\program files\mozilla firefox\components\browsercomps.dll
.
.
------- Sigcheck -------
.
[-] 2006-01-13 . 2A4818AEA80ACD2C95D7D92D2F3155F8 . 360448 . . [5.1.2600.2688] . . d:\windows\system32\drivers\tcpip.sys
.
[-] 2006-01-13 . 2DEACA71A7FD77205F59D48D76B2F565 . 1075200 . . [6.00.2900.2649] . . d:\windows\explorer.exe
.
.
((((((((((((((((((((((((((((( SnapShot@2011-04-05_02.05.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2011-04-13 00:57 . 2011-04-13 00:57 16384 d:\windows\Temp\Perflib_Perfdata_234.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="e:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-01-26 2144088]
"RocketDock"="d:\program files\RocketDock\RocketDock.exe" [2007-09-02 495616]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2006-09-12 16264192]
"SkyTel"="SkyTel.EXE" [2006-05-16 2879488]
"IgfxTray"="d:\windows\system32\igfxtray.exe" [2008-01-16 141848]
"HotKeysCmds"="d:\windows\system32\hkcmd.exe" [2008-01-16 166424]
"Persistence"="d:\windows\system32\igfxpers.exe" [2008-01-16 137752]
"egui"="d:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2008-02-20 1443072]
"SunJavaUpdateSched"="d:\program files\Common Files\Java\Java Update\jusched.exe" [2010-10-29 249064]
"DivXUpdate"="d:\program files\DivX\DivX Update\DivXUpdate.exe" [2011-03-21 1230704]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"nlsf"="move" [X]
"tscuninstall"="d:\windows\system32\tscupgrd.exe" [2006-01-13 44544]
.
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "d:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 22:21 548352 ----a-w- d:\program files\SUPERAntiSpyware\SASWINLO.DLL
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DfLogon]
2004-08-08 11:50 49152 ----a-w- d:\windows\system32\LogonDll.dll
.
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ autocheck autochk /k:C /k

/k:E *
.
[HKLM\~\startupfolder\D:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Gamma Loader.lnk]
path=d:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Gamma Loader.lnk
backup=d:\windows\pss\Adobe Gamma Loader.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Alcmtr]
2005-05-03 10:43 69632 ----a-r- d:\windows\ALCMTR.EXE
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BDRegion]
2008-05-19 20:24 91432 ----a-w- d:\program files\CyberLink\Shared Files\brs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Chikka]
2007-04-11 19:40 36864 ----a-w- d:\program files\Chikka Messenger\Chikka v.4\ChikkaLauncher.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DivXUpdate]
2011-03-21 21:10 1230704 ----a-w- d:\program files\DivX\DivX Update\DivXUpdate.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 10:50 155648 ----a-w- d:\windows\system32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PDVD8LanguageShortcut]
2007-12-14 11:36 50472 ------w- d:\program files\CyberLink\PowerDVD8\Language\Language.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl8]
2008-03-20 20:23 83240 ------w- d:\program files\CyberLink\PowerDVD8\PDVD8Serv.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RRT-Auto]
2011-03-04 01:19 5029888 ----a-w- e:\installers\RRT.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
2007-10-10 05:28 36352 ----a-w- d:\program files\Winamp\winampa.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"avast! Web Scanner"=3 (0x3)
"avast! Mail Scanner"=3 (0x3)
"avast! Antivirus"=2 (0x2)
"aswUpdSv"=2 (0x2)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"d:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"d:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"d:\\Program Files\\CyberLink\\PowerDVD8\\PowerDVD8.exe"=
"d:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"e:\\Program Files\\uTorrent.exe"=
"d:\\Program Files\\Skype\\Phone\\Skype.exe"=
.
R0 DeepFrz;DeepFrz;d:\windows\system32\drivers\DeepFrz.sys [8/8/2004 7:43 PM 93568]
R1 epfwtdir;epfwtdir;d:\windows\system32\drivers\epfwtdir.sys [2/20/2008 11:11 AM 33800]
R1 SASDIFSV;SASDIFSV;d:\program files\SUPERAntiSpyware\sasdifsv.sys [2/18/2010 2:25 AM 12872]
R1 SASKUTIL;SASKUTIL;d:\program files\SUPERAntiSpyware\SASKUTIL.SYS [5/11/2010 2:41 AM 67656]
R2 ekrn;Eset Service;d:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [2/20/2008 11:08 AM 472320]
S2 NOD32FiXTemDono;Eset Nod32 Boot;d:\windows\system32\regedt32.exe [1/13/2006 9:27 AM 3584]
S3 GGSAFERDriver;GGSAFER Driver;\??\e:\program files\Garena\safedrv.sys --> e:\program files\Garena\safedrv.sys [?]
.
Contents of the 'Scheduled Tasks' folder
.
2009-10-23 d:\windows\Tasks\AppleSoftwareUpdate.job
- d:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 12:34]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ycomp/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - d:\progra~1\MICROS~1\OFFICE11\EXCEL.EXE/3000
TCP: {148290E1-EB23-47C8-8527-8CAD3AFE7B9B} = 208.67.222.222,208.67.220.220
FF - ProfilePath - d:\documents and settings\St.Michael\Application Data\Mozilla\Firefox\Profiles\uv7v33rl.default\
FF - prefs.js: browser.startup.homepage - google.com
FF - prefs.js: network.proxy.type - 0
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-04-13 09:15
Windows 5.1.2600 Service Pack 2 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'winlogon.exe'(732)
d:\program files\SUPERAntiSpyware\SASWINLO.DLL
d:\windows\system32\LogonDll.dll
.
- - - - - - - > 'Explorer.EXE'(1788)
d:\program files\RocketDock\RocketDock.dll
d:\program files\Common Files\Ahead\Lib\NeroDigitalExt.dll
d:\windows\system32\igfxpph.dll
d:\windows\system32\hccutils.DLL
d:\windows\system32\igfxres.dll
d:\windows\system32\igfxress.dll
d:\windows\system32\igfxsrvc.dll
d:\windows\system32\browselc.dll
e:\progra~1\SPYBOT~1\SDHelper.dll
d:\windows\system32\shdoclc.dll
d:\program files\SUPERAntiSpyware\SASSEH.DLL
d:\program files\Unlocker\UnlockerCOM.dll
d:\program files\Malwarebytes' Anti-Malware\mbamext.dll
d:\program files\ESET\ESET NOD32 Antivirus\shellExt.dll
d:\windows\system32\CopyToSendTo.dll
d:\program files\Common Files\Adobe\Shell\PSICON.DLL
d:\program files\7-Zip\7-zip.dll
.
Completion time: 2011-04-13 09:17:10
ComboFix-quarantined-files.txt 2011-04-13 01:17
ComboFix2.txt 2011-04-05 03:30
ComboFix3.txt 2011-04-05 02:06
.
Pre-Run: 3,836,936,192 bytes free
Post-Run: 3,827,286,016 bytes free
.
- - End Of File - - 8A5E6D5B091C5EDFE3A0616799369756

Here is the Rkill Log File:

This log file is located at D:\rkill.log.
Please post this only if requested to by the person helping you.
Otherwise you can close this log when you wish.

Rkill was run on 04/13/2011 at 9:23:26.
Operating System: Microsoft Windows XP

Processes terminated by Rkill or while it was running:

Rkill completed on 04/13/2011 at 9:23:28.

Broni · Apr 12, 2011

Do you have Windows XP CD?

