WiredWX Christian Hobby Weather Tools
Would you like to react to this message? Create an account in a few clicks or log in to continue.

WiredWX Christian Hobby Weather ToolsLog in

 


Desktop icon and files delete

2 posters

descriptionDesktop icon and files delete EmptyDesktop icon and files delete13th September 2012, 11:43 pm

more_horiz
Sart up menu has file recovery, this has cleared my desktop of icons and has removed all
files in the start up program. This file recovery request that I purchase a program that that
will correct the problem, when on internet I will receive dozens of System message write Fault Error, Serious Disk Errr writing on Drive C, This Divice cannot find enought free resourse, Seek error sector not found and Dritical Error Drive sector not found. Before the File recover pop up I did not have these problems.
OTL logfile created on: 9/13/2012 5:42:42 PM - Run 1
OTL by OldTimer - Version 3.2.56.0 Folder = C:\Documents and Settings\Tina\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

447.48 Mb Total Physical Memory | 62.39 Mb Available Physical Memory | 13.94% Memory free
959.16 Mb Paging File | 326.65 Mb Available in Paging File | 34.06% Paging File free
Paging file location(s): C:\pagefile.sys 576 1152 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 149.04 Gb Total Space | 123.01 Gb Free Space | 82.53% Space Free | Partition Type: NTFS

Computer Name: SUMMERS | User Name: Tina | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2012/09/13 17:40:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.com
PRC - [2012/09/08 23:05:55 | 000,270,848 | -H-- | M] (APA) -- C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE.exe
PRC - [2012/09/08 22:49:48 | 000,373,248 | -H-- | M] (APA) -- C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe
PRC - [2012/07/20 10:42:17 | 000,042,536 | -H-- | M] (MindSpark) -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrchMn.exe
PRC - [2012/07/20 10:42:16 | 000,030,096 | -H-- | M] (VER_COMPANY_NAME) -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe
PRC - [2012/06/06 04:41:48 | 001,823,160 | -H-- | M] (Bandoo Media, inc) -- C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe
PRC - [2010/11/01 15:15:12 | 000,886,752 | -H-- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
PRC - [2009/03/10 23:18:14 | 000,934,792 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\WgaTray.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/14 01:12:09 | 000,908,288 | -H-- | M] (Zango, Inc.) -- C:\Program Files\Seekmo\seekmo.exe
PRC - [2006/02/04 12:16:34 | 000,062,464 | -H-- | M] (Alexander Avdonin) -- C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe
PRC - [2005/12/08 12:06:12 | 000,016,384 | -H-- | M] (Creative Technology Ltd) -- C:\WINDOWS\CTHELPER.EXE
PRC - [2005/08/26 18:14:44 | 000,036,975 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
PRC - [2005/06/06 23:46:24 | 000,057,344 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe
PRC - [2004/03/23 03:05:42 | 000,172,032 | -H-- | M] (HP) -- C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe


========== Modules (No Company Name) ==========

MOD - [2012/02/20 21:29:04 | 000,087,912 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2012/02/20 21:28:42 | 001,242,472 | -H-- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/11/03 10:28:36 | 001,292,288 | -H-- | M] () -- C:\WINDOWS\system32\quartz.dll
MOD - [2010/11/01 15:15:12 | 000,886,752 | -H-- | M] () -- C:\Program Files\SelectRebates\SelectRebates.exe
MOD - [2010/11/01 15:15:10 | 000,177,616 | -H-- | M] () -- C:\Program Files\SelectRebates\SRebates.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | -H-- | M] () -- \\?\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/06/20 11:02:47 | 000,245,248 | -H-- | M] () -- \\.\globalroot\systemroot\system32\mswsock.dll
MOD - [2008/04/13 19:11:59 | 000,014,336 | -H-- | M] () -- C:\WINDOWS\system32\msdmo.dll
MOD - [2008/04/13 19:11:51 | 000,059,904 | -H-- | M] () -- C:\WINDOWS\system32\devenum.dll
MOD - [2005/10/07 15:05:32 | 000,125,440 | -H-- | M] () -- C:\Program Files\WinRAR\RarExt.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand | Stopped] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - File not found [Disabled | Stopped] -- %SystemRoot%\System32\hidserv.dll -- (HidServ)
SRV - [2012/08/21 15:03:30 | 000,250,568 | -H-- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINDOWS\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2012/07/20 10:42:16 | 000,042,504 | -H-- | M] (COMPANYVERS_NAME) [Auto | Stopped] -- C:\Program Files\CouponAlert_2p\bar\1.bin\2pbarsvc.exe -- (CouponAlert_2pService)
SRV - [2004/03/18 16:55:48 | 000,065,536 | -H-- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand | Stopped] -- -- (PDCOMP)
DRV - File not found [Kernel | System | Stopped] -- -- (PCIDump)
DRV - File not found [Kernel | System | Stopped] -- -- (lbrtfdc)
DRV - File not found [Kernel | System | Stopped] -- -- (i2omgmt)
DRV - File not found [Kernel | System | Stopped] -- -- (Changer)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\Program Files\Softwin\BitDefender9\bdfdll.sys -- (bdfdll)
DRV - [2009/02/12 15:11:24 | 000,022,312 | -H-- | M] (EldoS Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\rsdrv.sys -- (ElRawDisk)
DRV - [2005/12/08 11:55:48 | 000,007,168 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2005/12/08 11:55:46 | 000,439,296 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k)
DRV - [2005/12/08 11:55:08 | 000,179,712 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\haP17v2k.sys -- (hap17v2k)
DRV - [2005/12/08 11:55:04 | 000,154,112 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\haP16v2k.sys -- (hap16v2k)
DRV - [2005/12/08 11:55:02 | 000,754,176 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ha10kx2k.sys -- (ha10kx2k)
DRV - [2005/12/08 11:54:52 | 000,114,688 | -H-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2005/12/08 11:54:42 | 000,142,336 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2005/12/08 11:54:40 | 000,077,824 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2005/12/08 11:54:32 | 000,501,760 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2005/11/10 17:06:04 | 000,340,704 | -H-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2005/04/12 11:42:16 | 000,011,904 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2005/04/12 11:08:44 | 000,247,296 | -H-- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2004/08/03 17:31:36 | 000,032,768 | -H-- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnic.sys -- (SISNIC)
DRV - [2004/06/29 09:07:18 | 001,268,204 | -H-- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.com/results.aspx?q={searchTerms}&src={referrer:source?}
IE - HKLM\..\SearchScopes\{3CB5A97C-3CA4-4EFB-AF57-20D57526DF71}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7
IE - HKLM\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://home.mywebsearch.com/index.jhtml?n=77DE8857&p2=^CD^xdm300^S01785^us&ptb=B8DAD6B1-FF87-492A-B4B3-E010FC121448&si=173525
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/?ocid=iehp
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = FA E9 93 DD 88 66 CD 01 [binary data]
IE - HKCU\..\URLSearchHook: {7b9f8c21-46ec-4c0b-8683-e755ef84577a} - No CLSID value found
IE - HKCU\..\SearchScopes,DefaultScope = {9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
IE - HKCU\..\SearchScopes\{3CB5A97C-3CA4-4EFB-AF57-20D57526DF71}: "URL" = http://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&sourceid=ie7&rlz=1I7ADFA_enUS486
IE - HKCU\..\SearchScopes\{9BB47C17-9C68-4BB3-B188-DD9AF0FD2406}: "URL" = http://dts.search-results.com/sr?src=ieb&appid=394&systemid=406&sr=0&q={searchTerms}
IE - HKCU\..\SearchScopes\{E1AB3AF5-8147-4BD7-AE6E-D9350595E033}: "URL" = http://search.yahoo.com/search?p={searchTerms}&ei=utf-8&fr=b1ie7
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"
FF - user.js - File not found

FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@CouponAlert_2p.com/Plugin: C:\Program Files\CouponAlert_2p\bar\1.bin\NP2pStub.dll (MindSpark)
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/DownloadManager,version=1.1: C:\WINDOWS\ [2012/09/13 17:06:03 | 000,000,000 | -H-D | M]
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.115\npGoogleUpdate3.dll (Google Inc.)
FF - HKCU\Software\MozillaPlugins\@macromedia.com/FlashPlayer9: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\2pffxtbr@CouponAlert_2p.com: C:\Program Files\CouponAlert_2p\bar\1.bin [2012/07/20 10:42:29 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2012/09/13 17:06:00 | 000,000,000 | -H-D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2012/09/13 17:06:00 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Components: C:\Program Files\Mozilla Firefox\components\ [2012/09/13 17:06:00 | 000,000,000 | -H-D | M]
FF - HKEY_CURRENT_USER\software\mozilla\Mozilla Firefox 1.5.0.7\Extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins\ [2012/09/13 17:06:00 | 000,000,000 | -H-D | M]

[2012/07/20 10:42:29 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions
[2006/08/03 17:44:37 | 000,000,000 | -H-D | M] (Adblock) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions\{34274bf4-1d97-a289-e984-17e546307e4f}
[2011/08/06 10:19:08 | 000,000,000 | -H-D | M] (Hoyle Toolbar) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions\{64b507cd-5eb6-4217-aef4-c88b4fcfb77b}
[2006/08/03 17:44:36 | 000,000,000 | -H-D | M] ("Fasterfox") -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions\{c36177c0-224a-11da-8cd6-0800200c9a66}
[2012/07/20 10:42:29 | 000,000,000 | -H-D | M] (Coupon Alert) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions\2pffxtbr@CouponAlert_2p.com
[2006/08/03 17:44:37 | 000,000,000 | -H-D | M] ("Adblock Filterset.G Updater") -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions\filtersetg@updater
[2006/08/03 17:58:04 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions\tabx@clav.mozdev.org
[2012/07/06 15:56:37 | 000,000,000 | -H-D | M] (ShopAtHome.com Intelligent Shopping Toolbar) -- C:\Documents and Settings\Tina\Application Data\Mozilla\Firefox\Profiles\ebsz8czx.default\extensions\toolbar@shopathome.com
[2006/08/03 17:37:42 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2006/09/16 03:04:34 | 000,060,526 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jar50.dll
[2006/09/16 03:04:34 | 000,049,256 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\jsd3250.dll
[2006/09/16 03:04:35 | 000,166,000 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\xpinstal.dll
[2004/11/12 22:36:20 | 000,005,120 | -H-- | M] (Adobe Systems Incorporated) -- C:\Program Files\mozilla firefox\plugins\NPAdbESD.dll
[2006/08/29 16:20:08 | 000,039,936 | -H-- | M] (Zango, Inc.) -- C:\Program Files\mozilla firefox\plugins\npclntax.dll
[2012/06/20 11:56:43 | 000,091,584 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npCouponPrinter.dll
[2006/08/24 16:31:46 | 000,114,688 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\npmozax.dll
[2012/06/20 11:56:44 | 000,091,584 | -H-- | M] (Coupons, Inc.) -- C:\Program Files\mozilla firefox\plugins\npMozCouponPrinter.dll
[2006/08/06 16:59:20 | 002,078,344 | -H-- | M] () -- C:\Program Files\mozilla firefox\plugins\NPSWF32.dll
[2006/08/03 17:37:44 | 000,000,680 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.png
[2006/08/03 17:37:44 | 000,000,741 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.src
[2006/08/03 17:37:44 | 000,001,150 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.png
[2006/08/03 17:37:44 | 000,000,539 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.src
[2006/08/03 17:37:44 | 000,000,356 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.png
[2006/08/03 17:37:44 | 000,001,007 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.src
[2006/08/03 17:37:44 | 000,000,210 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.gif
[2006/08/03 17:37:44 | 000,001,056 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.src
[2006/08/03 17:37:44 | 000,001,076 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.gif
[2006/08/03 17:37:44 | 000,000,718 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.src
[2006/08/03 17:37:44 | 000,000,088 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.gif
[2006/08/03 17:37:44 | 000,001,122 | -H-- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.src

========== Chrome ==========

CHR - homepage: http://www.google.com
CHR - default_search_provider: Google (Enabled)
CHR - default_search_provider: search_url = {google:baseURL}search?{google:RLZ}{google:acceptedSuggestion}{google:originalQueryForSuggestion}sourceid=chrome&ie={inputEncoding}&q={searchTerms}
CHR - default_search_provider: suggest_url = {google:baseSuggestURL}search?client=chrome&hl={language}&q={searchTerms}
CHR - homepage: http://www.google.com
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\gcswf32.dll
CHR - plugin: Shockwave Flash (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPSWF32.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll
CHR - plugin: QuickTime Plug-in 7.7.2 (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll
CHR - plugin: Silverlight Plug-In (Enabled) = c:\Program Files\Microsoft Silverlight\4.1.10329.0\npctrl.dll
CHR - plugin: Shockwave for Director (Enabled) = C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll
CHR - plugin: Windows Media Player Plug-in Dynamic Link Library (Enabled) = C:\Program Files\Windows Media Player\npdsplay.dll
CHR - plugin: Chrome NaCl (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\ppGoogleNaClPluginChrome.dll
CHR - plugin: Chrome PDF Viewer (Enabled) = C:\Program Files\Google\Chrome\Application\21.0.1180.89\pdf.dll
CHR - plugin: Adobe Acrobat (Disabled) = C:\Program Files\Adobe\Acrobat 7.0\Reader\Browser\nppdf32.dll
CHR - plugin: Adobe ESD Manager Plugin (Enabled) = C:\Program Files\Mozilla Firefox\plugins\NPAdbESD.dll
CHR - plugin: Seekmo (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
CHR - plugin: Windows Genuine Advantage (Enabled) = C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npdrmv2.dll
CHR - plugin: Microsoft\u00AE DRM (Enabled) = C:\Program Files\Windows Media Player\npwmsdrm.dll
CHR - plugin: Google Update (Enabled) = C:\Program Files\Google\Update\1.3.21.111\npGoogleUpdate3.dll
CHR - plugin: iTunes Application Detector (Enabled) = C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
CHR - plugin: Default Plug-in (Enabled) = default_plugin

O1 HOSTS File: ([2004/08/04 07:00:00 | 000,000,734 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Toolbar BHO) - {3a421c8f-e238-4aeb-8874-b8b5f2cc4772} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O2 - BHO: (Seekmo Search Assistant Helper) - {5929CD6E-2062-44a4-B2C5-2C7E78FBAB38} - c:\Program Files\Seekmo\seekmohook.dll (Zango, Inc.)
O2 - BHO: (Search Assistant BHO) - {60e91567-ef8a-4520-bce2-83aba5256799} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrcAs.dll (MindSpark)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O2 - BHO: (DataMngr) - {9D717F81-9148-4f12-8568-69135F087DB0} - C:\Program Files\Searchqu Toolbar\Datamngr\BrowserConnection.dll (Bandoo Media, inc)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.7529.1424\swg.dll (Google Inc.)
O2 - BHO: (ShopAtHomeIEHelper Class) - {E8DAAA30-6CAA-4b58-9603-8E54238219E2} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Coupon Alert) - {3462c343-be19-4143-af70-cefb56f46fc6} - C:\Program Files\CouponAlert_2p\bar\1.bin\2pbar.dll (MindSpark)
O3 - HKLM\..\Toolbar: (ShopAtHome.com Toolbar) - {98279C38-DE4B-4bcf-93C9-8EC26069D6F4} - C:\Program Files\SelectRebates\Toolbar\ShopAtHomeToolbar.dll (ShopAtHome.com)
O3 - HKLM\..\Toolbar: (Searchqu Toolbar) - {99079a25-328f-4bd4-be04-00955acaa0a7} - C:\Program Files\Searchqu Toolbar\Datamngr\ToolBar\searchqudtx.dll ()
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - 10 - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.0\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [APSDaemon] C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe (Apple Inc.)
O4 - HKLM..\Run: [Coupon Alert Search Scope Monitor] C:\Program Files\CouponAlert_2p\bar\1.bin\2pSrchMn.exe (MindSpark)
O4 - HKLM..\Run: [CouponAlert_2p Browser Plugin Loader] C:\Program Files\CouponAlert_2p\bar\1.bin\2pbrmon.exe (VER_COMPANY_NAME)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [DATAMNGR] C:\Program Files\Searchqu Toolbar\Datamngr\datamngrUI.exe (Bandoo Media, inc)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb10.exe (HP)
O4 - HKLM..\Run: [seekmo] c:\program files\seekmo\seekmo.exe (Zango, Inc.)
O4 - HKLM..\Run: [SelectRebates] C:\Program Files\SelectRebates\SelectRebates.exe ()
O4 - HKLM..\Run: [SiSPower] C:\WINDOWS\System32\SiSPower.dll (Silicon Integrated Systems Corporation)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [YwqLFybcKWoAhAh.exe] C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe (APA)
O4 - HKCU..\Run: [sdYDbV8i3VgQiE] C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE.exe (APA)
O4 - HKCU..\Run: [TaskSwitchXP] C:\Program Files\TaskSwitchXP\TaskSwitchXP.exe (Alexander Avdonin)
O4 - Startup: C:\Documents and Settings\Tina\Start Menu\Programs\Startup\Event Reminder.lnk = C:\pmw\PMREMIND.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1347291977531 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {B479199A-1242-4E3C-AD81-7F0DF801B4AE} http://download.microsoft.com/download/C/9/C/C9C3D86D-84AC-4AF0-8584-842756A66467/MicrosoftDownloadManager.cab (Microsoft Download Manager ActiveX control)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 75.75.75.75 75.75.76.76
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{46112095-711B-440E-B303-B3CA57CCB671}: DhcpNameServer = 75.75.75.75 75.75.76.76
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\datamngr.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\datamngr.dll (Bandoo Media, inc)
O20 - AppInit_DLLs: (C:\PROGRA~1\SEARCH~1\Datamngr\IEBHO.dll) - C:\Program Files\Searchqu Toolbar\Datamngr\IEBHO.dll (Bandoo Media, inc)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (XPize_Logon.exe) - C:\WINDOWS\System32\XPize_Logon.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tina\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2012/06/14 13:07:11 | 000,000,690 | -H-- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2006/08/03 17:13:17 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{366f7907-233e-11db-a797-0011d88214a8}\Shell\AutoRun\command - "" = K:\PortableApps\PortableAppsMenu\PortableAppsMenu.exe
O33 - MountPoints2\{d966ec77-106a-11e0-a8f9-0011d88214a8}\Shell\AutoRun\command - "" = J:\system\viewer\Viewer.exe
O33 - MountPoints2\{d966ec77-106a-11e0-a8f9-0011d88214a8}\Shell\View your videos\command - "" = J:\system\viewer\Viewer.exe
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)


SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0213C6AF-5562-4D09-884C-2ADCFC8C2F35} - Microsoft .NET Framework 1.1 Security Update (KB2656353)
ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {08B0E5C0-4FCB-11CF-AAA5-00401C608500} - Java (Sun)
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {1325db73-d9f1-48f8-8895-6d814ec58889} - Security Update for Windows XP (KB913433)
ActiveX: {166B1BCA-3F9C-11CF-8075-444553540000} - Macromedia Shockwave Director 8.5.1
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A202491-F00D-11cf-87CC-0020AFEECF20} - Macromedia Shockwave Director 8.5.1
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.6
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73FA19D0-2D75-11D2-995D-00C04F98BBC9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A38B334A-A0A2-436D-BAA0-34FE5E517E44} - Microsoft .NET Framework 1.1 Security Update (KB2656370)
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C3C986D6-06B1-43BF-90DD-BE30756C00DE} - RevokedRootsUpdate
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11cf-96B8-444553540000} - Macromedia Shockwave Flash
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigIE
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF} - "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
ActiveX: >{60B49E34-C7CC-11D0-8953-00A0C90347FF}MICROS - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.3IV2 - C:\WINDOWS\System32\3ivxVfWCodec_dec.dll (3ivx.com)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.DIVX - C:\WINDOWS\System32\DivX.dll (DivXNetworks, Inc.)
Drivers32: vidc.imm4 - C:\WINDOWS\System32\vcmimm4.dll ()
Drivers32: vidc.imm5 - C:\WINDOWS\System32\vcmimm5.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)
Drivers32: vidc.LEAD - LCODCCMP.DLL File not found

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - %SystemRoot%\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Sharedaccess - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: BITS - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point

========== Files/Folders - Created Within 30 Days ==========

[2012/09/13 17:41:19 | 000,596,480 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.com
[2012/09/13 17:38:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Tina\Recent
[2012/09/13 17:33:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tina\My Documents\cusmsconfigtom Scans fixies
[2012/09/13 17:06:08 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Seekmo Search Assistant
[2012/09/10 18:18:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2012/09/10 18:17:44 | 000,022,312 | -H-- | C] (EldoS Corporation) -- C:\WINDOWS\System32\drivers\rsdrv.sys
[2012/09/10 18:16:26 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Remo Recover
[2012/09/10 18:16:12 | 000,000,000 | -H-D | C] -- C:\Program Files\Remo Recover
[2012/09/10 14:16:29 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2012/09/10 10:59:19 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tina\Application Data\ElevatedDiagnostics
[2012/09/10 10:58:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows PowerShell 1.0
[2012/09/10 10:57:38 | 000,000,000 | -H-D | C] -- C:\WINDOWS\System32\windowspowershell
[2012/09/09 18:43:43 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tina\Application Data\DriverCure
[2012/09/09 18:43:40 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tina\Application Data\PC Utility Kit
[2012/09/09 18:41:16 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\PC Utility Kit
[2012/09/09 18:41:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\PC Utility Kit
[2012/09/09 16:47:27 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tina\Desktop\Microsoft Office Tools
[2012/09/08 23:06:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tina\Start Menu\Programs\File Recovery
[2012/09/08 23:05:55 | 000,270,848 | -H-- | C] (APA) -- C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE.exe
[2012/09/08 22:53:06 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2012/09/08 22:52:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2012/09/08 22:52:05 | 000,373,248 | -H-- | C] (APA) -- C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe
[2012/09/08 21:38:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2012/09/08 21:38:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2012/09/02 12:32:02 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Tina\My Documents\My Downloads
[2012/09/02 12:31:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Download Manager
[2012/09/02 12:31:51 | 000,000,000 | -H-D | C] -- C:\Program Files\Microsoft Download Manager
[2012/08/17 13:18:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2012/08/17 13:13:30 | 000,000,000 | -HSD | C] -- C:\found.000
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Tina\My Documents\*.tmp files -> C:\Documents and Settings\Tina\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2012/09/13 17:56:23 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2012/09/13 17:46:16 | 000,000,830 | -H-- | M] () -- C:\WINDOWS\tasks\Adobe Flash Player Updater.job
[2012/09/13 17:40:19 | 000,596,480 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tina\Desktop\OTL.com
[2012/09/13 17:06:05 | 000,002,206 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2012/09/13 17:05:51 | 000,000,878 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2012/09/13 17:05:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2012/09/13 15:04:08 | 000,000,882 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2012/09/13 12:42:52 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{EF2C90EB-6F76-48A8-A398-5E17CC1A22CE}.job
[2012/09/10 18:22:05 | 000,000,720 | -H-- | M] () -- C:\Documents and Settings\Tina\Desktop\Remo Recover.lnk
[2012/09/10 14:24:50 | 000,245,760 | -H-- | M] () -- C:\WINDOWS\outlook.pst
[2012/09/09 18:44:10 | 000,000,454 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/09/09 18:41:46 | 000,000,420 | -H-- | M] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/09/09 18:15:40 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\Tina\Desktop\My Computer.lnk
[2012/09/08 23:09:49 | 000,030,888 | -H-- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2012/09/08 23:09:49 | 000,030,888 | -H-- | M] () -- C:\WINDOWS\System32\BMXState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2012/09/08 23:09:49 | 000,029,952 | -H-- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2012/09/08 23:09:49 | 000,029,952 | -H-- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2012/09/08 23:09:49 | 000,011,564 | -H-- | M] () -- C:\WINDOWS\System32\DVCState-{00000000-00000000-00000009-00001102-00000004-20051102}.rfx
[2012/09/08 23:09:49 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2012/09/08 23:09:49 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settings.sfm
[2012/09/08 23:06:06 | 000,000,160 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-sdYDbV8i3VgQiEr
[2012/09/08 23:06:06 | 000,000,144 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\-sdYDbV8i3VgQiE
[2012/09/08 23:06:05 | 000,000,855 | -H-- | M] () -- C:\Documents and Settings\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/08 23:06:05 | 000,000,837 | -H-- | M] () -- C:\Documents and Settings\Tina\Desktop\File_Recovery.lnk
[2012/09/08 23:06:05 | 000,000,368 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE
[2012/09/08 23:05:55 | 000,270,848 | -H-- | M] (APA) -- C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE.exe
[2012/09/08 22:49:48 | 000,373,248 | -H-- | M] (APA) -- C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe
[2012/09/08 21:38:22 | 000,176,128 | -H-- | M] () -- C:\ffastun.ffo
[2012/09/08 21:38:22 | 000,004,790 | -H-- | M] () -- C:\ffastun.ffa
[2012/09/08 21:38:21 | 001,994,752 | -H-- | M] () -- C:\ffastun0.ffx
[2012/09/08 21:38:21 | 000,393,216 | -H-- | M] () -- C:\ffastun.ffl
[2012/09/08 11:52:28 | 000,016,976 | -H-- | M] () -- C:\Documents and Settings\Tina\Application Data\wklnhst.dat
[2012/09/05 16:19:11 | 000,003,250 | -H-- | M] () -- C:\Documents and Settings\Tina\My Documents\Fruit Sales - Last Year.zip
[2012/09/05 14:47:52 | 000,121,096 | -H-- | M] () -- C:\WINDOWS\System32\MSForms.TWD
[2012/09/02 12:31:52 | 000,001,892 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/08/31 15:15:21 | 000,002,051 | -H-- | M] () -- C:\Documents and Settings\Tina\Desktop\Uninstall Google Chrome.lnk
[2012/08/25 13:47:10 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2012/08/21 15:03:28 | 000,696,520 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerApp.exe
[2012/08/21 15:03:27 | 000,073,416 | -H-- | M] (Adobe Systems Incorporated) -- C:\WINDOWS\System32\FlashPlayerCPLApp.cpl
[2012/08/17 14:21:41 | 000,016,384 | -H-- | M] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2012/08/17 13:18:55 | 000,001,915 | -H-- | M] () -- C:\Documents and Settings\Tina\Desktop\Google Earth.lnk
[2012/08/17 13:18:55 | 000,001,915 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Tina\My Documents\*.tmp files -> C:\Documents and Settings\Tina\My Documents\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2012/09/11 13:25:15 | 000,001,915 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Google Earth.lnk
[2012/09/10 18:16:27 | 000,000,720 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Remo Recover.lnk
[2012/09/09 18:44:08 | 000,000,454 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Registration3.job
[2012/09/09 18:41:45 | 000,000,420 | -H-- | C] () -- C:\WINDOWS\tasks\PC Utility Kit Update3.job
[2012/09/09 18:15:40 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\My Computer.lnk
[2012/09/09 16:47:16 | 000,000,738 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Outlook Express.lnk
[2012/09/09 16:47:10 | 000,001,775 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Microsoft Office PowerPoint Viewer 2003.lnk
[2012/09/09 16:47:06 | 000,000,748 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Microsoft Outlook.lnk
[2012/09/09 16:46:35 | 000,001,614 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Mozilla Firefox.lnk
[2012/09/09 16:46:22 | 000,002,051 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Uninstall Google Chrome.lnk
[2012/09/09 16:46:10 | 000,001,902 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Microsoft Office XP Language Settings.lnk
[2012/09/09 16:45:50 | 000,002,138 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Microsoft Office Document Imaging.lnk
[2012/09/09 16:45:29 | 000,000,803 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\Internet Explorer.lnk
[2012/09/08 23:06:06 | 000,000,160 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-sdYDbV8i3VgQiEr
[2012/09/08 23:06:06 | 000,000,144 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\-sdYDbV8i3VgQiE
[2012/09/08 23:06:05 | 000,000,855 | -H-- | C] () -- C:\Documents and Settings\Tina\Application Data\Microsoft\Internet Explorer\Quick Launch\File_Recovery.lnk
[2012/09/08 23:06:05 | 000,000,837 | -H-- | C] () -- C:\Documents and Settings\Tina\Desktop\File_Recovery.lnk
[2012/09/08 23:06:01 | 000,000,368 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE
[2012/09/05 16:19:10 | 000,003,250 | -H-- | C] () -- C:\Documents and Settings\Tina\My Documents\Fruit Sales - Last Year.zip
[2012/09/05 14:47:52 | 000,121,096 | -H-- | C] () -- C:\WINDOWS\System32\MSForms.TWD
[2012/09/02 12:31:52 | 000,001,892 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Download Manager.lnk
[2012/08/17 13:18:55 | 000,001,915 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Google Earth.lnk
[2012/08/12 08:59:47 | 000,483,328 | -H-- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\paydrxqtpg.exe
[2012/07/26 19:01:01 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\System32\iacenc.dll
[2012/05/05 16:49:34 | 000,000,884 | -H-- | C] () -- C:\Documents and Settings\Tina\Application Data\result.db
[2012/04/09 10:38:33 | 000,044,948 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2011/11/20 22:27:50 | 001,970,176 | -H-- | C] () -- C:\WINDOWS\System32\vcmimm4.dll
[2011/11/20 22:27:50 | 001,572,864 | -H-- | C] () -- C:\WINDOWS\System32\vcmimm5.dll
[2011/11/20 22:27:50 | 000,695,578 | -H-- | C] () -- C:\WINDOWS\unins000.exe
[2011/11/20 22:27:50 | 000,001,980 | -H-- | C] () -- C:\WINDOWS\unins000.dat
[2006/09/16 01:25:01 | 000,001,751 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/08/24 16:37:55 | 000,016,384 | -H-- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/08/07 17:33:08 | 000,016,976 | -H-- | C] () -- C:\Documents and Settings\Tina\Application Data\wklnhst.dat
[2006/08/04 14:37:33 | 000,000,127 | -H-- | C] () -- C:\Documents and Settings\Tina\Local Settings\Application Data\fusioncache.dat

========== Custom Scans ==========

< %AppData%RoamingMozillaFirefoxProfiles.defaultextensions s md5 >

< %AppData%Local >

< %systemroot%system32sysprep >

< .xpi md5 >

< %systemroot%Downloaded Program Files >
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

< HKEY_LOCAL_MACHINESYSTEMCurrentControlSetServicesSharedAccessParametersFirewallPolicyStandardProfile >

< hklmsoftwareclientsstartmenuinternetcommand rs >

< hklmsoftwareclientsstartmenuinternetcommand 64 rs >

< %systemroot%system32drivers.sys lockedfiles >

< %systemroot%system32drivers.sys 90 >

< %systemroot%System32config.sav >

< %SYSTEMDRIVE%.exe md5 >

< %WinDir%$NtUninstallKB$. 30 >

< %systemdrive%Program FilesCommon FilesComObjects. s >

< %systemroot%. mp s >

< %systemroot%. rp s >

< %systemroot%system32.dll lockedfiles >

< %systemroot%Tasks.job lockedfiles >

< %systemroot%Installer s >

< %systemroot%system32Cache s >

< %systemroot%system32configsystemprofile s >

< %PROGRAMFILES%. >

< %appdata%. >

< md5start >

< volsnap.sys >

< services.exe >

< userinit.exe >

< afd.sys >

< tcpip.sys >

< netbt.sys >

< ipsec.sys >

< dnsrslvr.dll >

< ipnathlp.dll >

< netman.dll >

< WMIsvc.dll >

< srsvc.dll >

< sr.sys >

< wscsvc.dll >

< wuauserv.dll >

< qmgr.dll >

< es.dll >

< cryptsvc.dll >

< svchost.exe >

< rpcss.dll >

< tdx.sys >

< wininit.exe >

< winlogon.exe >

< atapi.sys >

< explorer.exe >

< md5stop >

< >

========== Alternate Data Streams ==========

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC2E1DEC

< End of report >


descriptionDesktop icon and files delete EmptyRe: Desktop icon and files delete14th September 2012, 8:11 am

more_horiz
Hi there Summers1959 and welcome to GeekPolice!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:
  • Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  • Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  • I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  • Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

A small miracle you got the OTL log! Usually this kind of malware does not allow you to do anything.

  • Please run OTL.exe again
  • Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

Code:

:files
C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE.exe
C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe
C:\Documents and Settings\All Users\Application Data\-sdYDbV8i3VgQiEr
C:\Documents and Settings\All Users\Application Data\-sdYDbV8i3VgQiE
C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE
C:\WINDOWS\tasks\PC Utility Kit Registration3.job
C:\WINDOWS\tasks\PC Utility Kit Update3.job

:otl
PRC - [2012/09/08 23:05:55 | 000,270,848 | -H-- | M] (APA) -- C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE.exe
PRC - [2012/09/08 22:49:48 | 000,373,248 | -H-- | M] (APA) -- C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe
O4 - HKLM..\Run: [YwqLFybcKWoAhAh.exe] C:\Documents and Settings\All Users\Application Data\YwqLFybcKWoAhAh.exe (APA)
O4 - HKCU..\Run: [sdYDbV8i3VgQiE] C:\Documents and Settings\All Users\Application Data\sdYDbV8i3VgQiE.exe (APA)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_05-windows-i586.cab (Java Plug-in 1.5.0_05)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)

:commands
[reboot]

  • CAREFUL NOW! You must click the Run Fix button, NOT the Run Scan!
  • If it asks to reboot the computer, please allow that.
  • Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)


====================

If this time you are unable to run OTL, please follow the instructins below and after that retry to run OTL. If you were able to run the OTL fix, no need to do the following:

Please download RKill by Grinler from Download Mirror #1 and save it to your desktop.
Download Mirror #1 (rkill.exe)
Download Mirror #2 (rkill.scr)
Download Mirror #3 (rkill.com)
Download Mirror #4 (WiNlOgOn.exe)
Download Mirror #5 (uSeRiNiT.exe)
Download Mirror #6 (iExplore.exe)
Download Mirror #7 (eXplorer.exe)

  • Double click the RKill desktop icon (rightclick > Run as Administrator for Vista/WIN7).
  • A black screen will briefly flash indicating a successful run.
  • If this does not occur please delete that application and try using Mirror #2
  • Continue process until the tool runs.
  • Important: RKill only temporarily disables the malware. If you reboot the computer, it will be active again. So do not reboot until we kill the infection.

descriptionDesktop icon and files delete EmptyRe: Desktop icon and files delete16th September 2012, 6:03 pm

more_horiz
Summers1959 wrote:
I have completed the OTL and have posted the otl moved files. screen ask for reboot. when the screen reboot the screen was blank the keyboard and the mouse did not show.
Thanks in advance for your help. I sent the post for the moved files


Your computer does not boot anymore?

have you tried booting in safe mode?

To reboot in safe mode: restart the computer and hit the F8 button a couple of times during rebooting, just before the windows screen appears. In the boot menu that follows, choose Safe Mode Without Networking.

descriptionDesktop icon and files delete EmptyRe: Desktop icon and files delete

more_horiz
privacy_tip Permissions in this forum:
You cannot reply to topics in this forum