AV Security Suite AGAIN!!!!

I guess I've been somewhat lucky, but malwarebytes stopped the pop-ups. But now my browsers (ie explorer, firefox) get hijacked when I try to search using google or yahoo. If I enter a url or use a book mark, all's good. It's just when I do a search and click on one of the search results that I get sent to a page that says something like url not found, and it's a google blank page.
Also, somehow I nuked my network drivers while cleaning the first time, but malwarebytes had already stopped the pop-ups. I did an XP repair and got my network back up but the stupid av Suite returned and I had to remove it again.

I was only using windows firewall. Trust me once this is resolved (hopefully), it's antivirus time for me!!!

TIA

Nuke

Edit:
I'm at work now, I'll post my OTL logs when I get home.

Last edited by nuclearjock on 10th June 2010, 12:43 pm; edited 1 time in total (Reason for editing : more info)

Hi nuclearjock and Welcome to GeekPolice!

If you have OTL logs please post them. And we need to look for a rootkit.

DeFogger
Download DeFogger by jpshortstuff from here & save it to your desktop.

• Right click DeFogger then choose Run as Administrator Or you can double-click to run the tool
  
• The application window will appear
  
• Click the Disable button to disable your CD Emulation drivers
  
• Click Yes to continue
  
• A Finished! message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK. If not reboot your PC
  

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_disable which will appear on your desktop.
Do not re-enable these drivers until otherwise instructed.


Next


Download the GMER Rootkit Scanner. Unzip it to your Desktop.

Before scanning, make sure all other running programs are closed and no other actions like a scheduled antivirus scan will occur while the scan is being performed. Do not use your computer for anything else during the scan.

• Double click GMER.exe.
  
  
• If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  
• In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED ...
  
  
  • IAT/EAT
    
  • Drives/Partition other than Systemdrive (typically C:\)
    
  • Show All (don't miss this one)
    
    Click the image to enlarge it
    
  
  
• Then click the Scan button & wait for it to finish.
  
• Once done click on the [Save..] button, and in the File name area, type in "ark.txt"
  
• Save the log where you can easily find it, such as your desktop.
  

**Caution**
Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
Please copy and paste the report into your Post.

OTL logfile created on: 6/10/2010 3:09:04 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Rick Wintermute\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): e:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 113.58 Gb Free Space | 81.29% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 255.86 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive E: | 358.29 Gb Total Space | 295.16 Gb Free Space | 82.38% Space Free | Partition Type: NTFS
Drive F: | 340.34 Gb Total Space | 310.03 Gb Free Space | 91.09% Space Free | Partition Type: NTFS
Drive G: | 400.00 Gb Total Space | 156.81 Gb Free Space | 39.20% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 34.26 Gb Total Space | 31.66 Gb Free Space | 92.41% Space Free | Partition Type: NTFS

Computer Name: NUKESGIZMO
Current User Name: Rick Wintermute
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2010/06/10 15:08:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
PRC - [2009/07/14 00:28:00 | 000,024,576 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2008/11/26 13:17:50 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) -- C:\WINDOWS\system32\ASTSRV.EXE
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/02/12 17:03:20 | 000,200,704 | R--- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2007/12/13 18:57:24 | 002,095,640 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe
PRC - [2007/12/13 18:43:22 | 002,051,096 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe
PRC - [2007/12/13 18:42:52 | 000,558,104 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
PRC - [2007/10/16 21:04:12 | 001,094,936 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
PRC - [2006/11/30 19:49:10 | 000,135,168 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe
PRC - [2006/11/30 19:49:06 | 000,397,312 | ---- | M] (Acronis) -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe
PRC - [2006/11/30 19:48:08 | 001,115,317 | ---- | M] (Acronis) -- C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe
PRC - [2006/06/30 01:21:40 | 000,593,920 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2006/05/10 10:48:08 | 000,094,208 | ---- | M] (Logitech Inc.) -- C:\Program Files\Common Files\Logitech\KhalShared\KHALMNPR.exe


========== Modules (SafeList) ==========

MOD - [2010/06/10 15:08:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2009/07/12 01:09:20 | 000,554,832 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcp80.dll
MOD - [2008/04/13 19:10:20 | 000,110,592 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx
MOD - [2006/06/30 01:14:54 | 000,044,544 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/03/27 13:37:01 | 000,079,360 | ---- | M] (Creative Labs) [On_Demand | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2009/02/23 11:43:54 | 000,307,200 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/11/26 13:17:50 | 000,057,344 | ---- | M] (Nalpeiron Ltd.) [Auto | Running] -- C:\WINDOWS\system32\ASTSRV.EXE -- (astcc)
SRV - [2007/10/16 21:04:12 | 001,094,936 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2006/12/22 07:31:50 | 000,108,712 | ---- | M] () [Auto | Running] -- C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe -- (AdobeActiveFileMonitor5.0)
SRV - [2006/11/30 19:49:06 | 000,397,312 | ---- | M] (Acronis) [Auto | Running] -- C:\Program Files\Common Files\Acronis\Schedule2\schedul2.exe -- (AcrSch2Svc)


========== Driver Services (SafeList) ==========

DRV - [2010/03/30 23:38:26 | 000,020,968 | ---- | M] (Windows (R) Win 7 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\cpuz133_x32.sys -- (cpuz133)
DRV - [2009/07/14 02:53:08 | 001,811,224 | ---- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ct20xflt.sys -- (ct20xflt)
DRV - [2009/07/14 02:52:46 | 001,227,800 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x22k.sys -- (ha20x22k)
DRV - [2009/07/14 02:52:34 | 001,184,280 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2009/07/14 02:52:22 | 000,095,768 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2009/07/14 02:52:14 | 000,159,256 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2009/07/14 02:52:04 | 000,014,360 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2009/07/14 02:51:56 | 000,129,560 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2009/07/14 02:51:36 | 000,536,344 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2009/07/14 02:51:26 | 000,511,000 | ---- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2009/07/14 02:51:16 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTEXFIFX.SYS -- (CTEXFIFX.SYS)
DRV - [2009/07/14 02:51:16 | 001,353,240 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTEXFIFX.sys -- (CTEXFIFX)
DRV - [2009/07/14 02:51:04 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CTHWIUT.SYS -- (CTHWIUT.SYS)
DRV - [2009/07/14 02:51:04 | 000,073,752 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CTHWIUT.sys -- (CTHWIUT)
DRV - [2009/07/14 02:50:56 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\CT20XUT.SYS -- (CT20XUT.SYS)
DRV - [2009/07/14 02:50:56 | 000,198,168 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\CT20XUT.sys -- (CT20XUT)
DRV - [2009/01/23 02:56:38 | 000,072,008 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftser2k.sys -- (FTSER2K)
DRV - [2009/01/23 02:56:38 | 000,057,672 | R--- | M] (FTDI Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ftdibus.sys -- (FTDIBUS)
DRV - [2009/01/15 08:19:00 | 006,301,248 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2008/12/01 14:50:56 | 000,392,320 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\timntr.sys -- (timounter)
DRV - [2008/12/01 14:50:56 | 000,032,768 | ---- | M] (Acronis) [File_System | Auto | Running] -- C:\WINDOWS\system32\drivers\tifsfilt.sys -- (tifsfilter)
DRV - [2008/12/01 14:50:54 | 000,099,776 | ---- | M] (Acronis) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\snapman.sys -- (snapman)
DRV - [2008/04/28 21:00:00 | 000,288,896 | R--- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2008/04/13 11:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2008/03/23 20:08:14 | 000,331,264 | R--- | M] (Analog Devices, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\adihdaud.sys -- (ADIHdAudAddService)
DRV - [2008/02/25 18:14:38 | 000,012,416 | R--- | M] (AFT) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\fixustor.sys -- (FIXUSTOR)
DRV - [2008/02/13 21:04:50 | 001,683,712 | R--- | M] (Creative) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\Ambfilt.sys -- (AmbFilt)
DRV - [2007/10/05 10:19:26 | 000,035,200 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiBus.sys -- (SaiNtBus)
DRV - [2007/10/05 10:19:26 | 000,014,080 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiMini.sys -- (SaiMini)
DRV - [2007/09/13 21:41:28 | 000,051,608 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmXlCore.sys -- (WmXlCore)
DRV - [2007/09/13 21:41:20 | 000,014,744 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmVirHid.sys -- (WmVirHid)
DRV - [2007/09/13 21:41:02 | 000,029,976 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\WmFilter.sys -- (WmFilter)
DRV - [2007/09/13 21:40:54 | 000,019,352 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\WmBEnum.sys -- (WmBEnum)
DRV - [2007/08/08 11:54:10 | 000,028,968 | ---- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\ATITool.sys -- (ATITool)
DRV - [2007/05/01 17:11:28 | 000,132,232 | ---- | M] (Saitek) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\SaiH075C.sys -- (SaiH075C)
DRV - [2007/04/02 23:13:46 | 000,021,632 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2006/10/18 14:12:16 | 000,012,664 | R--- | M] () [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AsIO.sys -- (AsIO)
DRV - [2006/06/30 01:53:44 | 000,003,712 | ---- | M] (Logitech, Inc.) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\LBeepKE.sys -- (LBeepKE)
DRV - [2006/05/10 10:56:54 | 000,027,264 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LHidKE.Sys -- (LHidKe)
DRV - [2006/05/10 10:56:50 | 000,071,680 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\LMouKE.Sys -- (LMouKE)
DRV - [2006/05/10 10:56:18 | 000,056,064 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\L8042MOU.SYS -- (L8042mou)
DRV - [2006/05/10 10:56:08 | 000,013,568 | ---- | M] (Logitech, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\L8042Kbd.SYS -- (L8042Kbd)
DRV - [2005/11/14 04:26:34 | 000,009,728 | R--- | M] (Samsung Electronics, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\magicpvt.sys -- (magicpvt)
DRV - [2005/10/17 16:45:42 | 000,004,608 | ---- | M] (NVIDIA Corporation.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\nvport.sys -- (nvport)
DRV - [2005/10/17 16:37:22 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2005/02/21 18:22:54 | 000,042,240 | R--- | M] (ENE Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\EUCR6SK.sys -- (EUCR)
DRV - [2004/08/12 21:56:20 | 000,005,810 | R--- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2002/07/17 09:05:10 | 000,016,512 | ---- | M] (Adaptec) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ASPI32.SYS -- (ASPI)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" =
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:1044

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.yahoo.com/"
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.2.20100127023632
FF - prefs.js..network.proxy.http: "127.0.0.1"
FF - prefs.js..network.proxy.http_port: 1044
FF - prefs.js..network.proxy.no_proxies_on: "localhost,127.0.0.1"

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/09 04:42:42 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/06/09 04:42:36 | 000,000,000 | ---D | M]

[2010/06/09 04:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Extensions
[2010/06/09 04:42:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\extensions
[2010/06/09 04:43:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/06/09 04:43:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\extensions\staged-xpis
[2010/06/09 04:42:37 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/06/09 04:42:37 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Program Files\Mozilla Firefox\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

O1 HOSTS File: ([2010/06/08 17:49:55 | 000,000,736 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O4 - HKLM..\Run: [Acronis Scheduler2 Service] C:\Program Files\Common Files\Acronis\Schedule2\schedhlp.exe (Acronis)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [Launch LCDMon] C:\Program Files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [Launch LGDCore] C:\Program Files\Logitech\GamePanel Software\G-series Software\LGDCore.exe (Logitech Inc.)
O4 - HKLM..\Run: [Logitech Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NWEReboot] File not found
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [RegistryMechanic] File not found
O4 - HKLM..\Run: [TrueImageMonitor.exe] C:\Program Files\Acronis\TrueImageHome\TrueImageMonitor.exe (Acronis)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_03\bin\npjpi160_03.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/su2/ocx/15111/CTPID.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O30 - LSA: Authentication Packages - (relog_ap) - C:\WINDOWS\System32\relog_ap.dll (Acronis)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/01/13 20:01:34 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/01/03 14:51:24 | 000,000,000 | ---- | M] () - D:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/06/10 15:08:18 | 000,572,416 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
[2010/06/10 15:03:17 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Rick Wintermute\Desktop\hjt.exe
[2010/06/09 15:28:05 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Rick Wintermute\Recent
[2010/06/09 04:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\Mozilla
[2010/06/09 04:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Application Data\Mozilla
[2010/06/08 21:13:25 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2010/06/08 21:03:30 | 000,000,000 | -H-D | C] -- C:\WINDOWS\$NtServicePackUninstall$
[2010/06/08 21:01:00 | 000,086,016 | ---- | C] (Sipro Lab Telecom Inc.) -- C:\WINDOWS\System32\dllcache\sl_anet.acm
[2010/06/08 21:00:56 | 001,306,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6.dll
[2010/06/08 21:00:56 | 000,079,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msxml6r.dll
[2010/06/08 21:00:54 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msaud32.acm
[2010/06/08 21:00:51 | 000,290,816 | ---- | C] (Fraunhofer Institut Integrierte Schaltungen IIS) -- C:\WINDOWS\System32\dllcache\l3codeca.acm
[2010/06/08 21:00:45 | 000,294,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dlimport.exe
[2010/06/08 19:34:06 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/06/08 19:34:05 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/06/08 19:15:06 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winzm.ime
[2010/06/08 19:15:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winsp.ime
[2010/06/08 19:15:05 | 000,156,672 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winpy.ime
[2010/06/08 19:15:05 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winar30.ime
[2010/06/08 19:15:05 | 000,072,704 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wingb.ime
[2010/06/08 19:15:05 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\winime.ime
[2010/06/08 19:15:04 | 000,048,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\w32.dll
[2010/06/08 19:15:04 | 000,041,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.dll
[2010/06/08 19:15:04 | 000,031,232 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\weitekp9.sys
[2010/06/08 19:15:03 | 000,426,041 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicepad.dll
[2010/06/08 19:15:03 | 000,086,073 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\voicesub.dll
[2010/06/08 19:15:01 | 000,076,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\uniime.dll
[2010/06/08 19:15:01 | 000,065,024 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\unicdime.ime
[2010/06/08 19:15:00 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tsprof.exe
[2010/06/08 19:14:59 | 000,571,392 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlgnt.ime
[2010/06/08 19:14:59 | 000,455,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintsetp.exe
[2010/06/08 19:14:59 | 000,185,344 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\thawbrkr.dll
[2010/06/08 19:14:59 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tintlphr.exe
[2010/06/08 19:14:59 | 000,021,896 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdipx.sys
[2010/06/08 19:14:59 | 000,019,464 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdspx.sys
[2010/06/08 19:14:59 | 000,013,192 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tdasync.sys
[2010/06/08 19:14:59 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\tmigrate.dll
[2010/06/08 19:14:58 | 000,101,376 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\srusbusd.dll
[2010/06/08 19:14:57 | 000,143,422 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\softkey.dll
[2010/06/08 19:14:56 | 000,010,240 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\snmpstup.dll
[2010/06/08 19:14:56 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_snprfdll.dll
[2010/06/08 19:14:55 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm9aw.dll
[2010/06/08 19:14:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smb6w.dll
[2010/06/08 19:14:55 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sma3w.dll
[2010/06/08 19:14:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm93w.dll
[2010/06/08 19:14:55 | 000,026,624 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm92w.dll
[2010/06/08 19:14:55 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm90w.dll
[2010/06/08 19:14:55 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsm.dll
[2010/06/08 19:14:55 | 000,012,288 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_smtpctrs.dll
[2010/06/08 19:14:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smimsgif.dll
[2010/06/08 19:14:55 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\smierrsy.dll
[2010/06/08 19:14:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm87w.dll
[2010/06/08 19:14:54 | 000,030,208 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm81w.dll
[2010/06/08 19:14:54 | 000,029,184 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8cw.dll
[2010/06/08 19:14:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8dw.dll
[2010/06/08 19:14:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm8aw.dll
[2010/06/08 19:14:54 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm89w.dll
[2010/06/08 19:14:54 | 000,025,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sm59w.dll
[2010/06/08 19:14:53 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\simptcp.dll
[2010/06/08 19:14:51 | 000,057,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_scripto.dll
[2010/06/08 19:14:51 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_seos.dll
[2010/06/08 19:14:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia330.dll
[2010/06/08 19:14:50 | 000,079,872 | ---- | C] (Ricoh Co., Ltd.) -- C:\WINDOWS\System32\dllcache\rwia001.dll
[2010/06/08 19:14:50 | 000,026,112 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\romanime.ime
[2010/06/08 19:14:49 | 000,023,040 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_regtrace.exe
[2010/06/08 19:14:49 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\register.exe
[2010/06/08 19:14:48 | 000,077,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quick.ime
[2010/06/08 19:14:48 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\quser.exe
[2010/06/08 19:14:48 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\query.exe
[2010/06/08 19:14:47 | 000,482,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlgnt.ime
[2010/06/08 19:14:47 | 000,131,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxviceo.dll
[2010/06/08 19:14:47 | 000,070,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlphr.exe
[2010/06/08 19:14:47 | 000,067,584 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmigrate.dll
[2010/06/08 19:14:47 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxmcro.dll
[2010/06/08 19:14:47 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pmxgl.dll
[2010/06/08 19:14:46 | 000,079,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\phon.ime
[2010/06/08 19:14:46 | 000,053,760 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pintlcsd.dll
[2010/06/08 19:14:46 | 000,036,927 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs411.dll
[2010/06/08 19:14:46 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs404.dll
[2010/06/08 19:14:46 | 000,015,360 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs804.dll
[2010/06/08 19:14:46 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\padrs412.dll
[2010/06/08 19:14:44 | 000,038,912 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_ntfsdrv.dll
[2010/06/08 19:14:43 | 000,229,439 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\multibox.dll
[2010/06/08 19:14:41 | 001,875,968 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.lex
[2010/06/08 19:14:41 | 000,098,304 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msir3jp.dll
[2010/06/08 19:14:38 | 000,092,416 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.sys
[2010/06/08 19:14:38 | 000,092,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mga.dll
[2010/06/08 19:14:37 | 000,065,536 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_mailmsg.dll
[2010/06/08 19:14:36 | 000,070,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\korwbrkr.dll
[2010/06/08 19:14:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdvntc.dll
[2010/06/08 19:14:36 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdusa.dll
[2010/06/08 19:14:35 | 000,009,216 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecat.dll
[2010/06/08 19:14:35 | 000,007,680 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnecnt.dll
[2010/06/08 19:14:35 | 000,007,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdnec95.dll
[2010/06/08 19:14:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth3.dll
[2010/06/08 19:14:35 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth2.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdurdu.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth1.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdth0.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr2.dll
[2010/06/08 19:14:35 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdsyr1.dll
[2010/06/08 19:14:34 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinpun.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintel.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdintam.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinmar.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinkan.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinhin.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdinguj.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdindev.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdheb.dll
[2010/06/08 19:14:34 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdfa.dll
[2010/06/08 19:14:34 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdgeo.dll
[2010/06/08 19:14:33 | 000,018,432 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\jupiw.dll
[2010/06/08 19:14:33 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbd101a.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv2.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbddiv1.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda3.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda2.dll
[2010/06/08 19:14:33 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbda1.dll
[2010/06/08 19:14:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarmw.dll
[2010/06/08 19:14:33 | 000,005,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\kbdarme.dll
[2010/06/08 19:14:32 | 000,315,455 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskf.dll
[2010/06/08 19:14:31 | 000,471,102 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imskdic.dll
[2010/06/08 19:14:31 | 000,274,489 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputyc.dll
[2010/06/08 19:14:31 | 000,262,200 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjputy.exe
[2010/06/08 19:14:31 | 000,233,527 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjprw.exe
[2010/06/08 19:14:31 | 000,208,952 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpmig.exe
[2010/06/08 19:14:31 | 000,102,456 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imlang.dll
[2010/06/08 19:14:31 | 000,059,904 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imkrinst.exe
[2010/06/08 19:14:31 | 000,045,109 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpuex.exe
[2010/06/08 19:14:30 | 000,811,064 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81k.dll
[2010/06/08 19:14:30 | 000,716,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcus.dll
[2010/06/08 19:14:30 | 000,368,696 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpcic.dll
[2010/06/08 19:14:30 | 000,340,023 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjp81.ime
[2010/06/08 19:14:30 | 000,307,257 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.exe
[2010/06/08 19:14:30 | 000,155,705 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdsvr.exe
[2010/06/08 19:14:30 | 000,081,976 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdct.dll
[2010/06/08 19:14:30 | 000,057,398 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imjpdadm.exe
[2010/06/08 19:14:29 | 000,311,359 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsv.exe
[2010/06/08 19:14:29 | 000,106,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrcic.dll
[2010/06/08 19:14:29 | 000,102,463 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imepadsm.dll
[2010/06/08 19:14:29 | 000,094,720 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekr61.ime
[2010/06/08 19:14:29 | 000,086,016 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmbx.dll
[2010/06/08 19:14:29 | 000,044,032 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\imekrmig.exe
[2010/06/08 19:14:26 | 010,129,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxkor.dll
[2010/06/08 19:14:21 | 010,096,640 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hwxcht.dll
[2010/06/08 19:14:20 | 000,036,864 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hanjadic.dll
[2010/06/08 19:14:18 | 000,132,608 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsclntr.dll
[2010/06/08 19:14:18 | 000,031,744 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxsroute.dll
[2010/06/08 19:14:18 | 000,011,264 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxssend.exe
[2010/06/08 19:14:17 | 000,111,104 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fxscfgwz.dll
[2010/06/08 19:14:17 | 000,014,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\flattemp.exe
[2010/06/08 19:14:17 | 000,006,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ftlx041e.dll
[2010/06/08 19:14:16 | 000,043,520 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_fcachdll.dll
[2010/06/08 19:14:16 | 000,025,856 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\et4000.sys
[2010/06/08 19:14:15 | 000,057,856 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esuimgd.dll
[2010/06/08 19:14:15 | 000,045,056 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esunid.dll
[2010/06/08 19:14:15 | 000,031,744 | ---- | C] (SEIKO EPSON CORP.) -- C:\WINDOWS\System32\dllcache\esucmd.dll
[2010/06/08 19:14:12 | 000,078,848 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dayi.ime
[2010/06/08 19:14:12 | 000,018,944 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cprofile.exe
[2010/06/08 19:14:11 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintsetp.exe
[2010/06/08 19:14:11 | 000,057,399 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cplexe.exe
[2010/06/08 19:14:11 | 000,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintlgnt.ime
[2010/06/08 19:14:10 | 001,677,824 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chsbrkr.dll
[2010/06/08 19:14:10 | 000,838,144 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtbrkr.dll
[2010/06/08 19:14:10 | 000,198,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\cintime.dll
[2010/06/08 19:14:10 | 000,097,792 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtmbx.dll
[2010/06/08 19:14:10 | 000,056,320 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chtskdic.dll
[2010/06/08 19:14:09 | 000,078,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chajei.ime
[2010/06/08 19:14:09 | 000,015,872 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgport.exe
[2010/06/08 19:14:09 | 000,014,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chgusr.exe
[2010/06/08 19:14:09 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\chglogon.exe
[2010/06/08 19:14:09 | 000,009,728 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\change.exe
[2010/06/08 19:14:08 | 000,054,528 | ---- | C] (Philips Semiconductors GmbH) -- C:\WINDOWS\System32\dllcache\cap7146.sys
[2010/06/08 19:14:08 | 000,010,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_iscii.dll
[2010/06/08 19:14:08 | 000,006,656 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\c_is2022.dll
[2010/06/08 19:13:58 | 000,045,056 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_aqadmin.dll
[2010/06/08 19:13:54 | 000,005,632 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\EXCH_adsiisex.dll
[2010/06/08 19:12:40 | 000,016,384 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isignup.exe
[2010/06/08 18:24:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\spxcoins.dll
[2010/06/08 18:24:40 | 000,024,661 | ---- | C] (Perle Systems Ltd.) -- C:\WINDOWS\System32\dllcache\spxcoins.dll
[2010/06/08 18:24:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\irclass.dll
[2010/06/08 18:24:40 | 000,013,312 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\irclass.dll
[2010/06/08 17:50:58 | 000,000,000 | ---D | C] -- C:\Rick_Reg
[2010/06/08 17:04:20 | 000,288,896 | R--- | C] (Marvell) -- C:\WINDOWS\System32\drivers\yk51x86.sys
[2010/06/08 16:12:56 | 000,024,576 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\STKIT432.DLL
[2010/06/08 16:12:55 | 000,000,000 | ---D | C] -- C:\Program Files\Registry Mechanic
[2010/06/08 09:31:26 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/06/07 23:14:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Application Data\Malwarebytes
[2010/06/07 22:54:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/06/07 21:26:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\PCHealth
[2010/06/07 20:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/06/07 20:05:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/06/07 15:15:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\BestShopping
[2010/06/07 15:14:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\humtghq
[2010/06/07 15:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Update
[2010/06/07 15:14:39 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2010/06/07 15:13:39 | 000,071,168 | RHS- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi5.dll
[2010/06/07 15:13:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\Windows Server
[2010/05/24 15:34:36 | 000,000,000 | ---D | C] -- C:\Program Files\Walmart MP3 Music Downloads
[2010/05/24 15:34:36 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\Walmart MP3 Music Downloads
[2010/05/21 15:20:45 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA
[2010/05/21 15:20:44 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies
[2010/05/21 15:20:39 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Wise Installation Wizard
[2010/05/21 15:20:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nView_Profiles
[2010/05/21 15:20:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview
[2010/05/21 15:20:30 | 000,000,000 | ---D | C] -- C:\NVIDIA
[2010/05/18 23:18:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\AGEIA(3)
[2010/05/18 23:18:49 | 000,000,000 | ---D | C] -- C:\Program Files\AGEIA Technologies(3)
[2010/05/18 23:18:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\nview(4)
[2010/05/18 23:18:07 | 000,000,000 | ---D | C] -- C:\NVIDIA(2)
[2009/07/14 00:30:56 | 000,014,336 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2004/11/24 13:25:52 | 000,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/06/10 15:08:18 | 000,572,416 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Rick Wintermute\Desktop\OTL.exe
[2010/06/10 15:04:04 | 000,521,682 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/10 15:04:04 | 000,440,992 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/10 15:04:04 | 000,071,118 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/10 15:03:19 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Rick Wintermute\Desktop\hjt.exe
[2010/06/10 14:59:54 | 000,201,736 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2010/06/10 14:59:52 | 000,012,598 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/06/10 14:59:51 | 000,000,324 | -HS- | M] () -- C:\WINDOWS\tasks\Zocoup.job
[2010/06/10 14:59:51 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/06/10 14:59:50 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/06/10 14:59:31 | 000,000,032 | ---- | M] () -- C:\WINDOWS\System32\driver.dat
[2010/06/10 04:36:30 | 006,561,792 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\ntuser.dat
[2010/06/09 15:48:12 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Rick Wintermute\ntuser.ini
[2010/06/09 04:42:43 | 000,000,000 | ---- | M] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 04:42:38 | 000,001,602 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 21:14:02 | 000,316,640 | ---- | M] () -- C:\WINDOWS\WMSysPr9.prx
[2010/06/08 21:14:00 | 001,500,968 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/06/08 19:54:32 | 000,051,360 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/08 19:54:26 | 000,001,876 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\VistaBootPRO 3.3.lnk
[2010/06/08 19:34:08 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 19:15:37 | 000,054,868 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 19:15:37 | 000,054,868 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 19:15:37 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 19:15:22 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\$winnt$.inf
[2010/06/08 19:13:40 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2010/06/08 19:13:40 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2010/06/08 19:13:31 | 000,004,161 | ---- | M] () -- C:\WINDOWS\ODBCINST.INI
[2010/06/08 19:12:59 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\WindowsLogon.manifest
[2010/06/08 19:12:59 | 000,000,488 | RH-- | M] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\nwc.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | M] () -- C:\WINDOWS\System32\cdplayer.exe.manifest
[2010/06/08 19:12:47 | 000,000,626 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/06/08 19:11:38 | 000,022,720 | ---- | M] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/06/08 19:10:00 | 000,000,211 | -HS- | M] () -- C:\boot.ini
[2010/06/08 18:54:42 | 000,000,231 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/06/08 18:44:38 | 000,054,964 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:44:38 | 000,054,964 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:44:38 | 000,000,820 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000008-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 17:59:04 | 000,289,933 | ---- | M] () -- C:\WINDOWS\setupapi.old
[2010/06/08 17:49:55 | 000,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/06/08 17:08:52 | 000,015,160 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/08 17:03:53 | 000,038,247 | ---- | M] () -- C:\WINDOWS\Ascd_tmp.ini
[2010/06/08 16:12:56 | 000,000,738 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/07 23:08:58 | 000,363,520 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\iExplore.exe
[2010/06/07 20:13:06 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:13:05 | 000,000,038 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:12:45 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:12:44 | 000,000,038 | ---- | M] () -- C:\WINDOWS\System32\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:10:58 | 000,000,116 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2010/06/07 16:06:02 | 000,047,314 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\ifarmed.html
[2010/06/07 15:17:01 | 000,052,736 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\syssvc.exe
[2010/06/07 15:15:26 | 000,000,734 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak
[2010/06/07 15:13:39 | 000,071,168 | RHS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\encapi5.dll
[2010/06/07 09:54:11 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLbx.DAT
[2010/06/06 14:36:02 | 000,002,487 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Thayer eField Guide Viewer 3.9.lnk
[2010/05/30 17:22:34 | 000,238,080 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/05/24 07:12:46 | 000,002,423 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Diskeeper 2008.lnk
[2010/05/23 20:50:15 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Microsoft Streets & Trips.lnk
[2010/05/12 13:16:50 | 000,001,332 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Sharpener-Manual-123.lnk
[2010/05/12 04:40:35 | 000,000,654 | ---- | M] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Core Temp.lnk
[6 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[31 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\All Users\Application Data\*.tmp files -> C:\Documents and Settings\All Users\Application Data\*.tmp -> ]
[1 C:\*.tmp files -> C:\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/06/09 04:42:43 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/06/09 04:42:38 | 000,001,602 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2010/06/08 21:01:04 | 000,613,334 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.chm
[2010/06/08 21:01:04 | 000,354,468 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud1.wav
[2010/06/08 21:01:04 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud7.wav
[2010/06/08 21:01:04 | 000,343,204 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud6.wav
[2010/06/08 21:01:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud9.wav
[2010/06/08 21:01:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud8.wav
[2010/06/08 21:01:04 | 000,172,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud3.wav
[2010/06/08 21:01:04 | 000,086,196 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud5.wav
[2010/06/08 21:01:04 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud4.wav
[2010/06/08 21:01:04 | 000,086,180 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpaud2.wav
[2010/06/08 21:01:04 | 000,067,374 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplayer.adm
[2010/06/08 21:01:04 | 000,029,070 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmp.inf
[2010/06/08 21:01:04 | 000,023,195 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmplay.chm
[2010/06/08 21:01:04 | 000,010,457 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.hta
[2010/06/08 21:01:04 | 000,001,771 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmptour.css
[2010/06/08 21:01:04 | 000,000,855 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmpocm.inf
[2010/06/08 21:01:04 | 000,000,420 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmploc.js
[2010/06/08 21:01:03 | 000,017,272 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmdm.inf
[2010/06/08 21:01:03 | 000,008,677 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm7.gif
[2010/06/08 21:01:03 | 000,007,892 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm9.gif
[2010/06/08 21:01:03 | 000,007,636 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm2.gif
[2010/06/08 21:01:03 | 000,007,369 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm4.gif
[2010/06/08 21:01:03 | 000,006,769 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wmfsdk.inf
[2010/06/08 21:01:03 | 000,006,241 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm3.gif
[2010/06/08 21:01:03 | 000,006,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm6.gif
[2010/06/08 21:01:03 | 000,005,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm1.gif
[2010/06/08 21:01:03 | 000,004,193 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm8.gif
[2010/06/08 21:01:03 | 000,002,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\wm5.gif
[2010/06/08 21:01:02 | 000,300,969 | ---- | C] () -- C:\WINDOWS\System32\dllcache\viz.wmv
[2010/06/08 21:01:02 | 000,023,829 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tourbg.gif
[2010/06/08 21:01:02 | 000,017,489 | ---- | C] () -- C:\WINDOWS\System32\dllcache\videobg.gif
[2010/06/08 21:01:02 | 000,005,290 | ---- | C] () -- C:\WINDOWS\System32\dllcache\vidsamp.gif
[2010/06/08 21:01:02 | 000,003,187 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tour.js
[2010/06/08 21:01:02 | 000,002,469 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplay.gif
[2010/06/08 21:01:02 | 000,002,450 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpause.gif
[2010/06/08 21:01:02 | 000,002,375 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tplayh.gif
[2010/06/08 21:01:02 | 000,002,371 | ---- | C] () -- C:\WINDOWS\System32\dllcache\tpauseh.gif
[2010/06/08 21:01:02 | 000,001,398 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taon.gif
[2010/06/08 21:01:02 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taonh.gif
[2010/06/08 21:01:02 | 000,001,380 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoff.gif
[2010/06/08 21:01:02 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\dllcache\taoffh.gif
[2010/06/08 21:01:00 | 000,001,148 | ---- | C] () -- C:\WINDOWS\System32\dllcache\snd.htm
[2010/06/08 21:01:00 | 000,000,908 | ---- | C] () -- C:\WINDOWS\System32\dllcache\skins.inf
[2010/06/08 21:00:59 | 000,572,557 | ---- | C] () -- C:\WINDOWS\System32\dllcache\rtuner.wmv
[2010/06/08 21:00:59 | 000,077,307 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plyr_err.chm
[2010/06/08 21:00:59 | 000,066,725 | ---- | C] () -- C:\WINDOWS\System32\dllcache\revert.wmz
[2010/06/08 21:00:59 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst6.wpl
[2010/06/08 21:00:59 | 000,001,477 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst5.wpl
[2010/06/08 21:00:59 | 000,001,474 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst3.wpl
[2010/06/08 21:00:59 | 000,001,451 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst12.wpl
[2010/06/08 21:00:59 | 000,001,448 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst4.wpl
[2010/06/08 21:00:59 | 000,001,250 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst1.wpl
[2010/06/08 21:00:59 | 000,001,049 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst2.wpl
[2010/06/08 21:00:59 | 000,001,046 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst7.wpl
[2010/06/08 21:00:59 | 000,001,036 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst8.wpl
[2010/06/08 21:00:59 | 000,000,789 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst11.wpl
[2010/06/08 21:00:59 | 000,000,787 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst10.wpl
[2010/06/08 21:00:59 | 000,000,784 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst9.wpl
[2010/06/08 21:00:59 | 000,000,783 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst13.wpl
[2010/06/08 21:00:59 | 000,000,775 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst14.wpl
[2010/06/08 21:00:59 | 000,000,733 | ---- | C] () -- C:\WINDOWS\System32\dllcache\plylst15.wpl
[2010/06/08 21:00:57 | 000,375,519 | ---- | C] () -- C:\WINDOWS\System32\dllcache\nuskin.wmv
[2010/06/08 21:00:56 | 000,022,060 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npds.zip
[2010/06/08 21:00:56 | 000,000,403 | ---- | C] () -- C:\WINDOWS\System32\dllcache\npdrmv2.zip
[2010/06/08 21:00:53 | 000,457,607 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mdlib.wmv
[2010/06/08 21:00:53 | 000,097,117 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.hlp
[2010/06/08 21:00:53 | 000,018,286 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.inf
[2010/06/08 21:00:53 | 000,002,778 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogoh.gif
[2010/06/08 21:00:53 | 000,002,545 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplogo.gif
[2010/06/08 21:00:53 | 000,001,885 | ---- | C] () -- C:\WINDOWS\System32\dllcache\mplayer2.cnt
[2010/06/08 21:00:47 | 000,005,971 | ---- | C] () -- C:\WINDOWS\System32\dllcache\events.js
[2010/06/08 21:00:45 | 000,381,425 | ---- | C] () -- C:\WINDOWS\System32\dllcache\copycd.wmv
[2010/06/08 21:00:45 | 000,184,959 | ---- | C] () -- C:\WINDOWS\System32\dllcache\compact.wmz
[2010/06/08 21:00:45 | 000,009,585 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.css
[2010/06/08 21:00:45 | 000,008,298 | ---- | C] () -- C:\WINDOWS\System32\dllcache\contents.htm
[2010/06/08 21:00:45 | 000,006,878 | ---- | C] () -- C:\WINDOWS\System32\dllcache\controls.js
[2010/06/08 21:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnth.gif
[2010/06/08 21:00:45 | 000,000,773 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cnt.gif
[2010/06/08 21:00:45 | 000,000,772 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cntd.gif
[2010/06/08 21:00:45 | 000,000,760 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapph.gif
[2010/06/08 21:00:45 | 000,000,717 | ---- | C] () -- C:\WINDOWS\System32\dllcache\cloapp.gif
[2010/06/08 21:00:43 | 000,000,999 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bktrh.gif
[2010/06/08 19:54:26 | 000,001,876 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\VistaBootPRO 3.3.lnk
[2010/06/08 19:34:08 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/06/08 19:20:10 | 000,363,520 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Desktop\iExplore.exe
[2010/06/08 19:15:09 | 000,028,288 | ---- | C] () -- C:\WINDOWS\System32\dllcache\xjis.nls
[2010/06/08 19:14:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prcp.nls
[2010/06/08 19:14:47 | 000,083,748 | ---- | C] () -- C:\WINDOWS\System32\dllcache\prc.nls
[2010/06/08 19:14:46 | 000,175,104 | ---- | C] () -- C:\WINDOWS\System32\dllcache\pintlcsa.dll
[2010/06/08 19:14:36 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2010/06/08 19:14:36 | 000,047,066 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ksc.nls
[2010/06/08 19:14:31 | 000,059,392 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imscinst.exe
[2010/06/08 19:14:30 | 000,196,665 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imjpinst.exe
[2010/06/08 19:14:29 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2010/06/08 19:14:24 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2010/06/08 19:14:20 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2010/06/08 19:14:10 | 000,173,568 | ---- | C] () -- C:\WINDOWS\System32\dllcache\chtskf.dll
[2010/06/08 19:14:08 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_864.nls
[2010/06/08 19:14:08 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_870.nls
[2010/06/08 19:14:07 | 000,180,770 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20932.nls
[2010/06/08 19:14:07 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20949.nls
[2010/06/08 19:14:07 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20936.nls
[2010/06/08 19:14:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_862.nls
[2010/06/08 19:14:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_858.nls
[2010/06/08 19:14:07 | 000,066,594 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_720.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_708.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_28596.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21027.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_21025.nls
[2010/06/08 19:14:07 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20924.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20880.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20871.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20838.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20833.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20424.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20423.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20420.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20297.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20290.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20285.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20284.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20280.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20278.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20277.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20273.nls
[2010/06/08 19:14:06 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20269.nls
[2010/06/08 19:14:05 | 000,189,986 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1361.nls
[2010/06/08 19:14:05 | 000,187,938 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20005.nls
[2010/06/08 19:14:05 | 000,186,402 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20001.nls
[2010/06/08 19:14:05 | 000,185,378 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20003.nls
[2010/06/08 19:14:05 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20004.nls
[2010/06/08 19:14:05 | 000,180,258 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20000.nls
[2010/06/08 19:14:05 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20002.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20108.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20107.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20106.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_20105.nls
[2010/06/08 19:14:05 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1149.nls
[2010/06/08 19:14:04 | 000,177,698 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10003.nls
[2010/06/08 19:14:04 | 000,173,602 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10008.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1148.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1147.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1146.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1145.nls

********
rest of OTL.txt
************

[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1144.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1143.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1142.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1141.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1140.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_1047.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10021.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10005.nls
[2010/06/08 19:14:04 | 000,066,082 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10004.nls
[2010/06/08 19:14:03 | 000,195,618 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10002.nls
[2010/06/08 19:14:03 | 000,162,850 | ---- | C] () -- C:\WINDOWS\System32\dllcache\c_10001.nls
[2010/06/08 19:14:03 | 000,082,172 | ---- | C] () -- C:\WINDOWS\System32\dllcache\bopomofo.nls
[2010/06/08 19:14:03 | 000,066,728 | ---- | C] () -- C:\WINDOWS\System32\dllcache\big5.nls
[2010/06/08 19:12:59 | 000,000,488 | RH-- | C] () -- C:\WINDOWS\System32\logonui.exe.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\wuaucpl.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\WindowsShell.Manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\sapi.cpl.manifest
[2010/06/08 19:12:55 | 000,000,749 | RH-- | C] () -- C:\WINDOWS\System32\ncpa.cpl.manifest
[2010/06/08 18:57:14 | 000,054,868 | ---- | C] () -- C:\WINDOWS\System32\BMXStateBkp-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:57:14 | 000,054,868 | ---- | C] () -- C:\WINDOWS\System32\BMXState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:57:14 | 000,000,820 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000009-00000000-00000000-00001102-0000000B-00431102}.rfx
[2010/06/08 18:24:32 | 000,007,382 | ---- | C] () -- C:\WINDOWS\System32\dllcache\OEMBIOS.CAT
[2010/06/08 18:24:31 | 000,797,189 | ---- | C] () -- C:\WINDOWS\System32\dllcache\NT5IIS.CAT
[2010/06/08 18:24:31 | 000,399,645 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MAPIMIG.CAT
[2010/06/08 18:24:31 | 000,037,484 | ---- | C] () -- C:\WINDOWS\System32\dllcache\MW770.CAT
[2010/06/08 18:24:31 | 000,013,472 | ---- | C] () -- C:\WINDOWS\System32\dllcache\HPCRDP.CAT
[2010/06/08 18:24:31 | 000,008,574 | ---- | C] () -- C:\WINDOWS\System32\dllcache\IASNT4.CAT
[2010/06/08 16:12:56 | 000,000,738 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Registry Mechanic.lnk
[2010/06/08 12:49:50 | 000,289,933 | ---- | C] () -- C:\WINDOWS\setupapi.old
[2010/06/07 20:03:10 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 20:03:09 | 000,000,038 | ---- | C] () -- C:\WINDOWS\System32\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 15:20:34 | 000,047,314 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\ifarmed.html
[2010/06/07 15:16:59 | 000,052,736 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Local Settings\Application Data\syssvc.exe
[2010/06/07 15:14:32 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\online_{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 15:14:31 | 000,000,038 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\{057e9947-9434-47b3-aff2-0ead71f883df}
[2010/06/07 15:13:40 | 000,000,324 | -HS- | C] () -- C:\WINDOWS\tasks\Zocoup.job
[2010/05/18 23:18:58 | 000,206,793 | ---- | C] () -- C:\WINDOWS\System32\nvapps.nvb
[2010/05/18 23:18:26 | 000,201,736 | ---- | C] () -- C:\WINDOWS\System32\nvapps.xml
[2010/05/18 23:18:26 | 000,018,725 | ---- | C] () -- C:\WINDOWS\System32\nvdisp.nvu
[2010/05/12 13:16:53 | 000,001,332 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Sharpener-Manual-123.lnk
[2010/05/12 04:40:35 | 000,000,654 | ---- | C] () -- C:\Documents and Settings\Rick Wintermute\Desktop\Core Temp.lnk
[2009/07/14 01:14:20 | 000,027,839 | ---- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2009/07/14 01:14:16 | 000,000,054 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2009/07/14 00:28:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2009/07/14 00:28:04 | 000,002,560 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2009/07/12 14:18:25 | 000,167,936 | R--- | C] () -- C:\WINDOWS\System32\ustor.dll
[2009/07/12 14:18:25 | 000,001,377 | R--- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/07/12 14:18:25 | 000,001,377 | R--- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2009/07/12 14:18:25 | 000,001,377 | R--- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/07/12 14:18:25 | 000,001,376 | R--- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/07/12 14:18:25 | 000,001,376 | R--- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/05/25 21:58:23 | 000,000,003 | ---- | C] () -- C:\WINDOWS\System32\lbab.dll
[2009/02/19 14:13:13 | 000,000,843 | ---- | C] () -- C:\WINDOWS\omupdate.ini
[2009/01/15 08:19:00 | 001,724,416 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2009/01/15 08:19:00 | 001,507,328 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/01/15 08:19:00 | 001,101,824 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2009/01/15 08:19:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/01/01 11:24:41 | 000,000,038 | ---- | C] () -- C:\WINDOWS\AviSplitter.INI
[2008/12/20 16:51:13 | 000,172,032 | ---- | C] () -- C:\WINDOWS\System32\libssl32.dll
[2008/12/20 16:51:04 | 000,233,557 | ---- | C] () -- C:\WINDOWS\System32\esint54.dll
[2008/12/20 16:46:07 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2008/12/20 16:43:23 | 000,000,044 | ---- | C] () -- C:\WINDOWS\PERFV700SERIES.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/05/01 21:28:31 | 000,008,704 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_0C.dll
[2008/05/01 21:28:31 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_10.dll
[2008/05/01 21:28:31 | 000,007,168 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_0402.dll
[2008/05/01 21:28:30 | 000,847,872 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C.Dll
[2008/05/01 21:28:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_0A.dll
[2008/05/01 21:28:30 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_07.dll
[2008/05/01 21:28:30 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_09.dll
[2008/02/20 21:00:12 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2008/02/09 18:49:13 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2008/01/31 18:51:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\mdm.ini
[2008/01/19 10:22:28 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/01/17 22:37:50 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2008/01/15 17:19:53 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/01/14 16:58:47 | 000,024,576 | R--- | C] () -- C:\WINDOWS\System32\AsIO.dll
[2008/01/14 16:58:47 | 000,012,664 | R--- | C] () -- C:\WINDOWS\System32\drivers\AsIO.sys
[2008/01/14 16:58:45 | 000,012,096 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp64.sys
[2008/01/14 16:58:45 | 000,010,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsInsHelp32.sys
[2008/01/14 16:56:11 | 000,038,247 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/01/14 16:56:10 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/01/14 16:55:57 | 000,012,536 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/01/13 20:48:35 | 000,311,296 | R--- | C] () -- C:\WINDOWS\EMCRI_AX.dll
[2007/05/01 16:11:28 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\SaiC075C_11.dll
[2006/11/10 08:08:50 | 000,028,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\ATITool.sys
[2006/10/02 17:25:18 | 000,000,285 | ---- | C] () -- C:\WINDOWS\System32\kill.ini
[2005/12/21 17:57:36 | 000,139,264 | ---- | C] () -- C:\WINDOWS\System32\nsldap32v50.dll
[2005/12/21 17:57:04 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\nsldappr32v50.dll
[2005/12/21 17:54:34 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\nsldapssl32v50.dll
[2004/10/12 00:40:58 | 002,255,360 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2004/10/12 00:39:48 | 000,028,160 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2004/10/12 00:39:08 | 000,110,592 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2004/10/09 00:40:16 | 000,454,144 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2004/10/05 02:16:08 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2004/10/03 11:50:54 | 000,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
< End of report >

OTL Extras logfile created on: 6/10/2010 3:09:04 PM - Run 1
OTL by OldTimer - Version 3.2.6.0 Folder = C:\Documents and Settings\Rick Wintermute\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 85.00% Memory free
6.00 Gb Paging File | 6.00 Gb Available in Paging File | 97.00% Paging File free
Paging file location(s): e:\pagefile.sys 4096 4096 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 139.73 Gb Total Space | 113.58 Gb Free Space | 81.29% Space Free | Partition Type: NTFS
Drive D: | 298.09 Gb Total Space | 255.86 Gb Free Space | 85.83% Space Free | Partition Type: NTFS
Drive E: | 358.29 Gb Total Space | 295.16 Gb Free Space | 82.38% Space Free | Partition Type: NTFS
Drive F: | 340.34 Gb Total Space | 310.03 Gb Free Space | 91.09% Space Free | Partition Type: NTFS
Drive G: | 400.00 Gb Total Space | 156.81 Gb Free Space | 39.20% Space Free | Partition Type: NTFS
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive W: | 34.26 Gb Total Space | 31.66 Gb Free Space | 92.41% Space Free | Partition Type: NTFS

Computer Name: NUKESGIZMO
Current User Name: Rick Wintermute
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [Browse with ACDSee] -- "C:\Program Files\ACDSee32\ACDSee32.exe" "%1" (ACD Systems, Ltd.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9\fs9.exe:*:Enabled:Microsoft Flight Simulator -- File not found
"C:\WINDOWS\system32\dpnsvr.exe" = C:\WINDOWS\system32\dpnsvr.exe:*:Enabled:Microsoft DirectPlay8 Server -- (Microsoft Corporation)
"D:\Microsoft Games\Flight Simulator 9_old\fs9.exe" = D:\Microsoft Games\Flight Simulator 9_old\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"C:\Program Files\Microsoft Games\Flight Simulator 9_old\fs9.exe" = C:\Program Files\Microsoft Games\Flight Simulator 9_old\fs9.exe:*:Enabled:Microsoft Flight Simulator -- (Microsoft Corporation)
"W:\RelicCOH.exe" = W:\RelicCOH.exe:*:Enabled:Company of Heroes - Opposing Fronts -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{6C9FA746-8759-4040-A436-42922CB3492E}" = VistaBootPRO 3.3
"{8AAB4176-A747-493A-A42C-B63CFADFD8E3}" = NVIDIA PhysX
"BestShopping" = BestShopping
"HijackThis" = HijackThis 2.0.2
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"NVIDIA Drivers" = NVIDIA Drivers
"Registry Mechanic_is1" = Registry Mechanic 7.0
"Windows XP Service Pack" = Windows XP Service Pack 3

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/8/2010 8:25:56 PM | Computer Name = NUKESGIZMO | Source = Application Error | ID = 1000
Description = Faulting application whluot.exe, version 0.0.0.0, faulting module
whluot.exe, version 0.0.0.0, fault address 0x00024759.

Error - 6/8/2010 9:20:17 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/8/2010 9:20:17 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/8/2010 9:21:23 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

Error - 6/8/2010 9:21:23 PM | Computer Name = NUKESGIZMO | Source = MSSecurityEssentials | ID = 5000
Description =

[ System Events ]
Error - 6/8/2010 8:13:19 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 6/8/2010 8:13:19 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service SENS with arguments
"" in order to run the server: {D3938AB0-5B9D-11D1-8DD2-00AA004ABD5E}

Error - 6/8/2010 8:15:32 PM | Computer Name = NUKESGIZMO | Source = Setup | ID = 60055
Description = Windows Setup encountered non-fatal errors during installation. Please
check the setuperr.log found in your Windows directory for more informatio

Error - 6/8/2010 9:19:42 PM | Computer Name = NUKESGIZMO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000022'
while processing the file '_851546_' on the volume 'HarddiskVolume4'. It has stopped
monitoring the volume.

Error - 6/8/2010 9:19:43 PM | Computer Name = NUKESGIZMO | Source = Ntfs | ID = 262199
Description = The file system structure on the disk is corrupt and unusable. Please
run the chkdsk utility on the volume W:.

Error - 6/9/2010 4:27:57 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/9/2010 4:29:03 PM | Computer Name = NUKESGIZMO | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AsIO ATITool Fips intelppm magicpvt nvport

Error - 6/9/2010 4:48:12 PM | Computer Name = NUKESGIZMO | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 6/9/2010 4:49:20 PM | Computer Name = NUKESGIZMO | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume1'. It has stopped monitoring
the volume.


< End of report >

And GMER?

here is ark.txt

when do I re-enable emulation?


GMER 1.0.15.15281 - http://www.gmer.net
Rootkit scan 2010-06-10 18:28:03
Windows 5.1.2600 Service Pack 3
Running: gmer.exe; Driver: C:\DOCUME~1\RICKWI~1\LOCALS~1\Temp\kwtoapow.sys


---- Kernel code sections - GMER 1.0.15 ----

.text C:\WINDOWS\system32\DRIVERS\nv4_mini.sys section is writeable [0xB9293360, 0x3535DF, 0xE8000020]
init C:\WINDOWS\system32\drivers\magicpvt.sys entry point in "init" section [0xBA6CB700]

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume1 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume2 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume3 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume4 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume5 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)
AttachedDevice \Driver\Ftdisk \Device\HarddiskVolume6 timntr.sys (Acronis True Image Backup Archive Explorer/Acronis)

---- EOF - GMER 1.0.15 ----

OK... GMER came back clean.

1. Download ComboFix from below:
   
   Combofix download
   
   
   * IMPORTANT !!! Place combofix.exe on your Desktop
   
   
2. Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with ComboFix.
   
   
   You can get help on disabling your protection programs here
   
   
3. Double click on combofix.exe & follow the prompts.
   
   
4. As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
   
   Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.
   
   
   
   
   
   The Windows recovery console will allow you to boot up into a special recovery mode that allows us to help you in the case that your computer has a problem after an attempted removal of malware.
   
   With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal.
   
   Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement.
   
   ComboFix will now automatically install the Microsoft Windows Recovery Console onto your computer, which will show up as a new option when booting up your computer. Do not select the Microsoft Windows Recovery Console option when you start your computer unless requested to by a helper.
   
   Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see a message that says:
   
   The Recovery Console was successfully installed.
   
   
   
   Click on Yes, to continue scanning for malware.
   
   
5. Your desktop may go blank. This is normal. It will return when ComboFix is done. ComboFix may reboot your machine. This is normal.
   
   
6. When finished, it shall produce a log for you. Post that log in your next reply
   
   Note:
   Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
   
   ---------------------------------------------------------------------------------------------
   
   
7. Ensure your AntiVirus and AntiSpyware applications are re-enabled.
   
   ---------------------------------------------------------------------------------------------
   

browser is still hijacked......


ComboFix 10-06-10.03 - Rick Wintermute 06/10/2010 19:46:19.1.4 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2551.2086 [GMT -5:00]
Running from: c:\documents and settings\Rick Wintermute\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Rick Wintermute\Local Settings\Application Data\syssvc.exe
c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Windows Server
c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Windows Server\flags.ini
c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Windows Server\uses32.dat
C:\feed.txt
c:\windows\system32\hlp.dat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_6TO4


((((((((((((((((((((((((( Files Created from 2010-05-11 to 2010-06-11 )))))))))))))))))))))))))))))))
.

2010-06-09 09:56 . 2010-06-09 09:56 -------- d-s---w- c:\documents and settings\rick\UserData
2010-06-09 09:42 . 2010-06-09 09:42 0 ----a-w- c:\windows\nsreg.dat
2010-06-09 09:42 . 2010-06-09 09:42 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Mozilla
2010-06-09 02:00 . 2008-04-14 00:12 1306624 -c----w- c:\windows\system32\dllcache\msxml6.dll
2010-06-09 02:00 . 2008-04-13 17:27 79872 -c----w- c:\windows\system32\dllcache\msxml6r.dll
2010-06-09 02:00 . 2004-08-04 12:00 403 -c----w- c:\windows\system32\dllcache\npdrmv2.zip
2010-06-09 02:00 . 2004-08-04 12:00 22060 -c----w- c:\windows\system32\dllcache\npds.zip
2010-06-09 02:00 . 2008-04-14 00:12 294912 -c----w- c:\windows\system32\dllcache\dlimport.exe
2010-06-09 00:34 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2010-06-09 00:34 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys
2010-06-09 00:15 . 2004-08-04 12:00 48256 -c--a-w- c:\windows\system32\dllcache\w32.dll
2010-06-09 00:15 . 2004-08-04 12:00 41600 -c--a-w- c:\windows\system32\dllcache\weitekp9.dll
2010-06-09 00:15 . 2004-08-04 12:00 31232 -c--a-w- c:\windows\system32\dllcache\weitekp9.sys
2010-06-09 00:15 . 2008-04-14 00:11 86073 -c--a-w- c:\windows\system32\dllcache\voicesub.dll
2010-06-09 00:15 . 2008-04-14 00:11 426041 -c--a-w- c:\windows\system32\dllcache\voicepad.dll
2010-06-09 00:15 . 2008-04-14 00:11 76288 -c--a-w- c:\windows\system32\dllcache\uniime.dll
2010-06-09 00:15 . 2004-08-04 12:00 14336 -c--a-w- c:\windows\system32\dllcache\tsprof.exe
2010-06-09 00:13 . 2001-08-18 03:36 45056 -c--a-w- c:\windows\system32\dllcache\EXCH_aqadmin.dll
2010-06-09 00:13 . 2001-08-18 03:36 5632 -c--a-w- c:\windows\system32\dllcache\EXCH_adsiisex.dll
2010-06-09 00:12 . 2004-08-04 12:00 16384 -c--a-w- c:\windows\system32\dllcache\isignup.exe
2010-06-08 23:24 . 2004-08-04 12:00 24661 -c--a-w- c:\windows\system32\dllcache\spxcoins.dll
2010-06-08 23:24 . 2004-08-04 12:00 24661 ----a-w- c:\windows\system32\spxcoins.dll
2010-06-08 23:24 . 2004-08-04 12:00 13312 -c--a-w- c:\windows\system32\dllcache\irclass.dll
2010-06-08 23:24 . 2004-08-04 12:00 13312 ----a-w- c:\windows\system32\irclass.dll
2010-06-08 22:50 . 2010-06-08 22:51 -------- d-----w- C:\Rick_Reg
2010-06-08 22:04 . 2008-04-29 02:00 288896 ----a-r- c:\windows\system32\drivers\yk51x86.sys
2010-06-08 18:32 . 2010-06-08 18:32 -------- d-----w- c:\windows\system32\wbem\Repository
2010-06-08 14:31 . 2010-06-09 00:34 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2010-06-08 04:14 . 2010-06-08 04:14 -------- d-----w- c:\documents and settings\Rick Wintermute\Application Data\Malwarebytes
2010-06-08 03:54 . 2010-06-08 03:54 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes
2010-06-08 03:54 . 2010-06-08 03:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2010-06-08 02:26 . 2010-06-08 02:26 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\PCHealth
2010-06-07 20:15 . 2010-06-07 20:15 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\BestShopping
2010-06-07 20:14 . 2010-06-09 01:29 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\humtghq
2010-06-07 20:14 . 2010-06-08 01:50 -------- d-----w- c:\documents and settings\All Users\Application Data\Update
2010-06-07 20:13 . 2010-06-07 20:13 71168 --sha-r- c:\windows\system32\encapi5.dll
2010-05-24 20:34 . 2010-05-24 20:34 -------- d-----w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\Walmart MP3 Music Downloads
2010-05-24 20:34 . 2010-05-24 20:34 -------- d-----w- c:\program files\Walmart MP3 Music Downloads
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\windows\system32\AGEIA
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\program files\AGEIA Technologies
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\windows\nview
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- c:\documents and settings\All Users\Application Data\nView_Profiles
2010-05-21 20:20 . 2010-05-21 20:20 -------- d-----w- C:\NVIDIA
2010-05-19 04:18 . 2010-05-21 20:20 -------- d-----w- c:\windows\system32\AGEIA(3)
2010-05-19 04:18 . 2010-05-21 20:20 -------- d-----w- c:\program files\AGEIA Technologies(3)
2010-05-19 04:18 . 2010-05-19 04:20 -------- d-----w- c:\windows\nview(4)
2010-05-19 04:18 . 2010-05-21 20:20 -------- d-----w- C:\NVIDIA(2)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2010-06-11 00:48 . 2008-01-15 15:51 32 ----a-w- c:\windows\system32\driver.dat
2010-06-09 09:55 . 2010-06-09 09:55 -------- d-----w- c:\documents and settings\rick\Application Data\Logitech
2010-06-09 00:54 . 2008-01-14 01:04 51360 ----a-w- c:\documents and settings\Rick Wintermute\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2010-06-09 00:11 . 2008-01-14 00:56 22720 ----a-w- c:\windows\system32\emptyregdb.dat
2010-06-08 22:08 . 2008-12-01 02:19 15160 ----a-w- c:\windows\system32\d3d9caps.dat
2010-06-08 18:36 . 2010-06-08 18:36 311 ---ha-w- c:\windows\nshC2.tmp
2010-06-08 18:21 . 2010-06-08 18:21 431 ---ha-w- c:\windows\nso34.tmp
2010-06-07 14:54 . 2010-04-07 23:10 20 ---h--w- c:\documents and settings\All Users\Application Data\PKP_DLbx.DAT
2010-05-24 12:27 . 2009-08-16 22:35 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2010-05-17 13:26 . 2008-01-16 10:14 -------- d-----w- c:\program files\FairUse Wizard 2
2010-05-16 18:16 . 2008-01-15 16:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2010-05-12 09:40 . 2008-01-14 02:02 -------- d-----w- c:\program files\core temp99.5
2010-05-12 08:41 . 2008-01-15 14:03 -------- d-----w- c:\program files\super pi mod1.5
2010-05-01 00:23 . 2008-01-15 14:52 -------- d-----w- c:\program files\Paint Shop Pro 5
2010-04-23 22:00 . 2010-04-23 22:00 -------- d-----w- c:\program files\CPUID
2010-04-07 23:24 . 2010-04-07 23:12 49152 ----a-r- c:\documents and settings\Rick Wintermute\Application Data\Microsoft\Installer\{D2FCC1AE-6311-47C5-8130-C6C66D77DD71}\ARPPRODUCTICON.exe
2010-04-07 23:23 . 2008-12-19 12:24 57344 ----a-r- c:\documents and settings\Rick Wintermute\Application Data\Microsoft\Installer\{87441A59-5E64-4096-A170-14EFE67200C3}\ARPPRODUCTICON.exe
2010-04-07 20:23 . 2008-01-14 01:01 76487 ----a-w- c:\windows\pchealth\helpctr\OfflineCache\index.dat
2010-03-31 04:38 . 2010-04-23 22:00 20968 ----a-w- c:\windows\system32\drivers\cpuz133_x32.sys
2008-05-07 18:00 . 2008-01-15 11:47 4226 ----a-w- c:\program files\Banks.htm
2008-01-15 15:33 . 2008-01-15 15:33 61 --sha-w- c:\windows\cnerolf.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2006-05-10 94208]
"Launch LCDMon"="c:\program files\Logitech\GamePanel Software\LCD Manager\LCDMon.exe" [2007-12-13 2051096]
"Launch LGDCore"="c:\program files\Logitech\GamePanel Software\G-series Software\LGDCore.exe" [2007-12-13 2095640]
"TrueImageMonitor.exe"="c:\program files\Acronis\TrueImageHome\TrueImageMonitor.exe" [2006-12-01 1115317]
"Acronis Scheduler2 Service"="c:\program files\Common Files\Acronis\Schedule2\schedhlp.exe" [2006-12-01 135168]
"UMonit"="c:\windows\system32\UMonit.exe" [2008-02-12 200704]
"CTxfiHlp"="CTXFIHLP.EXE" [2009-07-14 24576]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"nwiz"="nwiz.exe" [2009-01-15 1657376]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2010-04-02 40368]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-03-24 952768]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-1-13 593920]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\system32\\dpnsvr.exe"=
"d:\\Microsoft Games\\Flight Simulator 9_old\\fs9.exe"=
"c:\\Program Files\\Microsoft Games\\Flight Simulator 9_old\\fs9.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\WINDOWS\\system32\\spoolsv.exe"=

R1 magicpvt;magicpvt;c:\windows\system32\drivers\magicpvt.sys [1/15/2008 10:51 AM 9728]
R2 cpuz133;cpuz133;c:\windows\system32\drivers\cpuz133_x32.sys [4/23/2010 5:00 PM 20968]
R2 LBeepKE;LBeepKE;c:\windows\system32\drivers\LBeepKE.sys [1/13/2008 8:14 PM 3712]
S0 ntfpdzm;ntfpdzm; [x]
S3 ALSysIO;ALSysIO;\??\c:\docume~1\RICKWI~1\LOCALS~1\Temp\ALSysIO.sys --> c:\docume~1\RICKWI~1\LOCALS~1\Temp\ALSysIO.sys [?]
S3 AmbFilt;AmbFilt;c:\windows\system32\drivers\Ambfilt.sys [12/12/2008 6:20 PM 1683712]
S3 ASPI;Advanced SCSI Programming Interface Driver;c:\windows\system32\drivers\ASPI32.SYS [1/15/2010 6:19 PM 16512]
S3 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [3/27/2010 1:37 PM 79360]
S3 ct20xflt;ct20xflt;c:\windows\system32\drivers\ct20xflt.sys [7/14/2009 2:53 AM 1811224]
S3 CT20XUT.SYS;CT20XUT.SYS;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 198168]
S3 CT20XUT;CT20XUT;c:\windows\system32\drivers\CT20XUT.sys [5/9/2008 3:15 PM 198168]
S3 CTEXFIFX.SYS;CTEXFIFX.SYS;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1353240]
S3 CTEXFIFX;CTEXFIFX;c:\windows\system32\drivers\CTEXFIFX.sys [5/9/2008 3:14 PM 1353240]
S3 CTHWIUT.SYS;CTHWIUT.SYS;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 73752]
S3 CTHWIUT;CTHWIUT;c:\windows\system32\drivers\CTHWIUT.sys [5/9/2008 3:15 PM 73752]
S3 EUCR;ENE USB Mass Storage;c:\windows\system32\drivers\EUCR6SK.sys [1/13/2008 8:48 PM 42240]
S3 FIXUSTOR;FIXUSTOR;c:\windows\system32\drivers\fixustor.sys [7/12/2009 2:18 PM 12416]
S3 ha20x22k;Creative 20X2 HAL Driver;c:\windows\system32\drivers\ha20x22k.sys [1/24/2009 2:02 PM 1227800]
S3 SaiH075C;SaiH075C;c:\windows\system32\drivers\SaiH075C.sys [5/1/2008 9:28 PM 132232]
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uInternet Settings,ProxyServer = http=127.0.0.1:1044
uInternet Settings,ProxyOverride =
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Rick Wintermute\Application Data\Mozilla\Firefox\Profiles\sjw5spt1.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com/
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("ui.use_native_colors", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.auth.force-generic-ntlm", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("svg.smil.enabled", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.allow_unrestricted_renego_everywhere__temporarily_available_pref", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.renego_unrestricted_hosts", "");
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.treat_unsafe_negotiation_as_broken", false);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl.require_safe_negotiation", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.name", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.{972ce4c6-7e08-4474-a285-3208198ce6fd}.description", "chrome://browser/locale/browser.properties");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("plugins.update.notifyUser", false);
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-NWEReboot - (no file)
HKLM-Run-RegistryMechanic - (no file)
AddRemove-HijackThis - c:\documents and settings\Rick Wintermute\Desktop\HijackThis.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2010-06-10 19:49
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(660)
c:\windows\system32\relog_ap.dll

- - - - - - - > 'explorer.exe'(4004)
c:\program files\Logitech\SetPoint\lgscroll.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\rundll32.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Logitech\GamePanel Software\LCD Manager\Applets\LCDClock.exe
c:\windows\system32\RUNDLL32.EXE
c:\program files\Common Files\Acronis\Schedule2\schedul2.exe
c:\program files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
c:\program files\Common Files\Logitech\KhalShared\KHALMNPR.EXE
c:\windows\SYSTEM32\astsrv.exe
c:\program files\Diskeeper Corporation\Diskeeper\DkService.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\imapi.exe
.
**************************************************************************
.
Completion time: 2010-06-10 19:51:11 - machine was rebooted
ComboFix-quarantined-files.txt 2010-06-11 00:51

Pre-Run: 121,867,534,336 bytes free
Post-Run: 121,756,971,008 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

- - End Of File - - 316C32D7EA64A5957EF7720087FAE330

Here's why your PC is being infected.

Looking over your log it seems you don't have any evidence of an anti-virus software.

Anti-virus software are programs that detect cleans and erase harmful virus files on a computer
Web server or network. Unchecked virus files can unintentionally be forwarded to others including trading partners and thereby spreading infection. Because new viruses regularly emerge anti-virus software should be updated frequently. Anti-virus software can scan the computer memory and disk drives for malicious code. They can alert the user if a virus is present and will clean delete (or quarantine) infected files or directories. Please download a free anti-virus software from one these excellent vendors NOW:

• Avira AntiVir Personal - Free anti-virus software for Windows. Detects and removes more than 50000 viruses. Free support.
  
• avast! 5 Home Edition - Anti-virus program for Windows. The home edition is freeware for noncommercial users.
  

Then we'll start from there, because it really makes no sense otherwise that we clean this up manually if an Antivirusscan is not present which should be able to deal with most and prevent further reinfection.

Be sure to install just one. I use avira on my PC. Then:

Download Security Check from here or here.

• Save it to your Desktop.
  
• Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.
  

My browser is no longer hijacked.

Should I create a new restore point???

Should I use defogger to restart emulation now???

nuclearjock wrote:

My browser is no longer hijacked.

Should I create a new restore point???

Should I use defogger to restart emulation now???

No. Please post Security Check

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Results of screen317's Security Check version 0.99.4
Windows XP Service Pack 3
Internet Explorer 6 Out of date!
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Mozilla Firefox (3.6.3)
````````````````````````````````
Process Check:
objlist.exe by Laurent
````````````````````````````````
DNS Vulnerability Check:
GREAT! (Not vulnerable to DNS cache poisoning)

``````````End of Log````````````

Are you going to installed a Anti-virus software? That I recommend so this will not happen again. Before we move on?

Avira AntiVir Personal - Free Antivirus Updater
Engine/VDF update

Creation time: Fri Jun 11 07:05:45 2010


Operating system:
Windows XP (Service Pack 3) [5.1.2600] 32 bit

Product information:
Product version: 10.0.0.567
Updater: C:\Program Files\Avira\AntiVir Desktop\update.exe 10.0.0.29
Update resource: C:\Program Files\Avira\AntiVir Desktop\updaterc.dll 10.0.9.0
Library: C:\Program Files\Avira\AntiVir Desktop\update.dll 0.1.0.44
Plugin: C:\Program Files\Avira\AntiVir Desktop\updext.dll 10.0.0.8
GUI: C:\Program Files\Avira\AntiVir Desktop\updgui.dll 10.0.2.0

Temp Directory: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\
Backup folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP\
Installation Directory: C:\Program Files\Avira\AntiVir Desktop\
Updater folder: C:\Program Files\Avira\AntiVir Desktop\
AppData folder: C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\

Proxy settings:
System settings used

7:05:45 [UPD] [INFO] Checking whether newer files are available.
7:06:00 [UPD] [INFO] Select update server 'http://personal.avira-update.com/update'.
7:06:00 [UPD] [INFO] Downloading of 'http://personal.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
7:06:15 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://personal.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
7:06:15 [UPDLIB] [ERROR] Retry...
7:06:15 [UPD] [INFO] Downloading of 'http://personal.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
7:06:30 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://personal.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
7:06:30 [UPDLIB] [ERROR] Retry...
7:06:30 [UPD] [INFO] Downloading of 'http://personal.avira-update.com/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
7:06:45 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://personal.avira-update.com/update/idx/master.idx' failed. Error: The server name or address could not be resolved
7:07:00 [UPD] [INFO] Select update server 'http://personal.avira-update.net/update'.
7:07:00 [UPD] [INFO] Downloading of 'http://personal.avira-update.net/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
7:07:15 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://personal.avira-update.net/update/idx/master.idx' failed. Error: The server name or address could not be resolved
7:07:15 [UPDLIB] [ERROR] Retry...
7:07:15 [UPD] [INFO] Downloading of 'http://personal.avira-update.net/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
7:07:30 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://personal.avira-update.net/update/idx/master.idx' failed. Error: The server name or address could not be resolved
7:07:30 [UPDLIB] [ERROR] Retry...
7:07:30 [UPD] [INFO] Downloading of 'http://personal.avira-update.net/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
7:07:45 [UPDLIB] [ERROR] Download manager: The function WinINet::HttpSendRequest() 'http://personal.avira-update.net/update/idx/master.idx' failed. Error: The server name or address could not be resolved
7:07:45 [UPD] [INFO] Select update server 'http://62.146.66.184/update'.
7:07:45 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/master.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\master.idx'.
7:07:46 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/wks_avira10-win32-en-pecl.idx' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pecl.idx'.
7:07:46 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/wks_avira10-win32-en-pecl.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pecl.info.gz'.
7:07:46 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/vdf.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\vdf.info.gz'.
7:07:46 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/rdf-common-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\rdf-common-int.info.gz'.
7:07:46 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/ave2-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\ave2-win32-int.info.gz'.
7:07:47 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/wks_avira10-win32-en-pecl-info.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\wks_avira10-win32-en-pecl-info.info.gz'.
7:07:47 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/hips-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\hips-win32-int.info.gz'.
7:07:47 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/idx/scanner-win32-int.info.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\idx\scanner-win32-int.info.gz'.
7:07:47 [UPD] [INFO] Compare local files with status of update server
7:07:47 [UPD] [INFO] Product-info file: Executing mandatory product update initiated by Avira.
7:07:47 [UPD] [INFO] Checking module SELFUPDATE:
7:07:47 [UPD] [INFO] Checking module VDF:
7:07:47 [UPD] [INFO] File 'n_vdf/vbase005.vdf' (local, server): 7.10.4.204 < 7.10.6.82
7:07:47 [UPD] [INFO] File 'n_vdf/vbase006.vdf' (local, server): 7.10.4.205 < 7.10.7.218
7:07:47 [UPD] [INFO] File 'n_vdf/vbase007.vdf' (local, server): 7.10.4.206 < 7.10.7.219
7:07:47 [UPD] [INFO] File 'n_vdf/vbase008.vdf' (local, server): 7.10.4.207 < 7.10.7.220
7:07:47 [UPD] [INFO] File 'n_vdf/vbase009.vdf' (local, server): 7.10.4.208 < 7.10.7.221
7:07:47 [UPD] [INFO] File 'n_vdf/vbase010.vdf' (local, server): 7.10.4.209 < 7.10.7.222
7:07:47 [UPD] [INFO] File 'n_vdf/vbase011.vdf' (local, server): 7.10.4.210 < 7.10.7.223
7:07:47 [UPD] [INFO] File 'n_vdf/vbase012.vdf' (local, server): 7.10.4.211 < 7.10.7.224
7:07:47 [UPD] [INFO] File 'n_vdf/vbase013.vdf' (local, server): 7.10.4.242 < 7.10.8.37
7:07:47 [UPD] [INFO] File 'n_vdf/vbase014.vdf' (local, server): 7.10.5.17 < 7.10.8.38
7:07:47 [UPD] [INFO] File 'n_vdf/vbase015.vdf' (local, server): 7.10.5.44 < 7.10.8.39
7:07:47 [UPD] [INFO] File 'n_vdf/vbase016.vdf' (local, server): 7.10.5.69 < 7.10.8.40
7:07:47 [UPD] [INFO] File 'n_vdf/vbase017.vdf' (local, server): 7.10.5.91 < 7.10.8.41
7:07:47 [UPD] [INFO] File 'n_vdf/vbase018.vdf' (local, server): 7.10.5.121 < 7.10.8.42
7:07:47 [UPD] [INFO] File 'n_vdf/vbase019.vdf' (local, server): 7.10.5.138 < 7.10.8.43
7:07:47 [UPD] [INFO] File 'n_vdf/vbase020.vdf' (local, server): 7.10.5.164 < 7.10.8.44
7:07:47 [UPD] [INFO] File 'n_vdf/vbase021.vdf' (local, server): 7.10.5.182 < 7.10.8.45
7:07:47 [UPD] [INFO] File 'n_vdf/vbase022.vdf' (local, server): 7.10.5.199 < 7.10.8.46
7:07:47 [UPD] [INFO] File 'n_vdf/vbase023.vdf' (local, server): 7.10.5.217 < 7.10.8.47
7:07:47 [UPD] [INFO] File 'n_vdf/vbase024.vdf' (local, server): 7.10.5.234 < 7.10.8.48
7:07:47 [UPD] [INFO] File 'n_vdf/vbase025.vdf' (local, server): 7.10.5.254 < 7.10.8.49
7:07:47 [UPD] [INFO] File 'n_vdf/vbase026.vdf' (local, server): 7.10.6.18 < 7.10.8.50
7:07:47 [UPD] [INFO] File 'n_vdf/vbase027.vdf' (local, server): 7.10.6.34 < 7.10.8.51
7:07:47 [UPD] [INFO] File 'n_vdf/vbase028.vdf' (local, server): 7.10.6.44 < 7.10.8.52
7:07:47 [UPD] [INFO] File 'n_vdf/vbase029.vdf' (local, server): 7.10.6.60 < 7.10.8.53
7:07:47 [UPD] [INFO] File 'n_vdf/vbase030.vdf' (local, server): 7.10.6.61 < 7.10.8.54
7:07:47 [UPD] [INFO] File 'n_vdf/vbase031.vdf' (local, server): 7.10.6.62 < 7.10.8.59
7:07:47 [UPD] [INFO] File 'n_vdf/aevdf.dat' (local, server): 7.10.6.62 < 7.10.8.59
7:07:47 [UPD] [INFO] Checking module RDF:
7:07:47 [UPD] [INFO] File 'rdf/common/int/antivir0.rdf' (local, server): 1.0.0.33 < 10.0.0.39
7:07:47 [UPD] [INFO] Checking module AVE2:
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aebb.dll' (local, server): 8.1.0.3 < 8.1.1.0
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aecore.dll' (local, server): 8.1.13.1 < 8.1.15.3
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aeemu.dll' (local, server): 8.1.1.0 < 8.1.2.0
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aegen.dll' (local, server): 8.1.3.6 < 8.1.3.10
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aehelp.dll' (local, server): 8.1.11.3 < 8.1.11.5
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aeheur.dll' (local, server): 8.1.1.16 < 8.1.1.33
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aeoffice.dll' (local, server): 8.1.0.41 < 8.1.1.0
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aerdl.dll' (local, server): 8.1.4.3 < 8.1.4.6
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aescn.dll' (local, server): 8.1.5.0 < 8.1.6.1
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aescript.dll' (local, server): 8.1.3.24 < 8.1.3.31
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aevdf.dll' (local, server): 8.1.1.3 < 8.1.2.0
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aesbx.dll' (local, server): 8.1.2.1 < 8.1.3.1
7:07:47 [UPD] [INFO] File 'ave2/win32/int/aeset.dat' (local, server): 8.2.1.210 < 8.2.2.6
7:07:47 [UPD] [INFO] Checking module MAIN:
7:07:47 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/filelist.ini'. The file will therefore not be taken into account.
7:07:47 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/insthlp.exe'. The file will therefore not be taken into account.
7:07:47 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/presetup.exe'. The file will therefore not be taken into account.
7:07:47 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/quicksysscan.avp' is already installed and is not being updated.
7:07:47 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/vcredist_x86.exe'. The file will therefore not be taken into account.
7:07:47 [UPD] [INFO] Checking module COMMAPPDATA_AV:
7:07:47 [UPD] [INFO] File'wks_avira10/win32/en/pecl/addr_file.html' is already installed and is not being updated.
7:07:47 [UPD] [INFO] Checking module COMMAPP:
7:07:47 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/produpd.avj' is already installed and is not being updated.
7:07:47 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/scanjob.avj' is already installed and is not being updated.
7:07:47 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/startupd.avj' is already installed and is not being updated.
7:07:47 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/updjob.avj' is already installed and is not being updated.
7:07:47 [UPD] [INFO] Checking module COMMAPDATA_AV_PROFILES:
7:07:47 [UPD] [INFO] File'wks_avira10/win32/en/pecl/en-us/folder.avp' is already installed and is not being updated.
7:07:47 [UPD] [INFO] Checking module TEXT:
7:07:47 [UPD] [INFO] The IGNORE flag is set for the file 'wks_avira10/win32/en/pecl/en-us/eula.txt'. The file will therefore not be taken into account.
7:07:47 [UPD] [INFO] Checking module DRV:
7:07:47 [UPD] [INFO] Checking module PRODINFO:
7:07:47 [UPD] [INFO] Checking module HIPS:
7:07:47 [UPD] [INFO] Checking module SCANNER:
7:07:47 [UPD] [INFO] Checking dependencies for product update mode.
7:07:47 [UPD] [INFO] Dependencies have been executed.
7:07:47 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\BACKUP' requires 9063111 bytes of free disk space.
7:07:47 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE' requires 23719061 bytes of free disk space.
7:07:47 [UPD] [INFO] 'C:\Program Files\Avira\AntiVir Desktop' requires 12008330 bytes of free disk space.
7:07:47 [UPD] [INFO] Disk space OK.
7:07:47 [UPD] [INFO] Drive: C:\, free capacity: 1205874688 bytes.
7:07:47 [UPD] [INFO] New files are being downloaded...
7:07:47 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase005.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase005.vdf.gz'.
7:07:54 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase006.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase006.vdf.gz'.
7:08:00 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase007.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase007.vdf.gz'.
7:08:00 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase008.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase008.vdf.gz'.
7:08:00 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase009.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase009.vdf.gz'.
7:08:00 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase010.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase010.vdf.gz'.
7:08:00 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase011.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase011.vdf.gz'.
7:08:01 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase012.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase012.vdf.gz'.
7:08:01 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase013.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase013.vdf.gz'.
7:08:01 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase014.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase014.vdf.gz'.
7:08:02 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase015.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase015.vdf.gz'.
7:08:02 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase016.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase016.vdf.gz'.
7:08:02 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase017.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase017.vdf.gz'.
7:08:02 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase018.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase018.vdf.gz'.
7:08:02 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase019.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase019.vdf.gz'.
7:08:02 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase020.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase020.vdf.gz'.
7:08:02 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase021.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase021.vdf.gz'.
7:08:03 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase022.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase022.vdf.gz'.
7:08:03 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase023.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase023.vdf.gz'.
7:08:03 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase024.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase024.vdf.gz'.
7:08:03 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase025.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase025.vdf.gz'.
7:08:03 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase026.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase026.vdf.gz'.
7:08:03 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase027.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase027.vdf.gz'.
7:08:03 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase028.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase028.vdf.gz'.
7:08:04 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase029.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase029.vdf.gz'.
7:08:04 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase030.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase030.vdf.gz'.
7:08:04 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/vbase031.vdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\vbase031.vdf.gz'.
7:08:04 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/n_vdf/aevdf.dat.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\n_vdf\aevdf.dat.gz'.
7:08:04 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/rdf/common/int/antivir0.rdf.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\rdf\common\int\antivir0.rdf.gz'.
7:08:05 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aebb.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aebb.dll.gz'.
7:08:05 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aecore.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aecore.dll.gz'.
7:08:05 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aeemu.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeemu.dll.gz'.
7:08:06 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aegen.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aegen.dll.gz'.
7:08:07 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aehelp.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aehelp.dll.gz'.
7:08:07 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aeheur.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeheur.dll.gz'.
7:08:10 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aeoffice.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeoffice.dll.gz'.
7:08:10 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aerdl.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aerdl.dll.gz'.
7:08:11 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aescn.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescn.dll.gz'.
7:08:11 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aescript.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aescript.dll.gz'.
7:08:13 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aevdf.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aevdf.dll.gz'.
7:08:13 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aesbx.dll.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aesbx.dll.gz'.
7:08:13 [UPD] [INFO] Downloading of 'http://62.146.66.184/update/ave2/win32/int/aeset.dat.gz' to 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\ave2\win32\int\aeset.dat.gz'.
7:08:13 [UPD] [INFO] The program is running as an unrestricted full version.
7:08:19 [UPD] [INFO] The engine was successfully validated.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase005.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase005.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase006.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase006.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase007.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase007.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase008.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase008.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase009.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase009.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase010.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase010.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase011.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase011.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase012.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase012.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase013.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase013.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase014.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase014.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase015.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase015.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase016.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase016.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase017.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase017.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase018.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase018.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase019.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase019.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase020.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase020.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase021.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase021.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase022.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase022.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase023.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase023.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase024.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase024.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase025.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase025.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase026.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase026.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase027.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase027.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase028.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase028.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase029.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase029.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase030.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase030.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\vbase031.vdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\vbase031.vdf'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\n_vdf\aevdf.dat' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aevdf.dat'.
7:08:19 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\rdf\common\int\antivir0.rdf' was copied to 'C:\Program Files\Avira\AntiVir Desktop\antivir0.rdf'.
7:08:20 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aebb.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aebb.dll'.
7:08:21 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aecore.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aecore.dll'.
7:08:22 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aeemu.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aeemu.dll'.
7:08:23 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aegen.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aegen.dll'.
7:08:24 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aehelp.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aehelp.dll'.
7:08:25 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aeheur.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aeheur.dll'.
7:08:26 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aeoffice.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aeoffice.dll'.
7:08:27 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aerdl.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aerdl.dll'.
7:08:28 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aescn.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aescn.dll'.
7:08:29 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aescript.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aescript.dll'.
7:08:30 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aevdf.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aevdf.dll'.
7:08:31 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aesbx.dll' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aesbx.dll'.
7:08:31 [UPD] [INFO] 'C:\Documents and Settings\All Users\Application Data\Avira\AntiVir Desktop\TEMP\UPDATE\.\ave2\win32\int\aeset.dat' was copied to 'C:\Program Files\Avira\AntiVir Desktop\aeset.dat'.
7:08:34 [UPD] [INFO] Re-initialization of Avira AntiVir Guard was successful.


Summary:
********
42 Files downloaded
42 Files installed
Downloaded file(s): vbase005.vdf 7.10.6.82; vbase006.vdf 7.10.7.218; vbase007.vdf 7.10.7.219; vbase008.vdf 7.10.7.220; vbase009.vdf 7.10.7.221; vbase010.vdf 7.10.7.222; vbase011.vdf 7.10.7.223;
vbase012.vdf 7.10.7.224; vbase013.vdf 7.10.8.37; vbase014.vdf 7.10.8.38; vbase015.vdf 7.10.8.39; vbase016.vdf 7.10.8.40; vbase017.vdf 7.10.8.41; vbase018.vdf 7.10.8.42;
vbase019.vdf 7.10.8.43; vbase020.vdf 7.10.8.44; vbase021.vdf 7.10.8.45; vbase022.vdf 7.10.8.46; vbase023.vdf 7.10.8.47; vbase024.vdf 7.10.8.48; vbase025.vdf 7.10.8.49;
vbase026.vdf 7.10.8.50; vbase027.vdf 7.10.8.51; vbase028.vdf 7.10.8.52; vbase029.vdf 7.10.8.53; vbase030.vdf 7.10.8.54; vbase031.vdf 7.10.8.59; aevdf.dat 7.10.8.59;
antivir0.rdf 10.0.0.39; aebb.dll 8.1.1.0; aecore.dll 8.1.15.3; aeemu.dll 8.1.2.0; aegen.dll 8.1.3.10; aehelp.dll 8.1.11.5; aeheur.dll 8.1.1.33;
aeoffice.dll 8.1.1.0; aerdl.dll 8.1.4.6; aescn.dll 8.1.6.1; aescript.dll 8.1.3.31; aevdf.dll 8.1.2.0; aesbx.dll 8.1.3.1; aeset.dat 8.2.2.6;


Fri Jun 11 07:08:35 2010
The update was carried out successfully!

***********************************************************************************


Avira AntiVir Personal
Report file date: Friday, June 11, 2010 07:09

Scanning for 2205030 virus strains and unwanted programs.

The program is running as an unrestricted full version.
Online services are available:

Licensee : Avira AntiVir Personal - FREE Antivirus
Serial number : 0000149996-ADJIE-0000001
Platform : Windows XP
Windows version : (Service Pack 3) [5.1.2600]
Boot mode : Normally booted
Username : Rick Wintermute
Computer name : NUKESGIZMO

Version information:
BUILD.DAT : 10.0.0.567 32097 Bytes 4/19/2010 15:07:00
AVSCAN.EXE : 10.0.3.0 433832 Bytes 4/1/2010 18:37:38
AVSCAN.DLL : 10.0.3.0 46440 Bytes 4/1/2010 18:57:04
LUKE.DLL : 10.0.2.3 104296 Bytes 3/8/2010 00:33:04
LUKERES.DLL : 10.0.0.1 12648 Bytes 2/11/2010 05:40:49
VBASE000.VDF : 7.10.0.0 19875328 Bytes 11/6/2009 15:05:36
VBASE001.VDF : 7.10.1.0 1372672 Bytes 11/19/2009 01:27:49
VBASE002.VDF : 7.10.3.1 3143680 Bytes 1/20/2010 23:37:42
VBASE003.VDF : 7.10.3.75 996864 Bytes 1/26/2010 22:37:42
VBASE004.VDF : 7.10.4.203 1579008 Bytes 3/5/2010 17:29:03
VBASE005.VDF : 7.10.6.82 2494464 Bytes 4/15/2010 12:07:54
VBASE006.VDF : 7.10.7.218 2294784 Bytes 6/2/2010 12:08:00
VBASE007.VDF : 7.10.7.219 2048 Bytes 6/2/2010 12:08:00
VBASE008.VDF : 7.10.7.220 2048 Bytes 6/2/2010 12:08:00
VBASE009.VDF : 7.10.7.221 2048 Bytes 6/2/2010 12:08:00
VBASE010.VDF : 7.10.7.222 2048 Bytes 6/2/2010 12:08:00
VBASE011.VDF : 7.10.7.223 2048 Bytes 6/2/2010 12:08:01
VBASE012.VDF : 7.10.7.224 2048 Bytes 6/2/2010 12:08:01
VBASE013.VDF : 7.10.8.37 270336 Bytes 6/10/2010 12:08:01
VBASE014.VDF : 7.10.8.38 2048 Bytes 6/10/2010 12:08:02
VBASE015.VDF : 7.10.8.39 2048 Bytes 6/10/2010 12:08:02
VBASE016.VDF : 7.10.8.40 2048 Bytes 6/10/2010 12:08:02
VBASE017.VDF : 7.10.8.41 2048 Bytes 6/10/2010 12:08:02
VBASE018.VDF : 7.10.8.42 2048 Bytes 6/10/2010 12:08:02
VBASE019.VDF : 7.10.8.43 2048 Bytes 6/10/2010 12:08:02
VBASE020.VDF : 7.10.8.44 2048 Bytes 6/10/2010 12:08:02
VBASE021.VDF : 7.10.8.45 2048 Bytes 6/10/2010 12:08:03
VBASE022.VDF : 7.10.8.46 2048 Bytes 6/10/2010 12:08:03
VBASE023.VDF : 7.10.8.47 2048 Bytes 6/10/2010 12:08:03
VBASE024.VDF : 7.10.8.48 2048 Bytes 6/10/2010 12:08:03
VBASE025.VDF : 7.10.8.49 2048 Bytes 6/10/2010 12:08:03
VBASE026.VDF : 7.10.8.50 2048 Bytes 6/10/2010 12:08:03
VBASE027.VDF : 7.10.8.51 2048 Bytes 6/10/2010 12:08:03
VBASE028.VDF : 7.10.8.52 2048 Bytes 6/10/2010 12:08:04
VBASE029.VDF : 7.10.8.53 2048 Bytes 6/10/2010 12:08:04
VBASE030.VDF : 7.10.8.54 2048 Bytes 6/10/2010 12:08:04
VBASE031.VDF : 7.10.8.59 34304 Bytes 6/11/2010 12:08:04
Engineversion : 8.2.2.6
AEVDF.DLL : 8.1.2.0 106868 Bytes 6/11/2010 12:08:13
AESCRIPT.DLL : 8.1.3.31 1352058 Bytes 6/11/2010 12:08:13
AESCN.DLL : 8.1.6.1 127347 Bytes 6/11/2010 12:08:11
AESBX.DLL : 8.1.3.1 254324 Bytes 6/11/2010 12:08:13
AERDL.DLL : 8.1.4.6 541043 Bytes 6/11/2010 12:08:11
AEPACK.DLL : 8.2.1.1 426358 Bytes 3/19/2010 18:34:51
AEOFFICE.DLL : 8.1.1.0 201081 Bytes 6/11/2010 12:08:10
AEHEUR.DLL : 8.1.1.33 2724214 Bytes 6/11/2010 12:08:10
AEHELP.DLL : 8.1.11.5 242038 Bytes 6/11/2010 12:08:07
AEGEN.DLL : 8.1.3.10 377205 Bytes 6/11/2010 12:08:07
AEEMU.DLL : 8.1.2.0 393588 Bytes 6/11/2010 12:08:06
AECORE.DLL : 8.1.15.3 192886 Bytes 6/11/2010 12:08:05
AEBB.DLL : 8.1.1.0 53618 Bytes 6/11/2010 12:08:05
AVWINLL.DLL : 10.0.0.0 19304 Bytes 1/14/2010 18:03:38
AVPREF.DLL : 10.0.0.0 44904 Bytes 1/14/2010 18:03:35
AVREP.DLL : 10.0.0.8 62209 Bytes 2/18/2010 22:47:40
AVREG.DLL : 10.0.3.0 53096 Bytes 4/1/2010 18:35:46
AVSCPLR.DLL : 10.0.3.0 83816 Bytes 4/1/2010 18:39:51
AVARKT.DLL : 10.0.0.14 227176 Bytes 4/1/2010 18:22:13
AVEVTLOG.DLL : 10.0.0.8 203112 Bytes 1/26/2010 15:53:30
SQLITE3.DLL : 3.6.19.0 355688 Bytes 1/28/2010 18:57:58
AVSMTP.DLL : 10.0.0.17 63848 Bytes 3/16/2010 21:38:56
NETNT.DLL : 10.0.0.0 11624 Bytes 2/19/2010 20:41:00
RCIMAGE.DLL : 10.0.0.26 2550120 Bytes 1/28/2010 19:10:20
RCTEXT.DLL : 10.0.53.0 97128 Bytes 4/9/2010 20:14:29

Configuration settings for the scan:
Jobname.............................: Short system scan after installation
Configuration file..................: c:\program files\avira\antivir desktop\setupprf.dat
Logging.............................: low
Primary action......................: interactive
Secondary action....................: ignore
Scan master boot sector.............: on
Scan boot sector....................: on
Process scan........................: on
Scan registry.......................: on
Search for rootkits.................: off
Integrity checking of system files..: off
Scan all files......................: Intelligent file selection
Scan archives.......................: on
Recursion depth.....................: 20
Smart extensions....................: on
Macro heuristic.....................: on
File heuristic......................: medium

Start of the scan: Friday, June 11, 2010 07:09

The scan of running processes will be started
Scan process 'avscan.exe' - '1' Module(s) have been scanned
Scan process 'avcenter.exe' - '1' Module(s) have been scanned
Scan process 'avconfig.exe' - '1' Module(s) have been scanned
Scan process 'avgnt.exe' - '1' Module(s) have been scanned
Scan process 'sched.exe' - '1' Module(s) have been scanned
Scan process 'avshadow.exe' - '1' Module(s) have been scanned
Scan process 'avguard.exe' - '1' Module(s) have been scanned
Scan process 'setup.exe' - '1' Module(s) have been scanned
Scan process 'msiexec.exe' - '1' Module(s) have been scanned
Scan process 'presetup.exe' - '1' Module(s) have been scanned
Scan process 'avira_antivir_personal_en.exe' - '1' Module(s) have been scanned
Scan process 'alg.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'nvsvc32.exe' - '1' Module(s) have been scanned
Scan process 'DkService.exe' - '1' Module(s) have been scanned
Scan process 'astsrv.exe' - '1' Module(s) have been scanned
Scan process 'PhotoshopElementsFileAgent.exe' - '1' Module(s) have been scanned
Scan process 'schedul2.exe' - '1' Module(s) have been scanned
Scan process 'KHALMNPR.EXE' - '1' Module(s) have been scanned
Scan process 'SetPoint.exe' - '1' Module(s) have been scanned
Scan process 'LCDClock.exe' - '1' Module(s) have been scanned
Scan process 'RUNDLL32.EXE' - '1' Module(s) have been scanned
Scan process 'CTXFIHLP.EXE' - '1' Module(s) have been scanned
Scan process 'UMonit.exe' - '1' Module(s) have been scanned
Scan process 'schedhlp.exe' - '1' Module(s) have been scanned
Scan process 'TrueImageMonitor.exe' - '1' Module(s) have been scanned
Scan process 'LGDCore.exe' - '1' Module(s) have been scanned
Scan process 'LCDMon.exe' - '1' Module(s) have been scanned
Scan process 'Explorer.EXE' - '1' Module(s) have been scanned
Scan process 'CTAudSvc.exe' - '1' Module(s) have been scanned
Scan process 'spoolsv.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'svchost.exe' - '1' Module(s) have been scanned
Scan process 'lsass.exe' - '1' Module(s) have been scanned
Scan process 'services.exe' - '1' Module(s) have been scanned
Scan process 'winlogon.exe' - '1' Module(s) have been scanned
Scan process 'csrss.exe' - '1' Module(s) have been scanned
Scan process 'smss.exe' - '1' Module(s) have been scanned

Starting master boot sector scan:
Master boot sector HD0
[INFO] No virus was found!
Master boot sector HD1
[INFO] No virus was found!
Master boot sector HD2
[INFO] No virus was found!
Master boot sector HD3
[INFO] No virus was found!
Master boot sector HD4
[INFO] No virus was found!
Master boot sector HD5
[INFO] No virus was found!
Master boot sector HD6
[INFO] No virus was found!
Master boot sector HD7
[INFO] No virus was found!
Master boot sector HD8
[INFO] No virus was found!

Start scanning boot sectors:

Starting to scan executable files (registry).
The registry was scanned ( '489' files ).



End of the scan: Friday, June 11, 2010 07:09
Used time: 00:17 Minute(s)

The scan has been done completely.

0 Scanned directories
967 Files were scanned
0 Viruses and/or unwanted programs were found
0 Files were classified as suspicious
0 files were deleted
0 Viruses and unwanted programs were repaired
0 Files were moved to quarantine
0 Files were renamed
0 Files cannot be scanned
967 Files not concerned
5 Archives were scanned
0 Warnings
0 Notes

Nice Job nuclearjock!

TFC(Temp File Cleaner):

• Please download TFC to your desktop,
  
• Save any unsaved work. TFC will close all open application windows.
  
• Double-click TFC.exe to run the program.
  
• If prompted, click "Yes" to reboot.

Note: Save your work. TFC will automatically close any open programs, let it run uninterrupted. It shouldn't take longer take a couple of minutes, and may only take a few seconds. Only if needed will you be prompted to reboot.

Next

I want to look at this file.

Check a file/files
Use your browser to go here at Virustotal website
Click the Browse button and then navigate to
c:\windows\system32\encapi5.dll


then click the Submit button.

The various virus scanners will identify the file and if it is not identified, the AV vendors will then have a copy of it for analysis. Save the results, and post back here in a reply.

I ran TFC and rebooted. I then checked and I have a encapi.dll file but no encapi5.dll file. What next?

You will need to enable hidden files and folders by doing the following:
Windows XP

* Click Start.
* Open My Computer.
* Select the Tools menu and click Folder Options.
* Select the View Tab.
* Under the Hidden files and folders heading select Show hidden files and folders.
* Uncheck the Hide protected operating system files (recommended) option.
* Click Yes to confirm.
* Click OK.

Then try to upload the file: c:\windows\system32\encapi5.dll

I still don't see encapi5.dll in the system32 directory, just encapi.dll

That file is clean. Go ahead and able hidden files and folders back the way they were.

Update Run Malwarebytes

• Launch Malwarebytes' Anti-Malware
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  
• Copy&Paste the entire report in your next reply.
  

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Kenny,

When I go to start->control panel->add/remove programs a majority of the programs no longer show a "remove" button. I read somewhere that AV security suite buries itsels in Java so I wanted to nuke my current java and reinstall a fresh copy. there was no remove option for java so I had to download/install/run/remove java with windows install clean up. what's this about???

Here's mbam log: I always turn off the automatic updates warning. I dont use automatic updates.

Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4189

Windows 5.1.2600 Service Pack 3
Internet Explorer 6.0.2900.5512

6/11/2010 2:32:34 PM
mbam-log-2010-06-11 (14-32-34).txt

Scan type: Quick scan
Objects scanned: 137294
Time elapsed: 2 minute(s), 50 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 3
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Older versions of Java on your computer. These can be a source of infection. So yes. We still have work to do.

Please download JavaRa from here

• First, unzip it.
  
• Then run JavaRa.
  
• Select English from the drop down menu and press Select.
  
• This will open JavaRa.
  
• Press Remove older versions
  
• Press yes to the prompt.
  
• It will make a log file of what it's removed.
  
• Copy and paste the log back here.
  

Then look for the following Java folders and if found delete them.

C:\Program Files\Java
C:\Program Files\Common Files\Java
C:\Documents and Settings\All Users\Application Data\Java
C:\Documents and Settings\All Users\Application Data\Sun\Java
C:\Documents and Settings\username\Application Data\Java
C:\Documents and Settings\username\Application Data\Sun\Java

Next

Download and Update Java Runtime
The most current version of Sun Java is: Java Runtime Environment (JRE) 6 Update 20.

• Go to
  https://cds.sun.com/is-bin/INTERSHOP.enfinity/WFS/CDS-CDS_Developer-Site/en_US/-/USD/ViewProductDetail-Start?ProductRef=jre-6u20-oth-JPR@CDS-CDS_Developer
  
• In Platform box choose Windows .
  
• Check the box to Accept License Agreement and click Continue.
  
• Click on Windows Offline Installation, click on the link under it which says jre-6u14-windows-i586-p.exe (Top One) and save the downloaded file to your desktop.
  
• Install the new version by running the newly-downloaded file with the java icon which will be on your desktop, and follow the on-screen instructions.
  
• Uncheck the Toolbar button (unless you want the toolbar)
  
• Reboot your computer

To test your Java Run-time, you may go to this page http://www.java.com/en/download/help/testvm.xml
When all is well, you should see Java Version: 1.6.0_20 from Sun Microsystems Inc.

Next

Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.

• Click Run at the Security prompt.
  
• The program will then begin downloading and installing and will also update the database.
  
• Please be patient as this can take several minutes.
  
• Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  
• Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  
• Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  
• Click View scan report at the bottom.
  
• Click the Save Report As... button.
  
• Click the Save as Text button to save the file to your desktop so that you may post it in your next reply.
  

**Note**

To optimize scanning time and produce a more sensible report for review:

• Close any open programs.
  
• Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
  

Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.

JavaRa 1.15 Removal Log.

Report follows after line.

------------------------------------

The JavaRa removal process was started on Fri Jun 11 16:10:43 2010

Found and removed: C:\Program Files\Java\jre1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.5.0_12

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBC}

Found and removed: SOFTWARE\Classes\JavaPlugin.160_03

Found and removed: SOFTWARE\JavaSoft\Java Plug-in\1.6.0_03

Found and removed: SOFTWARE\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\JavaPlugin.160_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0000-0005-ABCDEFFEDCBA}

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_02

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_03

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.0.1_04

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.2.0_01

Found and removed: SOFTWARE\JavaSoft\Java Web Start\1.6.0_03

Found and removed: Software\JavaSoft\Java2D\1.6.0_03

Found and removed: Software\JavaSoft\Java Runtime Environment\1.6.0_03

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0000-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0001-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0002-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0003-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0004-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0005-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0006-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0007-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0008-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0009-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0010-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0011-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0012-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0013-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0014-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0015-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0016-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0017-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0018-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0019-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0020-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0021-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0022-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0023-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0024-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0025-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0026-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0027-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0028-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0029-ABCDEFFEDCBB}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBA}

Found and removed: Software\Classes\CLSID\{CAFEEFAC-0013-0001-0030-ABCDEFFEDCBB}

Found and removed: SOFTWARE\Microsoft\Active Setup\Installed Components\{08B0E5C0-4FCB-11CF-AAA5-00401C608500}

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\\C:\Program Files\Java\jre1.6.0_03\bin\

Found and removed: SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\Folders\C:\Program Files\Common Files\Java\Update\Base Images\jre1.6.0.b105\patch-jre1.6.0_03.b05\

------------------------------------

Finished reporting.

Please run Kaspersky Online Scanner and then we''ll deal with a driver.

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Saturday, June 12, 2010
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Friday, June 11, 2010 23:16:03
Records in database: 4260874
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
K:\
L:\
M:\
N:\
O:\
W:\

Scan statistics:
Objects scanned: 463641
Threats found: 8
Infected objects found: 9
Suspicious objects found: 0
Scan duration: 04:48:27


File name / Threat / Threats count
C:\Qoobox\Quarantine\C\Documents and Settings\Rick Wintermute\Local Settings\Application Data\syssvc.exe.vir Infected: Trojan.Win32.KillAV.gnc 1
D:\Microsoft Games\downloaded aircraft\Captain Sim\757 200\Captain Sim 757\CS_B757_KeyGen.exe Infected: Trojan.Win32.Genome.aycs 1
D:\music\Lindsey Buckingham\wrong lindsey buckingham.mp3 Infected: Trojan-Downloader.WMA.GetCodec.c 1
D:\SYSTEM\crysis\Crysis.exe Infected: Trojan.Win32.Genome.wze 1
D:\SYSTEM\downloaded programs\FU-Setup_LE.exe Infected: not-a-virus:AdWare.Win32.Rabio.dk 1
D:\SYSTEM\downloaded programs\scicoe1201.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
D:\SYSTEM\downloaded programs\sdie.exe Infected: not-a-virus:WebToolbar.Win32.WhenU.a 1
G:\Incomplete\T-5745425-star spangled banner prince [unreleased rare track].mp3 Infected: Trojan-Downloader.WMA.GetCodec.r 1
G:\test\america prince new single.mp3 Infected: Trojan-Downloader.WMA.GetCodec.af 1

Selected area has been scanned.

Please download the OTM by OldTimer.

• Save it to your desktop.
  
• Please double-click OTM.exe to run it. (Vista users, please right click on OTM.exe and select "Run as an Administrator")
  
• Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  

  Code:

  :Processes

:Services

:Reg

:Files
D:\Microsoft Games\downloaded aircraft\Captain Sim\757 200\Captain Sim 757\CS_B757
D:\music\Lindsey Buckingham\wrong lindsey buckingham.mp3
D:\SYSTEM\crysis\Crysis.exe
D:\SYSTEM\downloaded programs\FU-Setup_LE.exe
D:\SYSTEM\downloaded programs\scicoe1201.exe
D:\SYSTEM\downloaded programs\sdie.exe
G:\Incomplete\T-5745425-star spangled banner prince [unreleased rare track].mp3
G:\test\america prince new single.mp3



:Commands
[purity]
[resethosts]
[emptytemp]
[CREATERESTOREPOINT]
[EMPTYFLASH]
[Reboot]
  
  
• Return to OTM, right click in the "Paste instructions for items to be Move" window (under the light Yellow bar) and choose Paste.
  
• Click the red Moveit! button.
  
• A log of files and folders moved will be created in the c:\_OTM\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
  
• Close OTM
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

Kenny,
I screwed up, ran otm, and hit the clean up button first!!!

Went back and did what you told me to do and these are the results.

Hope I didn't screw anything up too bad.. :sad:

Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.1.12.2 log created on 06122010_074943

Last edited by nuclearjock on 12th June 2010, 12:53 pm; edited 1 time in total (Reason for editing : mistake)

I have a restore point created after reinstalling Java. That one should get me back to where I was B4 otm if that should be necessary. Sorry I dorked up.


Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!
Error: Unable to interpret in the current context!

OTM by OldTimer - Version 3.1.12.2 log created on 06122010_074943

No don't do this....

Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Folders (if present):

D:\Microsoft Games\downloaded aircraft\Captain Sim

D:\SYSTEM\crysis

G:\Incomplete


Using Windows Explorer (to get there right-click your Start button and go to "Explore"), please delete these Files (if present):

D:\music\Lindsey Buckingham\wrong lindsey buckingham.mp3

D:\SYSTEM\downloaded programs\FU-Setup_LE.exe

D:\SYSTEM\downloaded programs\scicoe1201.exe

D:\SYSTEM\downloaded programs\sdie.exe

G:\test\america prince new single.mp3

Done!

How is your PC now?

ok except no sound. Driver is freshley installed and working, media player says no hardware. when I boot into vista, sound is fine so it's not a hardware issue. do I have to restart anything that I disabled??

Lets remove the tools first. And go from there....

To re-enable your Emulation drivers, double click DeFogger to run the tool.

• The application window will appear
  
• Click the Re-enable button to re-enable your CD Emulation drivers
  
• Click Yes to continue
• A 'Finished!' message will appear
  
• Click OK
  
• DeFogger will now ask to reboot the machine - click OK
  

IMPORTANT! If you receive an error message while running DeFogger, please post the log defogger_enable which will appear on your desktop.

Your Emulation drivers are now re-enabled.

To remove all of the tools we used and the files and folders they created, please do the following:
Please download OTC.exe by OldTimer:

• Save it to your Desktop.
  
• Double click OTC.exe.
  
• Click the CleanUp! button.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Note: If any tool, file or folder (belonging to the program we have used) hasn't been deleted, please delete it manually.

Your Computer is Clean






Some final items:


Follow these steps to uninstall Combofix and tools used in the removal of malware

• Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
  
• Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the x and /)
  
  
• Please follow the prompts to uninstall Combofix.
  
• You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
  

This will uninstall Combofix and anything assoicated with it.

Here are some additional links for you to check out to help you with your computer security.

Browsers

Just because your computer came loaded with Internet Explorer doesn't mean that you have to use it, there are other free alternatives, FIREFOX and OPERA, both are free to use and are more secure than IE.

If you are using firefox you can stay more secure by adding NoScript and WOT (Web Of Trust)

NoScript stops Java scripts from starting on a web page unless you give permission for them, and WOT (Web Of Trust) has a comprehensive list of ratings for different websites allowing you to easily see if a website that you are about to go to has a bad reputation; in fact it will warn you to check if you are sure that you want to continue to a bad website.

• Make your Internet Explorer more secure - This can be done by following these simple instructions:
  
• From within Internet Explorer click on the Tools menu and then click on Options.
  
• Click once on the Security tab
  
• Click once on the Internet icon so it becomes highlighted.
  
• Click once on the Custom Level button.
  
• Change the Download signed ActiveX controls to Prompt
  
• Change the Download unsigned ActiveX controls to Disable
  
• Change the Initialize and script ActiveX controls not marked as safe to Disable
  
• Change the Installation of desktop items to Prompt
  
• Change the Launching programs and files in an IFRAME to Prompt
  
• Change the Navigate sub-frames across different domains to Prompt
  
• When all these settings have been made, click on the OK button
  
• If it prompts you as to whether or not you want to save the settings, press the Yes button.
  
• Next press the Apply button and then the OK to exit the Internet Properties page.
  

Additional Security Measures


Visit Microsoft's Windows Update Site Frequently - It is important that you visit http://www.windowsupdate.com regularly. This will ensure your computer has always the latest security updates available installed on your computer. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.

SpywareBlaster- SpywareBlaster will add a large list of programs and sites into your Internet Explorer settings that will protect you from running and downloading known malicious programs.

Cookienator- Scans your PC for tracking cookies in multiple browsers as well as in Adobe Flash.

Winpatrol Download and install the free version of Winpatrol. WinPatrol takes snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.

Secunia software inspector & update checker

My Blog Malware And Spyware Tips

Also, see here for system improvement: Help! My computer is slow!


It was a pleasure working with you.

After the above steps. Let me know on your sound.

kenny, still no sound. do I have to re-enable anything???

Nope. Have you restated your PC? None of the tools we used will effect your PC sound. Have you looked in the Windows Device Manager?

Please visit the links HERE and HERE first to read about this new Microsoft tool!

Then you can download and use: Microsoft Fix it Center Online
Microsoft Fix it Center Client contains troubleshooters that help detect issues on target PCs and solve them on demand or proactively before you even know they exist!
It finds and fixes many common PC and device problems automatically. It also helps prevent new problems by proactively checking for known issues and installing updates. Fix it Center helps to consolidate the many steps of diagnosing and repairing a problem into an automated tool that does the work for you.

Microsoft Fix it Center makes getting support easier than ever, with tools that help solve the issues you have now and prevent new ones.

• Easy to Install and Run: Easy-to-use wizards will guide you through the set-up process and help you anytime you need support.
  
  
• Automated: With automated troubleshooters, Fix it Center helps solve issues with your PC, even if you're not sure what the exact problem is. Fix It Center scans your device to diagnose and repair problems, then gives you the option to "Find and fix" or to "Find and report.
  
  
• Preventive Care: By helping you find and fix issues before they become real problems, Fix it Center helps keep your PC running smoothly and automatically downloading the latest solutions.
  

Let me know after you had run all the troubleshooters on your pc if it corrected your problem.

Received your PM. Did you try Microsoft Fix it Center Online.

no sound in XP. says "no sound device". when I boot into Vista, all's good. what gives??

You have two OS on this PC?

no, I didn't try the fix it center. yes, dual boot xp, vista 64. sound is ok in vista.

What about cleaning up restore points etc???

Uninstall Combofix does remove all but the most recent Restore Points....