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
64-bit users go HERE

Double-click SystemLook.exe to run it.
Vista\Win 7 users:: Right click on SystemLook.exe, click Run As Administrator
Copy the content of the following box into the main textfield:
Code:
```
:filefind
explorer.exe
tcpip.sys
```
Click the Look button to start the scan.
When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop entitled SystemLook.txt

clyde85 · Apr 13, 2011

i'm afraid I don't have one. My brother bought this PC and told me there was no Windows XP CD with it. Maybe it wasn't included in the package when he bought it.

Can I still proceed with this step (SystemLook) you provided without the Windows XP CD?

Broni · Apr 13, 2011

Yes, go ahead....

clyde85 · Apr 14, 2011

I noticed when I open my Web Browser, it doesn't connect to the internet at once. Worse, I get an error saying "Page cannot be displayed". I have 3 browsers (Safari, IE and Mozilla). I tried opening them and still get the same error. I don't think there's a conflict or something between the 3 browsers since I have them 3 installed ages ago and did not even once get a problem until now. Although, after I keep hitting the refresh button, it would eventually connect to the internet. This keeps happening every after I reboot. You think this is spyware/malware at work?

Anyway, here is the SystemLook Log File:

SystemLook 04.09.10 by jpshortstuff
Log created at 17:44 on 14/04/2011 by St.Michael
Administrator - Elevation successful

========== filefind ==========

Searching for "explorer.exe"
D:\WINDOWS\explorer.exe --a---- 1075200 bytes [01:46 13/01/2006] [01:46 13/01/2006] 2DEACA71A7FD77205F59D48D76B2F565

Searching for "tcpip.sys"
D:\WINDOWS\system32\drivers\tcpip.sys --a---- 360448 bytes [02:03 13/01/2006] [02:03 13/01/2006] 2A4818AEA80ACD2C95D7D92D2F3155F8

-= EOF =-

Broni · Apr 14, 2011

You can have as many browsers installed, as you want.
That's not the issue.

We'll keep checking.

I need you to re-run SystemLook with the following code:

Code:

:file
D:\WINDOWS\explorer.exe
D:\WINDOWS\system32\drivers\tcpip.sys

clyde85 · Apr 14, 2011

Here is the Log File:

SystemLook 04.09.10 by jpshortstuff
Log created at 09:12 on 15/04/2011 by St.Michael
Administrator - Elevation successful

========== file ==========

D:\WINDOWS\explorer.exe - File found and opened.
MD5: 2DEACA71A7FD77205F59D48D76B2F565
Created at 01:46 on 13/01/2006
Modified at 01:46 on 13/01/2006
Size: 1075200 bytes
Attributes: --a----
FileDescription: Windows Explorer
FileVersion: 6.00.2900.2649 (xpsp.050406-1732)
ProductVersion: 6.00.2900.2649
OriginalFilename: EXPLORER.EXE
InternalName: explorer
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

D:\WINDOWS\system32\drivers\tcpip.sys - File found and opened.
MD5: 2A4818AEA80ACD2C95D7D92D2F3155F8
Created at 02:03 on 13/01/2006
Modified at 02:03 on 13/01/2006
Size: 360448 bytes
Attributes: --a----
FileDescription: TCP/IP Protocol Driver
FileVersion: 5.1.2600.2688 (xpsp.050531-1521)
ProductVersion: 5.1.2600.2688
OriginalFilename: tcpip.sys
InternalName: tcpip.sys
ProductName: Microsoft® Windows® Operating System
CompanyName: Microsoft Corporation
LegalCopyright: © Microsoft Corporation. All rights reserved.

-= EOF =-

Broni · Apr 14, 2011

Those files are fine.

Download OTL to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
Click the Scan All Users checkbox.
Under the Custom Scan box paste this in:

netsvcs
drivers32
%SYSTEMDRIVE%\*.*
%systemroot%\Fonts\*.com
%systemroot%\Fonts\*.dll
%systemroot%\Fonts\*.ini
%systemroot%\Fonts\*.ini2
%systemroot%\Fonts\*.exe
%systemroot%\system32\spool\prtprocs\w32x86\*.*
%systemroot%\REPAIR\*.bak1
%systemroot%\REPAIR\*.ini
%systemroot%\system32\*.jpg
%systemroot%\*.jpg
%systemroot%\*.png
%systemroot%\*.scr
%systemroot%\*._sy
%APPDATA%\Adobe\Update\*.*
%ALLUSERSPROFILE%\Favorites\*.*
%APPDATA%\Microsoft\*.*
%PROGRAMFILES%\*.*
%APPDATA%\Update\*.*
%systemroot%\*. /mp /s
CREATERESTOREPOINT
%systemroot%\System32\config\*.sav
%PROGRAMFILES%\bak. /s
%systemroot%\system32\bak. /s
%ALLUSERSPROFILE%\Start Menu\*.lnk /x
%systemroot%\system32\config\systemprofile\*.dat /x
%systemroot%\*.config
%systemroot%\system32\*.db
%APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x
%USERPROFILE%\Desktop\*.exe
%PROGRAMFILES%\Common Files\*.*
%systemroot%\*.src
%systemroot%\install\*.*
%systemroot%\system32\DLL\*.*
%systemroot%\system32\HelpFiles\*.*
%systemroot%\system32\rundll\*.*
%systemroot%\winn32\*.*
%systemroot%\Java\*.*
%systemroot%\system32\test\*.*
%systemroot%\system32\Rundll32\*.*
%systemroot%\AppPatch\Custom\*.*
%APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x
%PROGRAMFILES%\PC-Doctor\Downloads\*.*
%PROGRAMFILES%\Internet Explorer\*.tmp
%PROGRAMFILES%\Internet Explorer\*.dat
%USERPROFILE%\My Documents\*.exe
%USERPROFILE%\*.exe
%systemroot%\ADDINS\*.*
%systemroot%\assembly\*.bak2
%systemroot%\Config\*.*
%systemroot%\REPAIR\*.bak2
%systemroot%\SECURITY\Database\*.sdb /x
%systemroot%\SYSTEM\*.bak2
%systemroot%\Web\*.bak2
%systemroot%\Driver Cache\*.*
%PROGRAMFILES%\Mozilla Firefox\0*.exe
%ProgramFiles%\Microsoft Common\*.*
%ProgramFiles%\TinyProxy.
%USERPROFILE%\Favorites\*.url /x
%systemroot%\system32\*.bk
%systemroot%\*.te
%systemroot%\system32\system32\*.*
%ALLUSERSPROFILE%\*.dat /x
%systemroot%\system32\drivers\*.rmv
dir /b "%systemroot%\system32\*.exe" | find /i " " /c
dir /b "%systemroot%\*.exe" | find /i " " /c
%PROGRAMFILES%\Microsoft\*.*
%systemroot%\System32\Wbem\proquota.exe
%PROGRAMFILES%\Mozilla Firefox\*.dat
%USERPROFILE%\Cookies\*.txt /x
%SystemRoot%\system32\fonts\*.*
%systemroot%\system32\winlog\*.*
%systemroot%\system32\Language\*.*
%systemroot%\system32\Settings\*.*
%systemroot%\system32\*.quo
%SYSTEMROOT%\AppPatch\*.exe
%SYSTEMROOT%\inf\*.exe
%SYSTEMROOT%\Installer\*.exe
%systemroot%\system32\config\*.bak2
%systemroot%\system32\Computers\*.*
%SystemRoot%\system32\Sound\*.*
%SystemRoot%\system32\SpecialImg\*.*
%SystemRoot%\system32\code\*.*
%SystemRoot%\system32\draft\*.*
%SystemRoot%\system32\MSSSys\*.*
%ProgramFiles%\Javascript\*.*
%systemroot%\pchealth\helpctr\System\*.exe /s
%systemroot%\Web\*.exe
%systemroot%\system32\msn\*.*
%systemroot%\system32\*.tro
%AppData%\Microsoft\Installer\msupdates\*.*
%ProgramFiles%\Messenger\*.*
%systemroot%\system32\systhem32\*.*
%systemroot%\system\*.exe
HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs
/md5start
/md5stop

Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
When the scan completes, it will open two notepad windows: OTL.txt and Extras.txt. These are saved in the same location as OTL.
Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post them back here.

clyde85 · Apr 14, 2011

OTL.Txt:

OTL logfile created on: 4/15/2011 11:22:32 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\St.Michael\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 533.00 Mb Available Physical Memory | 53.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): D:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 29.28 Gb Total Space | 3.98 Gb Free Space | 13.58% Space Free | Partition Type: FAT32
Drive D: | 97.65 Gb Total Space | 3.47 Gb Free Space | 3.55% Space Free | Partition Type: NTFS
Drive E: | 105.93 Gb Total Space | 7.71 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

Computer Name: CLYDE | User Name: St.Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/15 11:19:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\St.Michael\Desktop\OTL.exe
PRC - [2011/04/15 09:08:53 | 000,352,256 | ---- | M] (Faronics Corporation) -- D:\Program Files\Faronics\Deep Freeze\Install D-0\_$Df\FrzState2k.exe
PRC - [2011/04/01 18:11:50 | 002,651,992 | ---- | M] (Garena Online PTE LTD) -- E:\Program Files\Garena\Garena.exe
PRC - [2011/03/29 09:11:25 | 000,399,736 | ---- | M] (BitTorrent, Inc.) -- E:\Program Files\uTorrent.exe
PRC - [2011/03/22 05:10:00 | 001,230,704 | ---- | M] () -- D:\Program Files\DivX\DivX Update\DivXUpdate.exe
PRC - [2009/01/26 23:31:16 | 002,144,088 | RHS- | M] (Safer Networking Limited) -- E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
PRC - [2008/07/30 20:34:12 | 000,566,592 | ---- | M] (Apple Inc.) -- D:\Program Files\Apple Software Update\SoftwareUpdate.exe
PRC - [2008/02/20 11:08:46 | 000,472,320 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe
PRC - [2008/02/20 11:06:58 | 001,443,072 | ---- | M] (ESET) -- D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe
PRC - [2007/09/02 13:58:52 | 000,495,616 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.exe
PRC - [2006/01/13 09:46:46 | 001,075,200 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\explorer.exe
PRC - [2004/08/08 19:45:12 | 000,308,224 | ---- | M] (Faronics Corporation) -- D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe

========== Modules (SafeList) ==========

MOD - [2011/04/15 11:19:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\St.Michael\Desktop\OTL.exe
MOD - [2007/09/02 13:57:36 | 000,069,632 | ---- | M] () -- D:\Program Files\RocketDock\RocketDock.dll
MOD - [2006/01/13 09:40:58 | 001,852,928 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\AppPatch\AcGenral.dll
MOD - [2006/01/13 09:21:03 | 000,071,680 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\system32\msacm32.dll
MOD - [2006/01/13 09:10:05 | 001,053,696 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2649_x-ww_aac16c8b\comctl32.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (wuauserv)
SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2008/02/20 11:14:52 | 000,019,200 | ---- | M] (ESET) [On_Demand | Stopped] -- D:\Program Files\ESET\ESET NOD32 Antivirus\EHttpSrv.exe -- (EhttpSrv)
SRV - [2008/02/20 11:08:46 | 000,472,320 | ---- | M] (ESET) [Auto | Running] -- D:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe -- (ekrn)
SRV - [2007/01/31 21:55:42 | 000,096,370 | ---- | M] (Canon Inc.) [Auto | Stopped] -- D:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2006/01/13 09:27:25 | 000,003,584 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- D:\WINDOWS\System32\regedt32.exe -- (NOD32FiXTemDono)
SRV - [2004/08/08 19:45:12 | 000,308,224 | ---- | M] (Faronics Corporation) [Auto | Running] -- D:\Program Files\Faronics\Deep Freeze\Install D-0\DF5Serv.exe -- (DF5Serv)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (GGSAFERDriver)
DRV - [2010/05/11 02:41:30 | 000,067,656 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\SASKUTIL.SYS -- (SASKUTIL)
DRV - [2010/02/18 02:25:48 | 000,012,872 | ---- | M] (SUPERAdBlocker.com and SUPERAntiSpyware.com) [Kernel | System | Running] -- D:\Program Files\SUPERAntiSpyware\sasdifsv.sys -- (SASDIFSV)
DRV - [2008/02/20 11:11:16 | 000,033,800 | ---- | M] () [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\epfwtdir.sys -- (epfwtdir)
DRV - [2008/02/20 11:02:22 | 000,029,704 | ---- | M] (ESET) [Kernel | System | Running] -- D:\WINDOWS\system32\drivers\easdrv.sys -- (easdrv)
DRV - [2008/02/20 11:01:30 | 000,039,944 | ---- | M] (ESET) [Kernel | Auto | Running] -- D:\WINDOWS\system32\drivers\eamon.sys -- (eamon)
DRV - [2008/01/16 09:12:39 | 000,098,944 | R--- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\Rtenicxp.sys -- (RTLE8023xp)
DRV - [2006/09/12 19:27:00 | 004,381,184 | R--- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- D:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2004/08/08 19:43:12 | 000,093,568 | ---- | M] (Faronics Corporation) [Kernel | Boot | Running] -- D:\WINDOWS\System32\drivers\DeepFrz.sys -- (DeepFrz)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKU\S-1-5-21-1085031214-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-1085031214-343818398-725345543-1003\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "google.com"
FF - prefs.js..network.proxy.no_proxies_on: "*.local"
FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Firefox\extensions\\{23fcfd51-4958-4f00-80a3-ae97e717ed8b}: D:\Program Files\DivX\DivX Plus Web Player\firefox\html5video [2011/03/25 09:16:56 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{6904342A-8307-11DF-A508-4AE2DFD72085}: D:\Program Files\DivX\DivX Plus Web Player\firefox\wpa [2011/03/25 09:16:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: D:\Program Files\Mozilla Firefox\components [2011/04/08 09:00:59 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: D:\Program Files\Mozilla Firefox\plugins [2009/02/27 11:09:37 | 000,000,000 | ---D | M]

[2011/04/08 09:01:45 | 000,000,000 | ---D | M] (No name found) -- D:\Documents and Settings\St.Michael\Application Data\Mozilla\Extensions
[2011/04/08 09:00:59 | 000,000,000 | ---D | M] (No name found) -- D:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2010/04/01 09:48:45 | 000,000,000 | ---D | M] (Java Quick Starter) -- D:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/03/19 01:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- D:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 16:00:00 | 000,002,252 | ---- | M] () -- D:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/05 11:28:01 | 000,000,027 | ---- | M]) - D:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DivX Plus Web Player HTML5 <video>) - {326E768D-4182-46FD-9C16-1449A49795F4} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DivX HiQ) - {593DDEC6-7468-4cdd-90E1-42DADAA222E9} - D:\Program Files\DivX\DivX Plus Web Player\npdivx32.dll (DivX, LLC)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O3 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [DivXUpdate] D:\Program Files\DivX\DivX Update\DivXUpdate.exe ()
O4 - HKLM..\Run: [egui] D:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe (ESET)
O4 - HKU\S-1-5-21-1085031214-343818398-725345543-1003..\Run: [RocketDock] D:\Program Files\RocketDock\RocketDock.exe ()
O4 - HKU\S-1-5-21-1085031214-343818398-725345543-1003..\Run: [SpybotSD TeaTimer] E:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer Networking Limited)
O4 - HKU\.DEFAULT..\RunOnce: [nlsf] D:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\.DEFAULT..\RunOnce: [tscuninstall] D:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [nlsf] D:\WINDOWS\System32\cmd.exe (Microsoft Corporation)
O4 - HKU\S-1-5-18..\RunOnce: [tscuninstall] D:\WINDOWS\system32\tscupgrd.exe (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRemoteRecursiveEvents = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoInternetIcon = 0
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSaveSettings = 0
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Main present
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\Software\Policies\Microsoft\Internet Explorer\Toolbars present
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLowDiskSpaceChecks = 1
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoLogoff = 0
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - D:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - E:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - D:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} D:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/flashplayer/current/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 208.67.222.222 208.67.220.220
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - D:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - D:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - D:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O20 - Winlogon\Notify\DfLogon: DllName - LogonDll.dll - D:\WINDOWS\System32\LogonDll.dll ()
O24 - Desktop WallPaper: D:\Documents and Settings\St.Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: D:\Documents and Settings\St.Michael\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - D:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2009/01/12 11:52:56 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk /k:C /k

/k:E *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: wuauserv - File not found

Drivers32: msacm.iac2 - D:\WINDOWS\System32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.imc - D:\WINDOWS\System32\IMC32.acm (Intel Corporation)
Drivers32: msacm.l3acm - D:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3codecp - D:\WINDOWS\System32\l3codecp.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - D:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - D:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - D:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)
Drivers32: VIDC.i263 - D:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.I420 - D:\WINDOWS\System32\I263_32.drv (Intel Corporation)
Drivers32: vidc.iv31 - D:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: vidc.iv32 - D:\WINDOWS\System32\Ir32_32.dll ()
Drivers32: VIDC.IV40 - D:\WINDOWS\System32\Ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv41 - D:\WINDOWS\System32\Ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - D:\WINDOWS\System32\Ir50_32.dll (Ligos Corporation)
Drivers32: vidc.tscc - D:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.VP60 - D:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: VIDC.VP61 - D:\WINDOWS\System32\vp6vfw.dll (On2.com)
Drivers32: vidc.VP70 - D:\WINDOWS\System32\vp7vfw.dll (On2.com)
Drivers32: VIDC.wmv3 - D:\WINDOWS\System32\WMV9VCM.dll (Microsoft Corporation)
Drivers32: vidc.XVID - D:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: vidc.yv12 - D:\WINDOWS\System32\DivX.dll (DivX, Inc.)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (58278930930466816)

========== Files/Folders - Created Within 30 Days ==========

[2011/04/15 11:18:42 | 000,580,608 | ---- | C] (OldTimer Tools) -- D:\Documents and Settings\St.Michael\Desktop\OTL.exe
[2011/04/15 00:14:59 | 000,000,000 | RH-D | C] -- D:\Documents and Settings\St.Michael\Recent
[2011/04/14 19:13:24 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\SecTaskMan
[2011/04/13 16:47:19 | 000,000,000 | -HSD | C] -- D:\RECYCLER
[2011/04/13 09:12:19 | 000,000,000 | ---D | C] -- D:\ComboFix
[2011/04/13 09:11:10 | 000,000,000 | R--D | C] -- D:\32788R22FWJFW
[2011/04/13 09:05:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\St.Michael\Desktop\Logs
[2011/04/10 16:49:48 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Start Menu\Programs\DivX Plus
[2011/04/06 08:27:51 | 000,000,000 | ---D | C] -- D:\Program Files\SUPERAntiSpyware
[2011/04/05 10:11:12 | 000,000,000 | --SD | C] -- D:\Documents and Settings\St.Michael\UserData
[2011/04/05 10:01:26 | 000,212,480 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWXCACLS.exe
[2011/04/05 10:01:26 | 000,161,792 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWREG.exe
[2011/04/05 10:01:26 | 000,136,704 | ---- | C] (SteelWerX) -- D:\WINDOWS\SWSC.exe
[2011/04/05 10:01:26 | 000,031,232 | ---- | C] (NirSoft) -- D:\WINDOWS\NIRCMD.exe
[2011/04/05 10:01:21 | 000,000,000 | ---D | C] -- D:\WINDOWS\ERDNT
[2011/04/05 10:00:26 | 000,000,000 | ---D | C] -- D:\Qoobox
[2011/03/25 08:58:37 | 000,000,000 | ---D | C] -- D:\Documents and Settings\All Users\Application Data\DivX
[2011/03/17 17:03:15 | 000,172,032 | ---- | C] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- D:\WINDOWS\System32\AniGIF.ocx
[1 D:\Documents and Settings\St.Michael\*.tmp files -> D:\Documents and Settings\St.Michael\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/15 11:22:09 | 000,000,284 | ---- | M] () -- D:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/15 11:19:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\St.Michael\Desktop\OTL.exe
[2011/04/15 11:16:34 | 000,002,205 | ---- | M] () -- D:\Documents and Settings\St.Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/04/15 11:16:26 | 000,000,116 | ---- | M] () -- D:\WINDOWS\NeroDigital.ini
[2011/04/15 09:21:24 | 000,046,706 | ---- | M] () -- D:\Documents and Settings\St.Michael\Application Data\room.dat
[2011/04/15 09:09:53 | 000,054,156 | -H-- | M] () -- D:\WINDOWS\QTFont.qfn
[2011/04/14 18:38:08 | 000,595,300 | ---- | M] () -- D:\Documents and Settings\St.Michael\Desktop\zsmj anti mage.w3g
[2011/04/14 17:43:46 | 000,075,264 | ---- | M] () -- D:\Documents and Settings\St.Michael\Desktop\SystemLook.exe
[2011/04/14 16:36:27 | 000,211,456 | ---- | M] () -- D:\Documents and Settings\St.Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2011/04/13 18:37:53 | 000,062,920 | ---- | M] () -- D:\Documents and Settings\St.Michael\Desktop\428414.zip
[2011/04/13 09:22:27 | 001,006,778 | ---- | M] () -- D:\Documents and Settings\St.Michael\Desktop\rkill.scr
[2011/04/13 09:07:35 | 004,319,795 | R--- | M] () -- D:\Documents and Settings\St.Michael\Desktop\ComboFix.exe
[2011/04/13 09:03:36 | 000,080,384 | ---- | M] () -- D:\Documents and Settings\St.Michael\Desktop\MBRCheck.exe
[2011/04/13 08:57:24 | 000,002,206 | ---- | M] () -- D:\WINDOWS\System32\wpa.dbl
[2011/04/08 09:01:00 | 000,000,753 | ---- | M] () -- D:\Documents and Settings\St.Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/05 11:28:01 | 000,000,027 | ---- | M] () -- D:\WINDOWS\System32\drivers\etc\hosts
[2011/04/03 18:32:35 | 000,000,808 | ---- | M] () -- D:\Documents and Settings\All Users\Desktop\YouTube Downloader.lnk
[2011/03/25 15:30:05 | 000,060,417 | ---- | M] () -- E:\My Documents\423246.zip
[2011/03/25 15:27:21 | 000,000,022 | ---- | M] () -- E:\My Documents\423127.zip
[2011/03/23 05:42:03 | 000,540,191 | ---- | M] () -- E:\My Documents\DM No. 106, s. 2010.pdf
[2011/03/23 05:39:52 | 000,295,792 | ---- | M] () -- E:\My Documents\000.jpg
[2011/03/22 05:53:26 | 000,298,867 | ---- | M] () -- E:\My Documents\DO No. 26, s. 2010.pdf
[2011/03/20 11:10:23 | 000,171,066 | ---- | M] () -- E:\My Documents\DM-No.-078-s.-2011.pdf
[2011/03/19 18:23:43 | 001,424,380 | ---- | M] () -- E:\My Documents\2155512_Germany_Denmark.w3g
[2011/03/17 17:03:15 | 000,172,032 | ---- | M] (Jin Hui E-mail: jinhui@jcomsoft.com Web: http://www.jcomsoft.com) -- D:\WINDOWS\System32\AniGIF.ocx
[1 D:\Documents and Settings\St.Michael\*.tmp files -> D:\Documents and Settings\St.Michael\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/14 18:37:03 | 000,595,300 | ---- | C] () -- D:\Documents and Settings\St.Michael\Desktop\zsmj anti mage.w3g
[2011/04/14 17:43:41 | 000,075,264 | ---- | C] () -- D:\Documents and Settings\St.Michael\Desktop\SystemLook.exe
[2011/04/13 18:37:52 | 000,062,920 | ---- | C] () -- D:\Documents and Settings\St.Michael\Desktop\428414.zip
[2011/04/13 09:21:58 | 001,006,778 | ---- | C] () -- D:\Documents and Settings\St.Michael\Desktop\rkill.scr
[2011/04/13 09:06:05 | 004,319,795 | R--- | C] () -- D:\Documents and Settings\St.Michael\Desktop\ComboFix.exe
[2011/04/13 09:03:36 | 000,080,384 | ---- | C] () -- D:\Documents and Settings\St.Michael\Desktop\MBRCheck.exe
[2011/04/08 09:01:00 | 000,000,753 | ---- | C] () -- D:\Documents and Settings\St.Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/06 15:39:43 | 000,046,706 | ---- | C] () -- D:\Documents and Settings\St.Michael\Application Data\room.dat
[2011/04/05 10:01:26 | 000,256,512 | ---- | C] () -- D:\WINDOWS\PEV.exe
[2011/04/05 10:01:26 | 000,098,816 | ---- | C] () -- D:\WINDOWS\sed.exe
[2011/04/05 10:01:26 | 000,089,088 | ---- | C] () -- D:\WINDOWS\MBR.exe
[2011/04/05 10:01:26 | 000,080,412 | ---- | C] () -- D:\WINDOWS\grep.exe
[2011/04/05 10:01:26 | 000,068,096 | ---- | C] () -- D:\WINDOWS\zip.exe
[2011/03/25 15:30:05 | 000,060,417 | ---- | C] () -- E:\My Documents\423246.zip
[2011/03/25 15:27:14 | 000,000,022 | ---- | C] () -- E:\My Documents\423127.zip
[2011/03/23 05:43:19 | 000,540,191 | ---- | C] () -- E:\My Documents\DM No. 106, s. 2010.pdf
[2011/03/23 05:39:52 | 000,295,792 | ---- | C] () -- E:\My Documents\000.jpg
[2011/03/22 05:53:26 | 000,298,867 | ---- | C] () -- E:\My Documents\DO No. 26, s. 2010.pdf
[2011/03/20 11:11:57 | 000,171,066 | ---- | C] () -- E:\My Documents\DM-No.-078-s.-2011.pdf
[2011/03/19 18:23:43 | 001,424,380 | ---- | C] () -- E:\My Documents\2155512_Germany_Denmark.w3g
[2011/03/04 09:49:57 | 000,005,036 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
[2010/04/11 09:24:03 | 000,000,671 | ---- | C] () -- D:\Documents and Settings\St.Michael\Application Data\vso_ts_preview.xml
[2009/05/13 16:59:27 | 000,000,056 | -H-- | C] () -- D:\WINDOWS\System32\ezsidmv.dat
[2009/03/02 02:56:08 | 000,000,151 | ---- | C] () -- D:\WINDOWS\PhotoSnapViewer.INI
[2009/02/27 19:28:25 | 000,040,552 | -H-- | C] () -- D:\WINDOWS\System32\mlfcache.dat
[2009/01/30 04:27:16 | 000,211,456 | ---- | C] () -- D:\Documents and Settings\St.Michael\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/01/13 00:14:14 | 000,000,000 | ---- | C] () -- D:\WINDOWS\nsreg.dat
[2009/01/12 23:36:25 | 000,049,152 | ---- | C] () -- D:\WINDOWS\System32\LogonDll.dll
[2009/01/12 23:12:11 | 000,000,116 | ---- | C] () -- D:\WINDOWS\NeroDigital.ini
[2009/01/12 20:53:06 | 000,147,456 | R--- | C] () -- D:\WINDOWS\System32\igfxCoIn_v4885.dll
[2009/01/12 19:59:44 | 000,000,376 | ---- | C] () -- D:\WINDOWS\ODBC.INI
[2009/01/12 19:54:07 | 000,002,048 | --S- | C] () -- D:\WINDOWS\bootstet.dat
[2009/01/12 19:53:39 | 000,107,132 | ---- | C] () -- D:\WINDOWS\UninstallFirefox.exe
[2009/01/12 19:53:38 | 000,002,293 | ---- | C] () -- D:\WINDOWS\mozver.dat
[2009/01/12 19:50:23 | 000,021,640 | ---- | C] () -- D:\WINDOWS\System32\emptyregdb.dat
[2009/01/12 19:42:37 | 000,004,161 | ---- | C] () -- D:\WINDOWS\ODBCINST.INI
[2009/01/12 19:40:11 | 000,177,856 | ---- | C] () -- D:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/20 11:11:16 | 000,033,800 | ---- | C] () -- D:\WINDOWS\System32\drivers\epfwtdir.sys
[2006/01/13 10:05:28 | 013,107,200 | ---- | C] () -- D:\WINDOWS\System32\oembios.bin
[2006/01/13 10:02:21 | 000,180,224 | ---- | C] () -- D:\WINDOWS\System32\xvidvfw.dll
[2006/01/13 10:01:02 | 000,004,463 | ---- | C] () -- D:\WINDOWS\System32\oembios.dat
[2006/01/13 09:59:43 | 000,001,788 | ---- | C] () -- D:\WINDOWS\System32\Dcache.bin
[2006/01/13 09:55:15 | 000,081,920 | ---- | C] () -- D:\WINDOWS\System32\ieencode.dll
[2006/01/13 09:55:02 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\ogg.dll
[2006/01/13 09:54:15 | 000,012,288 | ---- | C] () -- D:\WINDOWS\System32\VCdControlTool.exe
[2006/01/13 09:52:59 | 000,061,440 | ---- | C] () -- D:\WINDOWS\System32\CopyToSendTo.dll
[2006/01/13 09:52:17 | 000,984,576 | ---- | C] () -- D:\WINDOWS\System32\syssetup.dll
[2006/01/13 09:52:17 | 000,745,472 | ---- | C] () -- D:\WINDOWS\System32\xvidcore.dll
[2006/01/13 09:50:12 | 000,000,741 | ---- | C] () -- D:\WINDOWS\System32\noise.dat
[2006/01/13 09:44:46 | 000,080,003 | ---- | C] () -- D:\WINDOWS\System32\GSpot25.dat
[2006/01/13 09:44:08 | 000,218,003 | ---- | C] () -- D:\WINDOWS\System32\dssec.dat
[2006/01/13 09:40:44 | 001,163,264 | ---- | C] () -- D:\WINDOWS\System32\vorbis.dll
[2006/01/13 09:40:28 | 001,040,384 | ---- | C] () -- D:\WINDOWS\System32\vorbisenc.dll
[2006/01/13 09:39:44 | 000,272,128 | ---- | C] () -- D:\WINDOWS\System32\perfi009.dat
[2006/01/13 09:39:43 | 000,058,800 | ---- | C] () -- D:\WINDOWS\System32\perfc009.dat
[2006/01/13 09:39:41 | 000,392,626 | ---- | C] () -- D:\WINDOWS\System32\perfh009.dat
[2006/01/13 09:39:41 | 000,028,626 | ---- | C] () -- D:\WINDOWS\System32\perfd009.dat
[2006/01/13 09:39:33 | 000,077,824 | ---- | C] () -- D:\WINDOWS\System32\vorbisfile.dll
[2006/01/13 09:38:40 | 000,394,240 | ---- | C] () -- D:\WINDOWS\System32\HMTCD.dll
[2006/01/13 09:35:46 | 000,008,636 | ---- | C] () -- D:\WINDOWS\modifyPE.exe
[2006/01/13 09:33:47 | 000,237,568 | ---- | C] () -- D:\WINDOWS\System32\OggDS.dll
[2006/01/13 09:33:47 | 000,000,609 | ---- | C] () -- D:\WINDOWS\System32\OEMinfo.ini
[2006/01/13 09:30:44 | 000,031,232 | ---- | C] () -- D:\WINDOWS\System32\cmdow.exe
[2006/01/13 09:25:46 | 000,152,576 | ---- | C] () -- D:\WINDOWS\System32\makecab.exe
[2006/01/13 09:23:56 | 000,046,258 | ---- | C] () -- D:\WINDOWS\System32\mib.bin
[2006/01/13 09:15:59 | 000,673,088 | ---- | C] () -- D:\WINDOWS\System32\mlang.dat
[2006/01/13 09:15:31 | 000,114,688 | ---- | C] () -- D:\WINDOWS\System32\cabarc.exe
[2006/01/13 09:14:52 | 000,004,569 | ---- | C] () -- D:\WINDOWS\System32\secupd.dat
[2003/01/07 23:05:08 | 000,002,695 | ---- | C] () -- D:\WINDOWS\System32\OUTLPERF.INI
[2002/10/16 06:54:04 | 000,153,088 | ---- | C] () -- D:\WINDOWS\System32\unrar.dll
[2002/05/16 07:38:40 | 000,091,136 | ---- | C] () -- D:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2009/02/15 18:08:04 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Azureus
[2009/05/13 17:11:20 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\ESET
[2009/03/01 01:31:18 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Graboid Inc
[2011/04/15 11:17:12 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\SecTaskMan
[2009/02/27 19:41:43 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\TechSmith
[2011/04/04 08:43:00 | 000,000,000 | ---D | M] -- D:\Documents and Settings\All Users\Application Data\Temp
[2009/01/30 04:28:05 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\Any Video Converter
[2010/10/24 11:59:01 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\AoboBlocker
[2009/07/18 16:57:10 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\Azureus
[2009/02/27 19:32:50 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\Foxit
[2011/03/05 14:13:47 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\IObit
[2009/06/12 17:22:34 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\LimeWire
[2011/04/15 11:23:56 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\uTorrent
[2010/04/11 09:27:41 | 000,000,000 | ---D | M] -- D:\Documents and Settings\St.Michael\Application Data\Vso

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/01/13 10:02:21 | 000,000,126 | ---- | M] () -- D:\cleanup.cmd
[2011/04/13 09:17:11 | 000,009,400 | ---- | M] () -- D:\ComboFix.txt
[2011/04/15 09:08:49 | 4194,304,000 | -HS- | M] () -- D:\pagefile.sys
[2009/01/12 23:36:22 | 007,924,794 | ---- | M] () -- D:\Persi0.sys
[2011/04/13 09:23:28 | 000,000,359 | ---- | M] () -- D:\rkill.log

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/01/12 19:52:40 | 000,000,067 | -HS- | M] () -- D:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >
[2006/01/13 09:25:56 | 000,346,155 | ---- | M] () -- D:\WINDOWS\system32\vista.jpg

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/01/12 19:39:16 | 000,094,208 | ---- | M] () -- D:\WINDOWS\system32\config\default.sav
[2009/01/12 19:39:16 | 000,655,360 | ---- | M] () -- D:\WINDOWS\system32\config\software.sav
[2009/01/12 19:39:16 | 000,782,336 | ---- | M] () -- D:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/01/12 19:53:00 | 000,000,294 | -HS- | M] () -- D:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >
[1 D:\WINDOWS\system32\config\systemprofile\*.tmp files -> D:\WINDOWS\system32\config\systemprofile\*.tmp -> ]

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/01/12 20:01:47 | 000,000,119 | -HS- | M] () -- D:\Documents and Settings\St.Michael\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini

< %USERPROFILE%\Desktop\*.exe >
[2011/04/13 09:07:35 | 004,319,795 | R--- | M] () -- D:\Documents and Settings\St.Michael\Desktop\ComboFix.exe
[2011/04/13 09:03:36 | 000,080,384 | ---- | M] () -- D:\Documents and Settings\St.Michael\Desktop\MBRCheck.exe
[2011/04/15 11:19:28 | 000,580,608 | ---- | M] (OldTimer Tools) -- D:\Documents and Settings\St.Michael\Desktop\OTL.exe
[2011/04/14 17:43:46 | 000,075,264 | ---- | M] () -- D:\Documents and Settings\St.Michael\Desktop\SystemLook.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/01/12 20:01:46 | 000,000,122 | -HS- | M] () -- D:\Documents and Settings\St.Michael\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >
[2010/01/30 18:27:26 | 000,000,406 | RHS- | M] () -- D:\Documents and Settings\All Users\ntuser.pol

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/04/15 11:17:28 | 000,032,768 | ---- | M] () -- D:\Documents and Settings\St.Michael\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2006/01/13 09:54:29 | 000,192,512 | ---- | M] (Microsoft Corporation) -- D:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >

========== Files - Unicode (All) ==========
[2011/04/08 14:07:22 | 000,531,438 | ---- | M] ()(E:\My Documents\110324-DOTA_[CDEC]Mix vs Pis+????_SG.w3g) -- E:\My Documents\110324-DOTA_[CDEC]Mix vs Pis+国士无双_SG.w3g
[2011/04/08 14:07:22 | 000,531,438 | ---- | C] ()(E:\My Documents\110324-DOTA_[CDEC]Mix vs Pis+????_SG.w3g) -- E:\My Documents\110324-DOTA_[CDEC]Mix vs Pis+国士无双_SG.w3g

========== Alternate Data Streams ==========

@Alternate Data Stream - 16 bytes -> E:\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\Temp:553CA6CA
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Application Data\Temp:2B11E0DF

< End of report >

clyde85 · Apr 14, 2011

Extras.Txt:

OTL Extras logfile created on: 4/15/2011 11:22:32 AM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = D:\Documents and Settings\St.Michael\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,012.00 Mb Total Physical Memory | 533.00 Mb Available Physical Memory | 53.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 89.00% Paging File free
Paging file location(s): D:\pagefile.sys 4000 4000 [binary data]

%SystemDrive% = D: | %SystemRoot% = D:\WINDOWS | %ProgramFiles% = D:\Program Files
Drive C: | 29.28 Gb Total Space | 3.98 Gb Free Space | 13.58% Space Free | Partition Type: FAT32
Drive D: | 97.65 Gb Total Space | 3.47 Gb Free Space | 3.55% Space Free | Partition Type: NTFS
Drive E: | 105.93 Gb Total Space | 7.71 Gb Free Space | 7.27% Space Free | Partition Type: NTFS

Computer Name: CLYDE | User Name: St.Michael | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = SafariHTML] -- D:\Program Files\Safari\Safari.exe (Apple Inc.)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-1085031214-343818398-725345543-1003\SOFTWARE\Classes\<extension>]
.html [@ = SafariHTML] -- D:\Program Files\Safari\Safari.exe (Apple Inc.)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
https [open] -- "D:\Program Files\Safari\Safari.exe" -url "%1" (Apple Inc.)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled

xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled

xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled

xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"D:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = D:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"D:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe" = D:\Program Files\CyberLink\PowerDVD8\PowerDVD8.exe:*:Enabled:CyberLink PowerDVD 8.0 -- (CyberLink Corp.)
"E:\Program Files\uTorrent.exe" = E:\Program Files\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{196BB40D-1578-3D01-B289-BEFC77A11A1E}" = Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319
"{1a413f37-ed88-4fec-9666-5c48dc4b7bb7}" = YouTube Downloader 2.7.1
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216019FF}" = Java(TM) 6 Update 24
"{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{49253DE2-FC99-4BE3-99A4-DAB01A8E6088}" = Camtasia Studio 6
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{7B63B2922B174135AFC0E1377DD81EC2}" =
"{7CCEBC24-62DB-4280-A8EC-BFA49F167920}" = Software Update for Web Folders
"{7D974ACA-4EE5-412C-8E6A-A5B57B305727}" = ESET NOD32 Antivirus
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware
"{DD0DDC9E-2ED4-44DD-B461-0EFC126813A0}" = On2 VP7 Personal Edition
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"7-Zip" = 7-Zip 4.65
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 7.0" = Adobe Photoshop 7.0
"Any Video Converter_is1" = Any Video Converter 2.5.2
"AVI Movie Player" = AVI Movie Player
"CAL" = Canon Camera Access Library
"CameraUserGuide-PSA470" = Canon PowerShot A470 Camera User Guide
"CameraWindowDC" = Canon Utilities CameraWindow DC
"CameraWindowDVC5" = Canon Utilities CameraWindow DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Utilities CameraWindow DC_DV 6 for ZoomBrowser EX
"CameraWindowLauncher" = Canon Utilities CameraWindow
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"CCleaner" = CCleaner
"Chikka Messenger V4" = Chikka Messenger V4
"CSCLIB" = Canon Camera Support Core Library
"DirectPrintUserGuide" = Canon Direct Print User Guide
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"DivX Setup.divx.com" = DivX Setup
"EOS Utility" = Canon Utilities EOS Utility
"Eset NOD32 v3.0.642 FiX1.2 by TemDono_is1" = NOD32 v3.0.642 FiX1.2 by TemDono (31 days remaining forever up
"Foxit Reader" = Foxit Reader
"Garena" = Garena 2010
"HDMI" = Intel(R) Graphics Media Accelerator Driver
"InstallShield_{2BF2E31F-B8BB-40A7-B650-98D28E0F7D47}" = CyberLink PowerDVD 8
"LimeWire" = LimeWire 4.18.8
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"mIRC" = mIRC
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MyCamera" = Canon Utilities MyCamera
"MyCameraDC" = Canon Utilities MyCamera DC
"NeroMultiInstaller!UninstallKey" = Nero Suite
"PhotoStitch" = Canon Utilities PhotoStitch
"QuicktimeAlt_is1" = QuickTime Alternative 1.67
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RemoteCaptureTask" = Canon Utilities RemoteCapture Task for ZoomBrowser EX
"RocketDock_is1" = RocketDock 1.3.5
"Security Task Manager" = Security Task Manager 1.8c
"SoftwareStarterGuide-DCSD34" = Canon Digital Camera Solution Disk 34 Software Starter Guide
"uTorrent" = µTorrent
"VLC media player" = VideoLAN VLC media player 0.8.6d
"VobSub" = VobSub v2.23 (Remove Only)
"Win AVI HelixSDK_is1" = Win AVI HelixSDK
"Winamp" = Winamp
"WinAVI Video Converter_is1" = WinAVI Video Converter
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"YInstHelper" = Yahoo! Install Manager
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX
"ZoomBrowser EX Memory Card Utility" = Canon ZoomBrowser EX Memory Card Utility

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2011 6:14:13 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting
module unknown, version 0.0.0.0, fault address 0x043466c0.

Error - 4/3/2011 6:14:35 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application drwtsn32.exe, version 5.1.2600.0, faulting module
dbghelp.dll, version 5.1.2600.2180, fault address 0x0001295d.

Error - 4/3/2011 7:38:52 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 4.531.9.1, faulting module
accelerator.dll, version 3.2.2.4, fault address 0x0010e122.

Error - 4/6/2011 3:34:22 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting
module DivXDec.ax, version 7.1.1.14, fault address 0x000c6708.

Error - 4/6/2011 7:38:30 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting
module unknown, version 0.0.0.0, fault address 0x03b566c0.

Error - 4/7/2011 12:15:42 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting
module unknown, version 0.0.0.0, fault address 0x04639290.

Error - 4/7/2011 1:35:02 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting
module unknown, version 0.0.0.0, fault address 0x04129290.

Error - 4/7/2011 6:14:07 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting
module unknown, version 0.0.0.0, fault address 0x04a49290.

Error - 4/13/2011 4:48:23 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application chikkalauncher.exe, version 1.0.0.23, faulting
module kernel32.dll, version 5.1.2600.2180, fault address 0x00009e9c.

Error - 4/13/2011 6:34:05 AM | Computer Name = CLYDE | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.2649, faulting
module unknown, version 0.0.0.0, fault address 0x04909290.

[ System Events ]
Error - 4/14/2011 1:21:26 AM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 4/14/2011 1:21:26 AM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 4/14/2011 4:05:03 AM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1058

Error - 4/14/2011 4:05:03 AM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 4/14/2011 4:05:03 AM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 4/14/2011 4:05:03 AM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

Error - 4/14/2011 9:09:03 PM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7001
Description = The Canon Camera Access Library 8 service depends on the Windows Image
Acquisition (WIA) service which failed to start because of the following error:
%%1058

Error - 4/14/2011 9:09:03 PM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the Eset Nod32 Boot service
to connect.

Error - 4/14/2011 9:09:03 PM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7000
Description = The Eset Nod32 Boot service failed to start due to the following error:
%%1053

Error - 4/14/2011 9:09:03 PM | Computer Name = CLYDE | Source = Service Control Manager | ID = 7023
Description = The Automatic Updates service terminated with the following error:
%%126

< End of report >

Broni · Apr 15, 2011

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O3 - HKU\S-1-5-21-1085031214-343818398-725345543-1003\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O16 - DPF: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA} Reg Error: Value error. (Reg Error: Value error.)
[1 D:\Documents and Settings\St.Michael\*.tmp files -> D:\Documents and Settings\St.Michael\*.tmp -> ]
[2011/03/04 09:49:57 | 000,005,036 | ---- | C] () -- D:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk
@Alternate Data Stream - 16 bytes -> E:\My Documents\Shareaza Downloads:Shareaza.GUID
@Alternate Data Stream - 125 bytes -> D:\Documents and Settings\All Users\Application Data\Temp:553CA6CA
@Alternate Data Stream - 112 bytes -> D:\Documents and Settings\All Users\Application Data\Temp:2B11E0DF


:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

================================================================

Last scans....

1. Download Security Check from HERE, and save it to your Desktop.

Double-click SecurityCheck.exe
Follow the onscreen instructions inside of the black box.
A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE SecurityCheck may produce some false warning(s), so leave the results reading to me.

2. Download Temp File Cleaner (TFC)

Double click on TFC.exe to run the program.
Click on Start button to begin cleaning process.
TFC will close all running programs, and it may ask you to restart computer.

3. Please run a free online scan with the ESET Online Scanner

Disable your antivirus program
Tick the box next to YES, I accept the Terms of Use
Click Start
IMPORTANT! UN-check Remove found threats
Accept any security warnings from your browser.
Check Scan archives
Click Start
ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
When the scan completes, push List of found threats
Click on Export to text file , and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
NOTE. If Eset won't find any threats, it won't produce any log.

clyde85 · Apr 15, 2011

OTL Log File:

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_USERS\S-1-5-21-1085031214-343818398-725345543-1003\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EF99BD32-C1FB-11D2-892F-0090271D4F88} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}\ not found.
D:\Documents and Settings\St.Michael\7zS183A.tmp\adt.xpi deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\browser.xpi deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\config.ini deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\en-US.xpi deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\install.ini deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\license.txt deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\setup.exe deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\setuprsc.dll deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\talkback.xpi deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\UninstallFirefox.zip deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp\xpcom.xpi deleted successfully.
D:\Documents and Settings\St.Michael\7zS183A.tmp folder deleted successfully.
D:\Documents and Settings\All Users\Application Data\ihfeumzb.qzk moved successfully.
ADS E:\My Documents\Shareaza Downloads:Shareaza.GUID deleted successfully.
ADS D:\Documents and Settings\All Users\Application Data\Temp:553CA6CA deleted successfully.
ADS D:\Documents and Settings\All Users\Application Data\Temp:2B11E0DF deleted successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: St.Michael
->Temp folder emptied: 864974 bytes
->Temporary Internet Files folder emptied: 2621269 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 105547776 bytes
->Flash cache emptied: 1785 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 38891644 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 129065 bytes

Total Files Cleaned = 141.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: St.Michael
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04152011_163039

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\Perflib_Perfdata_204.dat not found!

Registry entries deleted on Reboot...

clyde85 · Apr 15, 2011

SecurityCheck Log File:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 2
Out of date service pack!!
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
ESET NOD32 Antivirus
Antivirus up to date!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
CCleaner
Java(TM) 6 Update 24
Out of date Java installed!
Adobe Flash Player 10.2.153.1
Mozilla Firefox (x86 en-US..) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
``````````End of Log````````````

clyde85 · Apr 15, 2011

ESET Online Scanner Log File:

D:\Installers\DivX.Pro.v7.0.0.Incl.Keygen.FFF.rar a variant of Win32/Keygen.AJ application
D:\System Volume Information\_restore{9FE2AC2E-0831-418B-9100-1772A0708485}\RP34\A0013138.exe Win32/Adware.Webdir application
D:\System Volume Information\_restore{9FE2AC2E-0831-418B-9100-1772A0708485}\RP68\A0043505.exe probably a variant of Win32/Agent.JEULCIL trojan
E:\Installers\SweetImSetup.exe a variant of Win32/SweetIM.A application
E:\My Documents\Downloads\Completed\SketchUp.rar a variant of Win32/Keygen.AX application
E:\My Documents\Downloads\Completed\SketchUp\SketchUp5KeyGen.exe a variant of Win32/Keygen.AX application

Broni · Apr 15, 2011

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

Code:

:OTL

:Services

:Reg

:Files
D:\Installers\DivX.Pro.v7.0.0.Incl.Keygen.FFF.rar
E:\Installers\SweetImSetup.exe 
E:\My Documents\Downloads\Completed\SketchUp.rar 
E:\My Documents\Downloads\Completed\SketchUp\SketchUp5KeyGen.exe

:Commands
[purity]
[emptytemp]
[emptyflash]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
You will get a log that shows the results of the fix. Please post it.

======================================================================

Your computer is clean

1. We need to reset system restore to prevent your computer from being accidentally reinfected by using some old restore point(s). We'll create fresh, clean restore point, using following OTL script:

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following:

Code:

:OTL
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[CLEARALLRESTOREPOINTS]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Post resulting log.

2. Now, we'll remove all tools, we used during our cleaning process

Clean up with OTL:

Double-click OTL.exe to start the program.
Close all other programs apart from OTL as this step will require a reboot
On the OTL main screen, press the CLEANUP button
Say Yes to the prompt and then allow the program to reboot your computer.

If you still have any tools or logs leftover on your computer you can go ahead and delete those off of your computer now.

3. Make sure, Windows Updates are current (including Service Pack 3 installation and upgrading Internet Explorer to version 8!)

4. If any Trojan was listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC) weekly.

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. Run defrag at your convenience.

11. Read How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html

12. Please, let me know, how your computer is doing.

clyde85 · Apr 15, 2011

OTL Log File:

All processes killed
========== OTL ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
D:\Installers\DivX.Pro.v7.0.0.Incl.Keygen.FFF.rar moved successfully.
E:\Installers\SweetImSetup.exe moved successfully.
E:\My Documents\Downloads\Completed\SketchUp.rar moved successfully.
E:\My Documents\Downloads\Completed\SketchUp\SketchUp5KeyGen.exe moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: St.Michael
->Temp folder emptied: 750939 bytes
->Temporary Internet Files folder emptied: 7281630 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 46633984 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 52.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: St.Michael
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04162011_100746

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\Perflib_Perfdata_1f8.dat not found!

Registry entries deleted on Reboot...

clyde85 · Apr 15, 2011

Setting Up System Restore Log File:

All processes killed
========== OTL ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: St.Michael
->Temp folder emptied: 587646 bytes
->Temporary Internet Files folder emptied: 62211 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Apple Safari cache emptied: 5227520 bytes
->Flash cache emptied: 456 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 6.00 mb

[EMPTYFLASH]

User: Administrator
->Flash cache emptied: 0 bytes

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: St.Michael
->Flash cache emptied: 0 bytes

Total Flash Files Cleaned = 0.00 mb

Restore points cleared and new OTL Restore Point set!

OTL by OldTimer - Version 3.2.22.3 log created on 04162011_101822

Files\Folders moved on Reboot...
File\Folder D:\WINDOWS\temp\Perflib_Perfdata_7c4.dat not found!

Registry entries deleted on Reboot...

clyde85 · Apr 15, 2011

Thanks for your help Broni. I downloaded the tools you suggested. I'm gonna observe my PC for a couple of days and will let you know how it is doing. Thanks again and more power!!!

Broni · Apr 15, 2011

You're very welcome

Good luck!

clyde85 · Apr 16, 2011

To my dismay, It seems the problem hasn't been solved yet. I got error with Windows Explorer and it crashed like before.

Can I send you an attachment of the error (I printscreen it and pasted on paint)? Or I'll have to type it all here?

"Explorer.EXE - Application Error" any idea what this is?

Anyway, I'm gonna attached it here.

Broni · Apr 16, 2011

At this point....

In this forum, we make sure, your computer is free of malware and your computer is clean

Because the access to malware forum is very limited, your best option is to create new topic about your current issue, at Windows section.
You'll get more attention.

Solved Windows Explorer closes itself down

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Posts: 17 +0

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Posts: 17 +0

Posts: 17 +0

Posts: 56,041 +516

Posts: 17 +0

Attachments

Posts: 56,041 +516

Similar threads