Whoot. Here it goes... OTL OTL logfile created on: 2/15/2010 4:15:25 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Joe\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): C:\pagefile.sys 1104 2208 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14.65 Gb Total Space | 0.30 Gb Free Space | 2.05% Space Free | Partition Type: NTFS Drive D: | 22.62 Gb Total Space | 5.23 Gb Free Space | 23.10% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: MJ1 Current User Name: Joe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Processes (SafeList) ========== PRC - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools) PRC - C:\Program Files\LogMeIn\x86\ramaint.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LMIGuardian.exe (LogMeIn, Inc.) PRC - C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () PRC - C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmPfw.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TmProxy.exe () PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) PRC - C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) PRC - C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) PRC - C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) PRC - C:\Program Files\Trend Micro\BM\TMBMSRV.exe () PRC - C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) PRC - C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation) PRC - C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) PRC - C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) PRC - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation) PRC - C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Symantec Corporation) ========== Modules (SafeList) ========== MOD - C:\Documents and Settings\Joe\Desktop\OTL.exe (OldTimer Tools) MOD - C:\WINDOWS\AppPatch\aclayers.dll (Microsoft Corporation) MOD - C:\WINDOWS\system32\shimeng.dll (Microsoft Corporation) ========== Win32 Services (SafeList) ========== SRV - (LMIMaint) -- C:\Program Files\LogMeIn\x86\RaMaint.exe (LogMeIn, Inc.) SRV - (SfCtlCom) -- C:\Program Files\Trend Micro\Internet Security\SfCtlCom.exe () SRV - (TmPfw) -- C:\Program Files\Trend Micro\Internet Security\TmPfw.exe () SRV - (TmProxy) -- C:\Program Files\Trend Micro\Internet Security\TmProxy.exe () SRV - (JavaQuickStarterService) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.) SRV - (SeaPort) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe (Microsoft Corporation) SRV - (TMBMServer) -- C:\Program Files\Trend Micro\BM\TMBMSRV.exe () SRV - (odserv) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation) SRV - (LogMeIn) -- C:\Program Files\LogMeIn\x86\LogMeIn.exe (LogMeIn, Inc.) SRV - (hpqcxs08) -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll (Hewlett-Packard Co.) SRV - (Pml Driver HPZ12) -- C:\WINDOWS\system32\HPZIPM12.DLL (Hewlett-Packard) SRV - (Net Driver HPZ12) -- C:\WINDOWS\system32\HPZINW12.DLL (Hewlett-Packard) SRV - (ose) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation) SRV - (GhostStartService) -- C:\Program Files\Symantec\Norton Ghost 2003\GhostStartService.exe (Symantec Corporation) ========== Driver Services (SafeList) ========== DRV - (LMIRfsClientNP) -- C:\WINDOWS\system32\LMIRfsClientNP.dll (LogMeIn, Inc.) DRV - (tmxpflt) -- C:\WINDOWS\system32\drivers\tmxpflt.sys (Trend Micro Inc.) DRV - (tmpreflt) -- C:\WINDOWS\system32\drivers\tmpreflt.sys (Trend Micro Inc.) DRV - (vsapint) -- C:\WINDOWS\system32\drivers\vsapint.sys (Trend Micro Inc.) DRV - (tmactmon) -- C:\WINDOWS\system32\drivers\tmactmon.sys () DRV - (tmevtmgr) -- C:\WINDOWS\system32\drivers\tmevtmgr.sys () DRV - (tmcomm) -- C:\WINDOWS\system32\drivers\tmcomm.sys () DRV - (tmtdi) -- C:\WINDOWS\system32\drivers\tmtdi.sys (Trend Micro Inc.) DRV - (tmcfw) -- C:\WINDOWS\system32\drivers\TM_CFW.sys (Trend Micro Inc.) DRV - (LMIInfo) -- C:\Program Files\LogMeIn\x86\rainfo.sys (LogMeIn, Inc.) DRV - (LMIRfsDriver) -- C:\WINDOWS\system32\drivers\LMIRfsDriver.sys (LogMeIn, Inc.) DRV - (lmimirr) -- C:\WINDOWS\system32\drivers\lmimirr.sys (LogMeIn, Inc.) DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation) DRV - (sisagp) -- C:\WINDOWS\System32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation) DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\USBAUDIO.sys (Microsoft Corporation) DRV - (Secdrv) -- C:\WINDOWS\system32\drivers\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) DRV - (SiSkp) -- C:\WINDOWS\system32\drivers\srvkp.sys (Silicon Integrated Systems Corporation) DRV - (SiS315) -- C:\WINDOWS\system32\drivers\sisgrp.sys (Silicon Integrated Systems Corporation) DRV - (GhPciScan) -- C:\Program Files\Symantec\Norton Ghost 2003\GhPciScan.sys (Symantec Corporation) DRV - (Aspi32) -- C:\WINDOWS\system32\drivers\ASPI32.SYS (Adaptec) DRV - (smwdm) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.) DRV - (SISNIC) -- C:\WINDOWS\system32\drivers\sisnic.sys (SiS Corporation) DRV - (Ptilink) -- C:\WINDOWS\system32\drivers\ptilink.sys (Parallel Technologies, Inc.) DRV - (SiSide) -- C:\WINDOWS\System32\DRIVERS\siside.sys (Silicon Integrated Systems Corp.) DRV - (sisidex) -- C:\WINDOWS\system32\drivers\sisidex.sys (Windows ® 2000 DDK provider) DRV - (sisperf) -- C:\WINDOWS\system32\drivers\sisperf.sys (Silicon Integrated Systems Corp.) DRV - (aeaudio) -- C:\WINDOWS\system32\drivers\aeaudio.sys (Andrea Electronics Corporation) DRV - (StillCam) -- C:\WINDOWS\system32\drivers\serscan.sys (Microsoft Corporation) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-19\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-20\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKU\S-1-5-21-329068152-1284227242-1801674531-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/ IE - HKU\S-1-5-21-329068152-1284227242-1801674531-1004\S-1-5-21-329068152-1284227242-1801674531-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 O1 HOSTS File: ([2010/02/15 13:56:11 | 000,002,065 | RHS- | M]) - C:\WINDOWS\system32\drivers\etc\hosts O1 - Hosts: 74.125.45.100 4-open-davinci.com O1 - Hosts: 74.125.45.100 securitysoftwarepayments.com O1 - Hosts: 74.125.45.100 privatesecuredpayments.com O1 - Hosts: 74.125.45.100 secure.privatesecuredpayments.com O1 - Hosts: 74.125.45.100 getantivirusplusnow.com O1 - Hosts: 74.125.45.100 secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getantivirusplusnow.com O1 - Hosts: 74.125.45.100 www.secure-plus-payments.com O1 - Hosts: 74.125.45.100 www.getavplusnow.com O1 - Hosts: 74.125.45.100 safebrowsing-cache.google.com O1 - Hosts: 74.125.45.100 urs.microsoft.com O1 - Hosts: 74.125.45.100 www.securesoftwarebill.com O1 - Hosts: 74.125.45.100 secure.paysecuresystem.com O1 - Hosts: 74.125.45.100 paysoftbillsolution.com O1 - Hosts: 74.125.45.100 protected.maxisoftwaremart.com O1 - Hosts: 94.228.209.236 www.google.com O1 - Hosts: 94.228.209.236 google.com O1 - Hosts: 94.228.209.236 google.com.au O1 - Hosts: 94.228.209.236 www.google.com.au O1 - Hosts: 94.228.209.236 google.be O1 - Hosts: 94.228.209.236 www.google.be O1 - Hosts: 94.228.209.236 google.com.br O1 - Hosts: 94.228.209.236 www.google.com.br O1 - Hosts: 94.228.209.236 google.ca O1 - Hosts: 94.228.209.236 www.google.ca O1 - Hosts: 37 more lines... O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated) O2 - BHO: (Skype add-on (mastermind)) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (MSN Toolbar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.) O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (MSN Toolbar) - {1E61ED7C-7CB8-49d6-B9E9-AB4C880C8414} - C:\Program Files\MSN\Toolbar\3.0.1125.0\msneshellx.dll (Microsoft Corp.) O4 - HKLM..\Run: [GhostStartTrayApp] C:\Program Files\Symantec\Norton Ghost 2003\GhostStartTrayApp.exe (Symantec Corporation) O4 - HKLM..\Run: [LogMeIn GUI] C:\Program Files\LogMeIn\x86\LogMeInSystray.exe (LogMeIn, Inc.) O4 - HKLM..\Run: [Microsoft Default Manager] C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe (Microsoft Corp.) O4 - HKLM..\Run: [siS Windows KeyHook] C:\WINDOWS\system32\Keyhook.exe (Silicon Integrated Systems Corporation) O4 - HKLM..\Run: [ufSeAgnt.exe] C:\Program Files\Trend Micro\Internet Security\UfSeAgnt.exe () O4 - HKLM..\Run: [userFaultCheck] File not found O4 - HKU\.DEFAULT..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-18..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-19..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-20..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-21-329068152-1284227242-1801674531-1004..\Run: [OE] C:\Program Files\Trend Micro\Internet Security\TMAS_OE\TMAS_OEMon.exe (Trend Micro Inc.) O4 - HKU\S-1-5-21-329068152-1284227242-1801674531-1004..\Run: [skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation) O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O7 - HKU\S-1-5-21-329068152-1284227242-1801674531-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145 O9 - Extra Button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll (Skype Technologies S.A.) O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupd...b?1230168500243 (WUWebControl Class) O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdat...b?1230168550618 (MUWebControl Class) O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...r/ultrashim.cab (Reg Error: Key error.) O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer.dl.3dvia.com/player/in...r_installer.exe (Virtools WebPlayer Class) O16 - DPF: {FFB3A759-98B1-446F-BDA9-909C6EB18CC7} http://utilities.pcpitstop.com/optimize2/pcpitstop2.dll (PCPitstop Exam) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254 O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation) O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O20 - Winlogon\Notify\LMIinit: DllName - LMIinit.dll - C:\WINDOWS\System32\LMIinit.dll (LogMeIn, Inc.) O24 - Desktop WallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O24 - Desktop BackupWallPaper: C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft\Wallpaper1.bmp O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2008/12/24 20:18:06 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ] O32 - AutoRun File - [2005/09/26 23:42:46 | 000,000,026 | R--- | M] () - H:\autorun.inf -- [ CDFS ] O33 - MountPoints2\{dc2646d6-d2ec-11dd-a0b6-000ea6349306}\Shell - "" = AutoRun O33 - MountPoints2\{dc2646d6-d2ec-11dd-a0b6-000ea6349306}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{dc2646d6-d2ec-11dd-a0b6-000ea6349306}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck autochk *) - File not found O35 - comfile [open] -- "%1" %* O35 - exefile [open] -- "%1" %* ========== Files/Folders - Created Within 30 Days ========== [2010/02/15 16:14:24 | 000,549,376 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe [2010/02/15 15:14:35 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\IECompatCache [2010/02/15 15:12:52 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\PrivacIE [2010/02/15 15:10:22 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Joe\IETldCache [2010/02/15 15:07:14 | 000,000,000 | ---D | C] -- C:\WINDOWS\ie8updates [2010/02/15 15:04:39 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8 [2010/02/15 12:50:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\Malwarebytes [2010/02/15 12:50:30 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2010/02/15 12:50:26 | 000,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2010/02/15 12:50:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes [2010/02/15 12:50:25 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware [2010/02/14 16:16:09 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\MSEVSW [2010/02/14 16:14:37 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\All Users\Application Data\13a6568 [2010/01/31 15:40:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Google [2010/01/31 14:49:41 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Works [2010/01/31 14:44:54 | 000,000,000 | RH-D | C] -- C:\MSOCache [2010/01/31 14:22:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\Microsoft Help [2010/01/31 14:22:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Microsoft Help [2010/01/30 19:48:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Local Settings\Application Data\3DVIA [2010/01/30 19:42:17 | 000,000,000 | ---D | C] -- C:\Program Files\Virtools [2010/01/30 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Application Data\GetRightToGo [2010/01/30 18:36:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Joe\Desktop\Downloads [2009/12/03 09:04:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ICS [2009/12/03 08:34:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Temp [2009/10/03 01:21:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Temp [2009/05/06 15:23:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Google [2009/04/21 20:21:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google [2008/12/24 21:10:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft [2008/12/24 20:21:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft [2008/12/24 20:17:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft [2008/12/24 20:17:45 | 000,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 D:\Joes Documents\*.tmp files -> D:\Joes Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files - Modified Within 30 Days ========== [2010/02/15 16:14:32 | 000,549,376 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joe\Desktop\OTL.exe [2010/02/15 15:45:00 | 000,000,978 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1284227242-1801674531-1006UA.job [2010/02/15 15:10:15 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT [2010/02/15 15:10:12 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat [2010/02/15 15:09:21 | 003,670,016 | -H-- | M] () -- C:\Documents and Settings\Joe\NTUSER.DAT [2010/02/15 15:09:18 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Joe\ntuser.ini [2010/02/15 15:08:05 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK [2010/02/15 14:45:25 | 000,020,992 | ---- | M] () -- D:\Joes Documents\Step 2.doc [2010/02/15 13:56:11 | 000,002,065 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.bak [2010/02/15 13:56:11 | 000,002,065 | RHS- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts [2010/02/15 12:50:33 | 000,000,702 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/14 17:45:00 | 000,000,926 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-329068152-1284227242-1801674531-1006Core.job [2010/02/14 15:45:28 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl [2010/02/12 11:01:20 | 000,038,912 | ---- | M] () -- D:\Joes Documents\Adrianna charrie sheet.doc [2010/02/11 21:27:20 | 000,026,112 | ---- | M] () -- D:\Joes Documents\Character Sheet Form.doc [2010/02/10 14:16:43 | 000,759,808 | ---- | M] () -- D:\Joes Documents\DRoP1.doc [2010/02/09 22:12:17 | 000,020,480 | ---- | M] () -- D:\Joes Documents\Pei Wei Restaurant Review.doc [2010/02/08 22:34:18 | 001,283,072 | ---- | M] () -- D:\Joes Documents\College_Bound_-_January_2010.doc [2010/02/06 14:53:28 | 000,290,088 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2010/02/05 23:31:57 | 000,000,000 | -HS- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\66a50jD3Vpls [2010/02/03 23:05:44 | 000,324,608 | ---- | M] () -- D:\Joes Documents\Newspaper.pub [2010/02/03 23:05:32 | 001,158,656 | ---- | M] () -- D:\Joes Documents\February Issue.pub [2010/02/03 22:14:51 | 000,017,788 | ---- | M] () -- D:\Joes Documents\graph.emf [2010/02/03 13:49:46 | 000,020,992 | ---- | M] () -- D:\Joes Documents\NEWSPAPER MEETING PLAN 2.doc [2010/02/02 20:54:38 | 000,081,776 | ---- | M] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\GDIPFONTCACHEV1.DAT [2010/02/01 00:14:50 | 000,024,064 | ---- | M] () -- D:\Joes Documents\newspaper shtuff.doc [2010/02/01 00:14:39 | 000,047,104 | ---- | M] () -- D:\Joes Documents\articles_4_paper.doc [2010/01/31 22:52:44 | 000,249,005 | ---- | M] () -- D:\Joes Documents\Newspaper_pub.zip [2010/01/31 20:07:16 | 000,013,381 | ---- | M] () -- D:\Joes Documents\Celiac%20Follow%20Up%20wordpad[1].rtf [2010/01/31 18:06:04 | 000,025,088 | ---- | M] () -- D:\Joes Documents\Doc2.doc [2010/01/31 17:24:19 | 000,030,720 | ---- | M] () -- D:\Joes Documents\Da Interviews FOO.doc [2010/01/30 09:40:20 | 000,053,760 | ---- | M] () -- D:\Joes Documents\High School Transcript.doc [2010/01/25 11:58:48 | 000,022,016 | ---- | M] () -- D:\Joes Documents\mike his.doc [2010/01/21 20:34:16 | 000,019,968 | ---- | M] () -- D:\Joes Documents\a stupid woman.doc [2010/01/21 20:26:20 | 000,020,480 | ---- | M] () -- D:\Joes Documents\MEETING PLAN.doc [2010/01/21 20:18:30 | 000,002,497 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Office Word 2003.lnk [2010/01/19 19:29:46 | 000,022,016 | ---- | M] () -- D:\Joes Documents\Mike.doc [2010/01/19 19:21:01 | 000,000,030 | ---- | M] () -- C:\WINDOWS\Iedit.INI [4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ] [1 D:\Joes Documents\*.tmp files -> D:\Joes Documents\*.tmp -> ] [1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ] ========== Files Created - No Company Name ========== [2010/02/15 14:45:24 | 000,020,992 | ---- | C] () -- D:\Joes Documents\Step 2.doc [2010/02/15 12:50:33 | 000,000,702 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk [2010/02/11 22:24:17 | 000,038,912 | ---- | C] () -- D:\Joes Documents\Adrianna charrie sheet.doc [2010/02/11 21:27:20 | 000,026,112 | ---- | C] () -- D:\Joes Documents\Character Sheet Form.doc [2010/02/09 21:34:12 | 000,020,480 | ---- | C] () -- D:\Joes Documents\Pei Wei Restaurant Review.doc [2010/02/08 22:34:14 | 001,283,072 | ---- | C] () -- D:\Joes Documents\College_Bound_-_January_2010.doc [2010/02/08 21:36:57 | 000,759,808 | ---- | C] () -- D:\Joes Documents\DRoP1.doc [2010/02/05 23:31:57 | 000,000,000 | -HS- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\66a50jD3Vpls [2010/02/03 22:14:50 | 000,017,788 | ---- | C] () -- D:\Joes Documents\graph.emf [2010/02/03 13:49:46 | 000,020,992 | ---- | C] () -- D:\Joes Documents\NEWSPAPER MEETING PLAN 2.doc [2010/02/01 00:14:49 | 000,024,064 | ---- | C] () -- D:\Joes Documents\newspaper shtuff.doc [2010/02/01 00:08:37 | 000,324,608 | ---- | C] () -- D:\Joes Documents\Newspaper.pub [2010/02/01 00:01:45 | 001,158,656 | ---- | C] () -- D:\Joes Documents\February Issue.pub [2010/01/31 22:52:42 | 000,249,005 | ---- | C] () -- D:\Joes Documents\Newspaper_pub.zip [2010/01/31 20:06:49 | 000,013,381 | ---- | C] () -- D:\Joes Documents\Celiac%20Follow%20Up%20wordpad[1].rtf [2010/01/31 18:06:04 | 000,025,088 | ---- | C] () -- D:\Joes Documents\Doc2.doc [2010/01/31 17:24:19 | 000,030,720 | ---- | C] () -- D:\Joes Documents\Da Interviews FOO.doc [2010/01/31 14:50:24 | 000,047,104 | ---- | C] () -- D:\Joes Documents\articles_4_paper.doc [2010/01/30 09:40:20 | 000,053,760 | ---- | C] () -- D:\Joes Documents\High School Transcript.doc [2010/01/23 15:00:51 | 000,022,016 | ---- | C] () -- D:\Joes Documents\mike his.doc [2010/01/21 20:34:16 | 000,019,968 | ---- | C] () -- D:\Joes Documents\a stupid woman.doc [2010/01/21 20:26:19 | 000,020,480 | ---- | C] () -- D:\Joes Documents\MEETING PLAN.doc [2010/01/19 19:29:45 | 000,022,016 | ---- | C] () -- D:\Joes Documents\Mike.doc [2008/12/29 13:57:05 | 000,000,030 | ---- | C] () -- C:\WINDOWS\Iedit.INI [2008/12/26 11:32:39 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI [2008/12/25 21:37:47 | 000,153,104 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmcomm.sys [2008/12/25 21:37:47 | 000,050,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmevtmgr.sys [2008/12/25 21:37:47 | 000,050,192 | ---- | C] () -- C:\WINDOWS\System32\drivers\tmactmon.sys [2008/12/25 18:00:49 | 000,007,362 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log [2008/12/24 21:24:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Joe\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2008/12/24 21:06:02 | 000,755,200 | ---- | C] () -- C:\WINDOWS\System32\ir50_32.dll [2008/12/24 21:06:02 | 000,338,432 | ---- | C] () -- C:\WINDOWS\System32\ir41_qcx.dll [2008/12/24 21:06:02 | 000,200,192 | ---- | C] () -- C:\WINDOWS\System32\ir50_qc.dll [2008/12/24 21:06:02 | 000,183,808 | ---- | C] () -- C:\WINDOWS\System32\ir50_qcx.dll [2008/12/24 21:06:02 | 000,120,320 | ---- | C] () -- C:\WINDOWS\System32\ir41_qc.dll [2008/12/24 20:31:41 | 000,139,264 | R--- | C] () -- C:\WINDOWS\System32\IDEproperty.dll [2008/12/24 20:26:43 | 000,121,948 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini [2008/12/24 20:26:28 | 000,108,562 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini [2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL [2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI < End of report > Extras: OTL Extras logfile created on: 2/15/2010 4:15:26 PM - Run 1 OTL by OldTimer - Version 3.1.28.0 Folder = C:\Documents and Settings\Joe\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy 1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 53.00% Memory free 2.00 Gb Paging File | 2.00 Gb Available in Paging File | 77.00% Paging File free Paging file location(s): C:\pagefile.sys 1104 2208 [binary data] %SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files Drive C: | 14.65 Gb Total Space | 0.30 Gb Free Space | 2.05% Space Free | Partition Type: NTFS Drive D: | 22.62 Gb Total Space | 5.23 Gb Free Space | 23.10% Space Free | Partition Type: NTFS E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded Drive H: | 3.78 Gb Total Space | 0.00 Gb Free Space | 0.00% Space Free | Partition Type: CDFS I: Drive not present or media not loaded Computer Name: MJ1 Current User Name: Joe Logged in as Administrator. Current Boot Mode: Normal Scan Mode: All users Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Minimal ========== Extra Registry (SafeList) ========== ========== File Associations ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>] .html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation) ========== Shell Spawning ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command] batfile [open] -- "%1" %* cmdfile [open] -- "%1" %* comfile [open] -- "%1" %* exefile [open] -- "%1" %* htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation) htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation) piffile [open] -- "%1" %* regfile [merge] -- Reg Error: Key error. scrfile [config] -- "%1" scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation) scrfile [open] -- "%1" /S txtfile [edit] -- Reg Error: Key error. Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1 Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation) Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation) Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation) Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation) CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation) ========== Security Center Settings ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center] "AntiVirusDisableNotify" = 0 "FirewallDisableNotify" = 0 "UpdatesDisableNotify" = 0 "AntiVirusOverride" = 0 "FirewallOverride" = 0 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall] "DisableMonitoring" = 1 [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile] "EnableFirewall" = 0 "DoNotAllowExceptions" = 0 "DisableNotifications" = 1 ========== Authorized Applications List ========== [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List] [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List] "H:\setup\HPZNUI01.EXE" = H:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqscnvw.exe:*:Enabled:hpqscnvw.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.) "C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- File not found "C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqnrs08.exe:*:Enabled:hpqnrs08.exe -- File not found "C:\Program Files\TRACKSTERS\update.exe" = C:\Program Files\TRACKSTERS\update.exe:*:Enabled:TrueUpdate Client -- () "C:\Program Files\TRACKSTERS\Tracksters.exe" = C:\Program Files\TRACKSTERS\Tracksters.exe:*:Enabled:Tracksters -- () "C:\Documents and Settings\All Users\Application Data\13a6568\MS13a6.exe" = C:\Documents and Settings\All Users\Application Data\13a6568\MS13a6.exe:*:Enabled:My Security Wall -- () "C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- (Skype Technologies S.A.) ========== HKEY_LOCAL_MACHINE Uninstall List ========== [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall] "{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR "{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype