Java Wont Install - Malware on my system?

[IndiGenus]

I'm fairly confident you are clean. We will just need to clean up the tools we used, but before we do that please run OTL again and post the log.

 

[MaximumMayhem]

Thanks Indi,

Here is the OTL log file:

OTL logfile created on: 18/03/2010 10:57:44 PM - Run 3
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 84.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.33 Gb Free Space | 15.21% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.95 Gb Total Space | 7.42 Gb Free Space | 26.55% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 2.69 Gb Free Space | 0.90% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVESBIYATCH
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/20 10:08:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/01/16 06:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp5\winampa.exe
PRC - [2006/06/01 14:47:30 | 000,499,712 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
PRC - [2005/05/17 18:48:32 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 10:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe


========== Modules (SafeList) ==========

MOD - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 15:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 17:40:46 | 000,000,000 | ---D | M]

[2008/06/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2007/01/24 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\iycum9qa.default\extensions
[2010/03/18 04:52:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions
[2010/03/13 16:12:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/06/21 16:32:36 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2007/01/26 16:58:21 | 000,002,392 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\all-music-guide-artist-search.xml
[2009/05/17 03:22:50 | 000,001,127 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\AllGameGuide.xml
[2007/01/26 16:57:50 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\allrecipes.xml
[2010/03/14 16:02:58 | 000,001,412 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\bittorrent.xml
[2006/10/26 02:39:21 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\cddball.xml
[2007/01/26 16:56:58 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\coveruniverse.xml
[2007/01/26 16:54:05 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebay.xml
[2007/01/26 16:57:44 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebaycouk.xml
[2009/07/01 22:29:01 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\freedict.xml
[2007/01/26 16:58:12 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\gracenote-cddb.xml
[2007/01/26 16:57:32 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\icq-uin-search.xml
[2007/01/26 16:56:45 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\idp-translation.xml
[2008/06/24 21:53:56 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\IMDb.xml
[2007/01/26 16:58:18 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ms-knowledge-base.xml
[2007/01/26 16:58:06 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\nslookup.xml
[2007/01/26 16:58:24 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\thesaurus.xml
[2007/01/26 16:58:00 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wayback-machine.xml
[2007/01/26 16:53:51 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\whois-service.xml
[2008/06/24 21:53:56 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wikipedia.xml
[2010/03/18 15:10:14 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/03 13:12:00 | 000,925,696 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010/03/12 14:44:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:44:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:44:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:44:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/03 16:37:27 | 000,381,529 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13145 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll File not found
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1263212115312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1263212104140 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2007/01/24 19:00:27 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: Wmi - C:\WINDOWS\system32\wmi.dll (Microsoft Corporation)
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (5068516675813376)

========== Files/Folders - Created Within 14 Days ==========

[2010/03/18 15:57:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/18 05:34:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/03/17 02:36:29 | 067,573,464 | ---- | C] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\VS Revo Group
[2010/03/16 11:51:47 | 006,595,320 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:35 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Steve\Desktop\JavaRa.exe
[2010/03/15 10:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/15 10:05:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/15 10:00:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 10:00:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/15 10:00:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 10:00:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/15 10:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 09:59:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/14 16:12:21 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Boardmaker Saves
[2010/03/13 18:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Boardmaker with SD Pro
[2010/03/13 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Alcohol 120%
[2010/03/13 17:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/03/13 16:45:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/13 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Downloads
[2010/03/12 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\My GOLD
[2010/03/12 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/12 16:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/12 15:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/12 15:57:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/11 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Dad's Fishing 11-03-2010
[2010/03/07 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Polska
[2010/03/05 02:32:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/05 02:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/25 12:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/06/24 18:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/24 17:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/25 00:28:49 | 002,494,367 | ---- | C] (Plaino) -- C:\Program Files\FLVplayer.exe
[2007/01/27 19:06:14 | 005,689,344 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2010/03/18 14:57:59 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/18 14:57:35 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/18 14:57:22 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/18 14:57:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/18 05:34:48 | 031,981,568 | ---- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/03/18 05:31:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 04:26:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/03/18 04:26:13 | 004,240,656 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/03/18 04:26:12 | 000,000,855 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/18 04:26:12 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/03/18 04:26:12 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 03:01:14 | 067,573,464 | ---- | M] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:53:50 | 006,595,320 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:25 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 09:34:23 | 003,889,756 | R--- | M] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:54:59 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/13 16:45:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/08 14:40:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys
[7 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[10 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\drivers\*.tmp files -> C:\WINDOWS\System32\drivers\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/03/16 02:47:37 | 000,245,103 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.def
[2010/03/16 02:47:24 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 10:05:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/03/15 10:05:14 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/15 10:00:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 10:00:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 10:00:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 10:00:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 10:00:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/15 09:33:10 | 003,889,756 | R--- | C] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/13 17:45:49 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/11 20:44:21 | 000,820,166 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/22 21:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/07/18 09:19:16 | 000,263,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/20 12:03:30 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\ceville_console_history.txt
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg7.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg6.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg5.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/03/20 00:24:12 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2008/12/13 00:48:16 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Wlf.INI
[2008/11/20 15:35:15 | 000,010,886 | R--- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2008/10/24 19:30:32 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/24 19:30:32 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/13 14:25:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/08 19:24:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk37.ini
[2008/10/07 20:45:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\tlknw37.ini
[2008/10/07 20:27:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/07 21:43:17 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/11/26 13:46:14 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2007/11/13 16:32:35 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
[2007/10/24 08:47:47 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/26 20:34:13 | 000,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/31 19:36:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/07/23 19:25:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007/06/26 01:26:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/06/26 01:26:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/06/01 19:50:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/27 14:47:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/20 02:09:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/19 10:26:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/19 10:26:32 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/04 21:03:24 | 000,000,089 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2007/05/04 17:55:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/05/03 16:14:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/28 18:04:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/04/28 18:04:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/04/28 18:04:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/20 20:28:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/05 19:11:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/05 19:11:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/02/26 20:52:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2007/01/27 20:38:42 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/26 16:04:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2007/01/25 20:33:29 | 000,001,390 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/01/25 20:33:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/25 20:33:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/01/24 19:41:09 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/24 19:41:02 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

========== LOP Check ==========

[2008/08/18 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/04/18 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/30 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/03 01:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/21 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2007/06/02 20:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/09/12 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/17 16:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 17:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Activision
[2007/08/05 01:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ArtificialStudios
[2007/09/09 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2009/10/01 04:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\bitolithic
[2007/03/21 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\CD-LabelPrint
[2009/10/01 16:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\cYo
[2009/07/25 12:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\dBpoweramp
[2007/08/08 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\GanymedeNet
[2009/04/01 13:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\id Software
[2010/02/08 00:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Internode
[2008/01/07 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Leadertech
[2009/07/10 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LucasArts
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\NCH Swift Sound
[2008/01/19 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Orbit
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Recordpad
[2007/09/16 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Softland
[2010/02/19 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/10/02 16:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony Setup
[2008/09/19 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE
[2008/09/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE Creature Creator
[2007/03/05 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SumatraPDF
[2009/08/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\System Requirements Lab BETA
[2009/08/28 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SystemRequirementsLab
[2008/05/16 15:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Teleca
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Uniblue
[2008/11/17 19:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search
[2009/07/22 13:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\XLink Kai
[2009/08/24 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\yoclient

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/03/14 17:05:08 | 000,091,776 | R--- | M] (NVIDIA Corporation) MD5=52CAB126C3ED5B851FB80EBA0BEA5C4E -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Files - Unicode (All) ==========
[2010/02/09 16:38:17 | 000,000,081 | ---- | M] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット　エクストリームコンディション攻略 ターゲットマークの配置.URL
[2010/02/09 16:38:17 | 000,000,081 | ---- | C] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット　エクストリームコンディション攻略 ターゲットマークの配置.URL

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
< End of report >

 

[IndiGenus]

Some Java "scraps" in there. We can use OTL to clean them out.

Run OTL.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTL
  O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll File not found
  O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab  (Java Plug-in 1.6.0_01)
  O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_01)
  
  :Commands
  [emptytemp]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL log.

You should also make sure the following folder is not there. If it is delete it.

C:\Program Files\Java

 

[MaximumMayhem]

Done & done Indi. Here is the latest OTL log file for your perusal. Thanks again. I really appreciate your time.

OTL logfile created on: 20/03/2010 1:23:27 AM - Run 4
OTL by OldTimer - Version 3.1.37.1 Folder = C:\Documents and Settings\Steve\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 83.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 92.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 11.25 Gb Free Space | 15.10% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
Drive F: | 27.95 Gb Total Space | 7.42 Gb Free Space | 26.55% Space Free | Partition Type: NTFS
Drive G: | 298.02 Gb Total Space | 2.69 Gb Free Space | 0.90% Space Free | Partition Type: FAT32
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: STEVESBIYATCH
Current User Name: Steve
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
PRC - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/03/02 12:08:47 | 000,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2008/11/20 10:08:44 | 000,028,672 | ---- | M] () -- C:\WINDOWS\system32\UMonit.exe
PRC - [2008/05/02 02:44:08 | 000,805,392 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\SetPoint.exe
PRC - [2008/05/02 02:40:56 | 000,076,304 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.exe
PRC - [2008/04/14 08:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2008/04/04 11:38:00 | 000,088,584 | ---- | M] (Logitech Inc.) -- C:\Program Files\Logitech\Gaming Software\LWEMon.exe
PRC - [2008/01/16 06:54:54 | 000,037,376 | ---- | M] () -- C:\Program Files\Winamp5\winampa.exe
PRC - [2006/06/01 14:47:30 | 000,499,712 | ---- | M] () -- C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe
PRC - [2005/05/17 18:48:32 | 000,077,824 | R--- | M] (Realtek Semiconductor Corp.) -- C:\WINDOWS\SOUNDMAN.EXE
PRC - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\tcpsvcs.exe
PRC - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\DVDRAMSV.exe
PRC - [2003/03/14 10:38:12 | 000,155,648 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) -- C:\WINDOWS\system32\RAMASST.exe


========== Modules (SafeList) ==========

MOD - [2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
MOD - [2009/07/12 01:12:06 | 000,632,656 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll
MOD - [2008/05/02 02:42:50 | 000,045,584 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\lgscroll.dll
MOD - [2008/05/02 02:38:54 | 000,064,016 | ---- | M] (Logitech, Inc.) -- C:\Program Files\Logitech\SetPoint\GameHook.dll
MOD - [2008/04/14 08:11:50 | 000,060,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\cabinet.dll


========== Win32 Services (SafeList) ==========

SRV - [2009/07/21 13:34:33 | 000,185,089 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService)
SRV - [2009/05/13 15:48:22 | 000,108,289 | ---- | M] (Avira GmbH) [Auto | Running] -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService)
SRV - [2008/05/02 02:42:06 | 000,121,360 | ---- | M] (Logitech, Inc.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe -- (LBTServ)
SRV - [2006/12/14 02:21:20 | 000,045,056 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\MSCSPTISRV.exe -- (MSCSPTISRV)
SRV - [2006/12/14 02:02:08 | 000,069,632 | ---- | M] (Sony Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\SPTISRV.exe -- (SPTISRV)
SRV - [2006/12/14 01:46:16 | 000,057,344 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\Common Files\Sony Shared\AVLib\PACSPTISVR.exe -- (PACSPTISVR)
SRV - [2004/08/04 20:00:00 | 000,019,456 | ---- | M] (Microsoft Corporation) [Auto | Running] -- C:\WINDOWS\system32\tcpsvcs.exe -- (SimpTcp)
SRV - [2003/05/23 12:38:26 | 000,106,496 | ---- | M] (Matsushita Electric Industrial Co., Ltd.) [Auto | Running] -- C:\WINDOWS\system32\DVDRAMSV.exe -- (DVD-RAM_Service)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {73a6fe31-595d-460b-a920-fcc0f8843232}:1.9.9.50

FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/03/12 15:58:36 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/03/13 17:40:46 | 000,000,000 | ---D | M]

[2008/06/24 17:57:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Extensions
[2007/01/24 20:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\iycum9qa.default\extensions
[2010/03/19 07:30:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions
[2010/03/13 16:12:17 | 000,000,000 | ---D | M] (NoScript) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}
[2008/06/21 16:32:36 | 000,000,000 | ---D | M] (STOP! Hammertime!) -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\extensions\{f274730f-db76-4942-97ba-7984ab94f854}
[2007/01/26 16:58:21 | 000,002,392 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\all-music-guide-artist-search.xml
[2009/05/17 03:22:50 | 000,001,127 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\AllGameGuide.xml
[2007/01/26 16:57:50 | 000,002,343 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\allrecipes.xml
[2010/03/14 16:02:58 | 000,001,412 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\bittorrent.xml
[2006/10/26 02:39:21 | 000,002,214 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\cddball.xml
[2007/01/26 16:56:58 | 000,002,350 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\coveruniverse.xml
[2007/01/26 16:54:05 | 000,002,338 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebay.xml
[2007/01/26 16:57:44 | 000,002,388 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ebaycouk.xml
[2009/07/01 22:29:01 | 000,001,157 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\freedict.xml
[2007/01/26 16:58:12 | 000,002,351 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\gracenote-cddb.xml
[2007/01/26 16:57:32 | 000,002,329 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\icq-uin-search.xml
[2007/01/26 16:56:45 | 000,002,399 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\idp-translation.xml
[2008/06/24 21:53:56 | 000,000,908 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\IMDb.xml
[2007/01/26 16:58:18 | 000,002,370 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\ms-knowledge-base.xml
[2007/01/26 16:58:06 | 000,002,344 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\nslookup.xml
[2007/01/26 16:58:24 | 000,002,332 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\thesaurus.xml
[2007/01/26 16:58:00 | 000,002,340 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wayback-machine.xml
[2007/01/26 16:53:51 | 000,002,341 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\whois-service.xml
[2008/06/24 21:53:56 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Steve\Application Data\Mozilla\Firefox\Profiles\jn29xbtf.default\searchplugins\wikipedia.xml
[2010/03/19 07:30:03 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2007/07/03 13:12:00 | 000,925,696 | ---- | M] (Ganymede Technologies) -- C:\Program Files\Mozilla Firefox\plugins\NPBOARDS.dll
[2010/03/12 14:44:00 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 14:44:00 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 14:44:00 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 14:44:00 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2010/03/03 16:37:27 | 000,381,529 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 13145 more lines...
O2 - BHO: (Octh Class) - {000123B4-9B42-4900-B3F7-F4B073EFC214} - C:\Program Files\Orbit Downloader\orbitcth.dll (Orbitdownloader.com)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found.
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [Kernel and Hardware Abstraction Layer] C:\WINDOWS\KHALMNPR.Exe (Logitech, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [Start WingMan Profiler] C:\Program Files\Logitech\Gaming Software\LWEMon.exe (Logitech Inc.)
O4 - HKLM..\Run: [UMonit] C:\WINDOWS\system32\UMonit.exe ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp5\winampa.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe (Logitech, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\RAMASST.lnk = C:\WINDOWS\system32\RAMASST.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ZDWLan Utility.lnk = C:\Program Files\ZyDAS Technology Corporation\ZyDAS_802.11g_Utility\ZDWlan.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: &Download by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: &Grab video by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Do&wnload selected by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O8 - Extra context menu item: Down&load all by Orbit - C:\Program Files\Orbit Downloader\orbitmxt.dll (Orbitdownloader.com)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {39B0684F-D7BF-4743-B050-FDC3F48F7E3B} http://www.fileplanet.com/fpdlmgr/cabs/FPDC_2.3.2.100.cab (Reg Error: Key error.)
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} http://messenger.zone.msn.com/EN-AU/a-UNO1/GAME_UNO1.cab (UnoCtrl Class)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/mic...ls/en/x86/client/wuweb_site.cab?1263212115312 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/mic...ls/en/x86/client/muweb_site.cab?1263212104140 (MUWebControl Class)
O16 - DPF: {74DBCB52-F298-4110-951D-AD2FF67BC8AB} http://www.nvidia.com/content/DriverDownload/nforce/NvidiaSmartScan.cab (NVIDIA Smart Scan)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} http://messenger.zone.msn.com/binary/MessengerStatsPAClient.cab56907.cab (MessengerStatsClient Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\LBTWlgn: DllName - c:\program files\common files\logishrd\bluetooth\LBTWlgn.dll - c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll (Logitech, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Steve\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/10/17 09:56:50 | 000,000,036 | RH-- | M] () - G:\autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2002/10/28 13:03:12 | 000,000,000 | RH-D | M] - G:\autorun -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2010/03/19 18:15:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2010/03/19 08:26:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\iPhone Photos
[2010/03/18 15:57:36 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/03/18 05:34:02 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Steve\Recent
[2010/03/17 02:36:29 | 067,573,464 | ---- | C] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:57:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Local Settings\Application Data\VS Revo Group
[2010/03/16 11:51:47 | 006,595,320 | ---- | C] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:35 | 000,157,696 | ---- | C] (The RaProducts Team: Paul McLain and Fred de Vries) -- C:\Documents and Settings\Steve\Desktop\JavaRa.exe
[2010/03/15 10:14:59 | 000,000,000 | ---D | C] -- C:\WINDOWS\temp
[2010/03/15 10:05:11 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/03/15 10:00:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/03/15 10:00:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/03/15 10:00:45 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/03/15 10:00:45 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/03/15 10:00:24 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/03/15 09:59:04 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/03/14 16:12:21 | 000,555,008 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:08:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Boardmaker Saves
[2010/03/13 18:08:17 | 000,000,000 | ---D | C] -- C:\Program Files\Boardmaker with SD Pro
[2010/03/13 17:43:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Alcohol 120%
[2010/03/13 17:41:46 | 000,000,000 | ---D | C] -- C:\Program Files\Alcohol Soft
[2010/03/13 16:45:18 | 000,401,720 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/13 16:13:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\Downloads
[2010/03/12 19:08:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\My Documents\My GOLD
[2010/03/12 16:00:23 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2010/03/12 16:00:16 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2010/03/12 15:58:12 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/03/12 15:57:52 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/03/11 20:48:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Peer Block
[2010/03/11 17:49:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Dad's Fishing 11-03-2010
[2010/03/07 16:42:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Steve\Desktop\Polska
[2010/03/05 02:32:30 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2010/03/05 02:31:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/11/25 12:51:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/06/24 18:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2008/06/24 17:59:42 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2007/12/25 00:28:49 | 002,494,367 | ---- | C] (Plaino) -- C:\Program Files\FLVplayer.exe
[2007/01/27 19:06:14 | 005,689,344 | ---- | C] (Gabest) -- C:\Program Files\mplayerc.exe

========== Files - Modified Within 14 Days ==========

[2010/03/19 22:09:14 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/03/19 22:08:44 | 000,267,725 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml
[2010/03/19 22:08:35 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/03/19 22:08:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/03/19 18:18:23 | 031,981,568 | ---- | M] () -- C:\Documents and Settings\Steve\NTUSER.DAT
[2010/03/19 18:18:15 | 003,230,088 | -H-- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\IconCache.db
[2010/03/18 05:31:14 | 000,031,232 | ---- | M] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/03/18 04:26:15 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Steve\ntuser.ini
[2010/03/18 04:26:12 | 000,000,855 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/03/18 04:26:12 | 000,000,293 | RHS- | M] () -- C:\boot.ini
[2010/03/18 04:26:12 | 000,000,292 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/03/17 03:01:14 | 067,573,464 | ---- | M] ( ) -- C:\Documents and Settings\Steve\Desktop\setup_9.0.0.722_16.03.2010_20-33.exe
[2010/03/16 11:53:50 | 006,595,320 | ---- | M] (VS Revo Group ) -- C:\Documents and Settings\Steve\Desktop\RevoUninProSetup.exe
[2010/03/16 02:47:25 | 000,071,798 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 09:34:23 | 003,889,756 | R--- | M] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:42 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/14 16:12:31 | 000,555,008 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Steve\Desktop\OTL.exe
[2010/03/13 18:54:59 | 000,000,110 | ---- | M] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | M] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/13 16:45:26 | 000,401,720 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Steve\Desktop\HijackThis.exe
[2010/03/11 20:44:35 | 000,820,166 | ---- | M] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2010/03/08 14:40:49 | 000,056,816 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\drivers\avgntflt.sys

========== Files Created - No Company Name ==========

[2010/03/16 02:47:37 | 000,245,103 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.def
[2010/03/16 02:47:24 | 000,071,798 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\JavaRa.zip
[2010/03/15 10:05:17 | 000,000,223 | ---- | C] () -- C:\Boot.bak
[2010/03/15 10:05:14 | 000,260,272 | ---- | C] () -- C:\cmldr
[2010/03/15 10:00:46 | 000,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/03/15 10:00:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/03/15 10:00:45 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/03/15 10:00:45 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/03/15 10:00:45 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/03/15 09:33:10 | 003,889,756 | R--- | C] () -- C:\Documents and Settings\Steve\Desktop\ComboFix.exe
[2010/03/14 16:13:37 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\fw272e53.exe
[2010/03/13 17:45:49 | 000,000,110 | ---- | C] () -- C:\Documents and Settings\Steve\My Documents\ax_files.xml
[2010/03/13 17:39:15 | 000,691,696 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2010/03/11 20:44:21 | 000,820,166 | ---- | C] () -- C:\Documents and Settings\Steve\Desktop\PeerBlock_r181__Win32_Release.zip
[2009/11/06 10:58:04 | 000,178,975 | ---- | C] () -- C:\WINDOWS\System32\xlive.dll.cat
[2009/10/22 21:45:53 | 000,000,043 | ---- | C] () -- C:\WINDOWS\gswin32.ini
[2009/07/18 09:19:16 | 000,263,104 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2009/04/20 12:03:30 | 000,000,002 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\ceville_console_history.txt
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg7.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg6.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg5.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg4.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg3.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg2.ini
[2009/03/20 00:24:12 | 000,001,368 | ---- | C] () -- C:\WINDOWS\System32\IconCfg0.ini
[2009/03/20 00:24:12 | 000,001,367 | ---- | C] () -- C:\WINDOWS\System32\IconCfg1.ini
[2008/12/13 00:48:16 | 000,000,604 | ---- | C] () -- C:\WINDOWS\Wlf.INI
[2008/11/20 15:35:15 | 000,010,886 | R--- | C] () -- C:\WINDOWS\System32\RdCi1009.dll
[2008/10/24 19:30:32 | 000,279,712 | ---- | C] () -- C:\WINDOWS\System32\drivers\atksgt.sys
[2008/10/24 19:30:32 | 000,025,888 | ---- | C] () -- C:\WINDOWS\System32\drivers\lirsgt.sys
[2008/10/13 14:25:55 | 000,000,223 | ---- | C] () -- C:\WINDOWS\CDPlayer.ini
[2008/10/08 19:24:17 | 000,000,024 | ---- | C] () -- C:\WINDOWS\wldtlk37.ini
[2008/10/07 20:45:26 | 000,000,051 | ---- | C] () -- C:\WINDOWS\tlknw37.ini
[2008/10/07 20:27:47 | 000,000,041 | ---- | C] () -- C:\WINDOWS\winampa.ini
[2008/10/07 09:13:30 | 000,197,912 | ---- | C] () -- C:\WINDOWS\System32\physxcudart_20.dll
[2008/10/07 09:13:22 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelTraditionalChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSwedish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSpanish.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelSimplifiedChinese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelPortugese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelKorean.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelJapanese.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelGerman.dll
[2008/10/07 09:13:20 | 000,058,648 | ---- | C] () -- C:\WINDOWS\System32\AgCPanelFrench.dll
[2008/02/07 21:43:17 | 000,001,065 | ---- | C] () -- C:\WINDOWS\winamp.ini
[2007/11/26 13:46:14 | 000,015,488 | ---- | C] () -- C:\WINDOWS\System32\drivers\ScFBPNT2.sys
[2007/11/13 16:32:35 | 000,022,328 | ---- | C] () -- C:\Documents and Settings\Steve\Application Data\PnkBstrK.sys
[2007/10/24 08:47:47 | 000,000,319 | ---- | C] () -- C:\WINDOWS\game.ini
[2007/10/04 16:14:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2007/09/26 20:34:13 | 000,138,944 | ---- | C] () -- C:\WINDOWS\System32\drivers\PnkBstrK.sys
[2007/07/31 19:36:35 | 000,000,020 | ---- | C] () -- C:\WINDOWS\musicmv.INI
[2007/07/23 19:25:35 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2007/06/26 01:26:00 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD.dll
[2007/06/26 01:26:00 | 000,015,872 | ---- | C] () -- C:\WINDOWS\System32\InsDrvZD64.DLL
[2007/06/01 19:50:35 | 000,043,520 | ---- | C] () -- C:\WINDOWS\System32\CmdLineExt03.dll
[2007/05/27 14:47:00 | 000,532,480 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Sony.dll
[2007/05/20 02:09:50 | 000,000,023 | ---- | C] () -- C:\WINDOWS\BlendSettings.ini
[2007/05/19 10:26:33 | 000,027,648 | ---- | C] () -- C:\WINDOWS\System32\AVSredirect.dll
[2007/05/19 10:26:32 | 000,394,240 | ---- | C] () -- C:\WINDOWS\System32\Smab.dll
[2007/05/04 21:03:24 | 000,000,089 | ---- | C] () -- C:\WINDOWS\graphedt.INI
[2007/05/04 17:55:49 | 000,003,972 | ---- | C] () -- C:\WINDOWS\System32\drivers\PciBus.sys
[2007/05/03 16:14:07 | 000,000,010 | ---- | C] () -- C:\WINDOWS\WININIT.INI
[2007/04/28 18:04:26 | 000,021,840 | ---- | C] () -- C:\WINDOWS\System32\SIntfNT.dll
[2007/04/28 18:04:26 | 000,017,212 | ---- | C] () -- C:\WINDOWS\System32\SIntf32.dll
[2007/04/28 18:04:26 | 000,012,067 | ---- | C] () -- C:\WINDOWS\System32\SIntf16.dll
[2007/03/20 20:28:07 | 000,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2007/03/05 19:11:55 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2007/03/05 19:11:55 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2007/02/26 20:52:01 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\fusioncache.dat
[2007/01/27 20:38:42 | 000,031,232 | ---- | C] () -- C:\Documents and Settings\Steve\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/01/26 16:04:14 | 000,007,680 | ---- | C] () -- C:\WINDOWS\System32\CNMVS6d.DLL
[2007/01/25 20:33:29 | 000,001,390 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2007/01/25 20:33:29 | 000,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2007/01/25 20:33:29 | 000,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2007/01/24 19:41:09 | 000,000,164 | R--- | C] () -- C:\WINDOWS\avrack.ini
[2007/01/24 19:41:02 | 000,156,672 | R--- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll

========== LOP Check ==========

[2008/08/18 11:56:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Codemasters
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DriverScanner
[2009/04/18 15:15:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\id Software
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2008/10/30 21:10:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2010/03/03 01:31:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/07/21 15:07:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Test Drive Unlimited
[2007/06/02 20:53:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ubisoft
[2009/09/12 16:55:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/07/17 16:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/11/28 17:09:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Activision
[2007/08/05 01:34:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\ArtificialStudios
[2007/09/09 17:35:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Bioshock
[2009/10/01 04:59:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\bitolithic
[2007/03/21 17:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\CD-LabelPrint
[2009/10/01 16:15:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\cYo
[2009/07/25 12:50:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\dBpoweramp
[2007/08/08 16:18:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\GanymedeNet
[2009/04/01 13:59:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\id Software
[2010/02/08 00:48:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Internode
[2008/01/07 19:42:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Leadertech
[2009/07/10 17:14:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\LucasArts
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\NCH Swift Sound
[2008/01/19 16:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Orbit
[2008/06/19 13:10:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Recordpad
[2007/09/16 00:36:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Softland
[2010/02/19 13:52:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony
[2008/10/02 16:31:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Sony Setup
[2008/09/19 19:23:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE
[2008/09/04 11:00:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SPORE Creature Creator
[2007/03/05 15:53:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SumatraPDF
[2009/08/18 13:13:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\System Requirements Lab BETA
[2009/08/28 14:30:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\SystemRequirementsLab
[2008/05/16 15:27:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Teleca
[2009/09/19 14:26:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Uniblue
[2008/11/17 19:31:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\Windows Search
[2009/07/22 13:48:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\XLink Kai
[2009/08/24 19:37:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Steve\Application Data\yoclient

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >


< MD5 for: AGP440.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/14 02:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2004/08/04 20:00:00 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/11/18 09:52:07 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/14 02:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0001\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/04 20:00:00 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0003\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/14 08:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 20:00:00 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/14 08:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 20:00:00 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: NVATABUS.SYS >
[2005/03/14 17:05:08 | 000,091,776 | R--- | M] (NVIDIA Corporation) MD5=52CAB126C3ED5B851FB80EBA0BEA5C4E -- C:\WINDOWS\system32\drivers\nvatabus.sys

< MD5 for: SCECLI.DLL >
[2004/08/04 20:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/14 08:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

========== Files - Unicode (All) ==========
[2010/02/09 16:38:17 | 000,000,081 | ---- | M] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット　エクストリームコンディション攻略 ターゲットマークの配置.URL
[2010/02/09 16:38:17 | 000,000,081 | ---- | C] ()(C:\Documents and Settings\Steve\Desktop\Xbox C4 ???????? ???????????????? ???????????.URL) -- C:\Documents and Settings\Steve\Desktop\Xbox C4 ロストプラネット　エクストリームコンディション攻略 ターゲットマークの配置.URL

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5C321E34
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E29ACA54
< End of report >

 

[IndiGenus]

Hi,

Okay, I think we can clean up our tools.

Uninstall Combofix

• Click START then RUN
• Now type Combofix /Uninstall in the runbox and click OK. Note the space between the X and the /U, it needs to be there.

The above procedure will:

• Delete the following: ComboFix and its associated files and folders.
• Reset the clock settings.
• Hide file extensions, if required.
• Hide System/Hidden files, if required.
• Reset System Restore.

+++++++++++++++++++++

• Make sure you have an Internet Connection.
• Run OTL.
• Click on the CleanUp! button
• A list of tool components used in the Cleanup of malware will be downloaded.
• If your Firewall or Real Time protection attempts to block OTM to rech the Internet, please allow the application to do so.
• Click Yes to beging the Cleanup process and remove these components, including this application.
• You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.

+++++++++++++++++++++++++

Have you tried installing Java since running OTL this last time? If not then try. And have you tried both the online and offline installers?

 

[MaximumMayhem]

Hi Indi. Both OTL and Cobmofix have been successfully removed. I have since tried installing the Java JRE and get the same problem. If I use the offline installler, I double click the setup executable and get a cursor hourglass up for one second and then nothing. If I use the online variant, I get the following error:

So unfortunately, we're still at a dead end with this one.

 

[IndiGenus]

Hi,

I've done a bit of research and have seen some others with the same issue, but haven't really found a solid fix. Most point to a Firewall blocking the install, which is possible, though I doubt it, as it's only the XP Firewall you have running....you could try disabling it and see what happens (temporarily of course).

Now that you're clean I would suggest you post over at one of the other forums. There are many good ones but GeeksToGo is pretty active and they have some great techs over there. I would suggest you post the issue in the following forum.

http://www.geekstogo.com/forum/Applications-f12.html

Drop a link to back here to let them know what we've been up to and what we've tried. That should also confirm to them you're clean.

Let me know how you make out and I'll keep looking into it also and post back if I find anything.

 

[MaximumMayhem]

Thanks very much Indi, I will do just that

Thanks so much for putting so much time and effort into helping me. I really appreciate it. You guys and girls are truly amazing! :thanks: