Jump to content

AntiVirus 2010, hijack and malwairebutes wont scan


Recommended Posts

Hello,

I am in safe mode, malewarebytes and hijackthis will not scan. I have tried install/uninstall and renaming installation folders and executables.

The initial indication was an Antivirus 2010 background image and the inability to run hijack, maleware, or MS security essentials.

I have even ran a Trinity Boot Recovery DVD that runs a scan, it didn't find anything.

Link to post
Share on other sites

  • Replies 51
  • Created
  • Last Reply

Top Posters In This Topic

Welcome to the forum

Please download and run ComboFix:

A few notes first:

  • ComboFix is compatible exclusively with W2K, XP, Vista, and Windows 7 (32-bit only).
  • ComboFix must be run from an Administrative account.
  • Vista and W7 users - Right click, choose "Run as Administrator"
  • It must be downloaded to and run from your desktop.
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can and will interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
    ComboFix Guide <---please read!

---------------------------

Download ComboFix from one of these locations:

Link 1

Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon and choose disable/exit. More info HERE<-------
    They may interfere with the running of ComboFix.
  • Double click on ComboFix.exe & follow the prompts.
    Notes: Combofix will run without the Recovery Console installed. Skip the Recovery Console part if you're running Vista or Windows 7.
    Note: If you have SP3, use the SP2 package.
    If Vista or Windows 7, skip the Recovery Console part
  • ComboFix will check to see if the Microsoft Windows Recovery Console is installed. It's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

RC1.png

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

RC2-1.png

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt using Copy / Paste in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.

2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.

3. Combofix permanently prevents autorun of ALL CD, floppy and USB devices to assist with malware removal & increase security.

Keeping Autorun enabled on USB and other removable drives has become a significant security risk due to the increasing number of malware variants that can infect them and transfer the infection to your computer. Read USB-Based Malware Attacks

and Please disable Autorun ASAP!.

4. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

If a reboot doesn't restore your connection, please try this:

Check HERE

For XP systems download and run WinSockFix

Vista users: Check HERE

Windows 7 systems: Download and run this Winsockfix.bat

5.Give ComboFix at least 20-30 minutes to finish if needed.

MrC

Link to post
Share on other sites

Hey, it has been an hour and the ComboFix CMD window is on the desktop (I am on another computer writing this) and appears stalled, and no internet connection.

Scanning for infected files . . .

Typically takes 10 minutes . . .

Badly infected machines could easily take twice as long.

Access is denied.

Access is denied.

Access is denied.

Access is denied.

Access is denied.

Access is denied.

Access is denied.

I tried it in safe mode and got the same thing, so i tried it this time in normal boot up (since I could not see where you said to do it in safe mode). There is no text file I can find.

Link to post
Share on other sites

So you didn't get ComboFix to run? Correct?

If not, download a fresh copy and before you download it, rename it to explorer.exe or hello.com.

Download it and see if it runs.

------------------------------------

If not....please do this:

Please download OTL from the link below:

http://oldtimer.geekstogo.com/OTL.com

Save it to your desktop.

Double click on the icon on your desktop.

Click the "Scan All Users" checkbox.

Push the Quick Scan button.

Two reports will open, copy and paste them in a reply here:

OTListIt.txt <-- Will be opened

Extra.txt <-- Will be minimized

MrC

Link to post
Share on other sites

See if you can do this.

Rename ComboFix.exe to us?rinit.exe

See if it runs.

------------------------

If not....see if you can do this:

Go to Start > Run > type CMD > Enter > copy and paste this in, one at a time (or type it in):

sc stop userinit

now hit enter

sc delete userinit

now hit enter

or

Go to Start > Run > Copy and paste this in:

sc stop userinit

now hit enter

sc delete userinit

now hit enter

MrC

Link to post
Share on other sites

I did not try the renaming of ComboFix to userinit.exe first in my last post.

I have redownloaded CF, changed name to userinit.exe and ran it, it ran the tiny status bar for a few seconds and then disappeared and never ran the CMD window. Then I redid the "sc stop/delete userinit" commands again, same results as my last post.

Link to post
Share on other sites

Have you tried system restore??

You may have a good restore point.

---------------------------------------------

winlogon.exe seems to be working for some people.

Rename ComboFix or OTL to that, see if it works.

or...........

Lets try something else.

Go to the link below and follow the guide and download and run both rkill and exehelper.

click here

Now see if you can run MBAM

If not, there's VIPRE Rescue Program and SUPERAntiSpyware Portable Scanner

See if you can get one of them to run.

Let me know.....MrC

Link to post
Share on other sites

I have experienced a tiny bit of success. I renamed malwarebytes (mbam.exe) to winlogon.exe and ran the program, did not update, and did a quick scan, and it worked. It also created a log file. Not sure if you would like to see that.

Right now I am rebooting and going to try to run the (malwarebyte) update and the full scan. Let me know if you have any suggestions at this point. I will check back soon.

Link to post
Share on other sites

Good Job :)

Yes lets see the log, MrC

It has taken a bit because I could not find the "quick scan" log while I was running the full scan. So I ran the Malwarebytes update successfully and just ran a full scan successfully.

Here are both logs:

***********************************

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4865

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18702

10/17/2010 7:58:21 PM

mbam-log-2010-10-17 (19-58-21).txt

Scan type: Full scan (C:\|)

Objects scanned: 274169

Time elapsed: 42 minute(s), 24 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 1

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\System Volume

Information\_restore{8E01A5B0-89BA-43F0-B925-31CAF7D36686}\RP1\A0001294.dll

(Trojan.Hijacker) -> Quarantined and deleted successfully.

****************************************************************************

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2 (Safe Mode)

Internet Explorer 8.0.6001.18702

10/17/2010 6:47:08 PM

mbam-log-2010-10-17 (18-47-08).txt

Scan type: Quick scan

Objects scanned: 125353

Time elapsed: 5 minute(s), 21 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 23

Registry Values Infected: 0

Registry Data Items Infected: 1

Folders Infected: 2

Files Infected: 56

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{b6d223f6-c185-49a2-ba7e-a03e84744702} (Trojan.FakeAlert) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{1a26f07f-0d60-4835-91cf-1e1766a0ec56} (Trojan.Agent) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d7fd6c15-4927-4aae-bf12-fbdabd287eb1} (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\6to4 (Trojan.Hijacker) ->

Quarantined and deleted successfully.

HKEY_CURRENT_USER\Software\avsuite (Rogue.AntivirusSuite) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\ias (Trojan.Agent) -> Quarantined

and deleted successfully.

HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\kernelexe (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\aldd (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\MS Juan (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_CURRENT_USER\SOFTWARE\Microsoft\rdfa (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\aoprndtws (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\DomainService (Trojan.Agent) -> Quarantined and

deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\dslcnnct (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\FCOVM (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\jkwslist (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> Quarantined and deleted

successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\RemoveRP (Trojan.Vundo) -> Quarantined and deleted

successfully.

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\AntiVirusDisableNotify

(Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Program Files\zzzzzzzz (Backdoor.Bifrose) -> Quarantined and deleted successfully.

C:\Program Files\zzzzzzzz\Languages (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

Files Infected:

C:\WINDOWS\system32\6to4ex.dll (Trojan.Hijacker) -> Quarantined and deleted successfully.

C:\Program Files\zzzzzzzz\changes.rtf (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\license.txt (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\mbam.chm (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\mbam.dll (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\mbamext.dll (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\mbamgui.exe (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\mbamservice.exe (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\ssubtmr6.dll (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\unins000.dat (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\unins000.exe (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\unins000.msg (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\vbalsgrid6.ocx (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\zlib.dll (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\zzzzzzz.exe (Backdoor.Bifrose) -> Quarantined and deleted

successfully.

C:\Program Files\zzzzzzzz\Languages\belarusian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\bosnian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\bulgarian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\catalan.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\chineseSI.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\chineseTR.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\croatian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\czech.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\danish.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\dutch.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\english.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\estonian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\finnish.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\french.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\german.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\greek.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\hebrew.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\hungarian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\italian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\korean.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\latvian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\macedonian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\norwegian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\polish.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\portugueseBR.lng (Backdoor.Bifrose) -> Quarantined

and deleted successfully.

C:\Program Files\zzzzzzzz\Languages\portuguesePT.lng (Backdoor.Bifrose) -> Quarantined

and deleted successfully.

C:\Program Files\zzzzzzzz\Languages\romanian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\russian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\serbian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\slovak.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\slovenian.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\spanish.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\swedish.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\Program Files\zzzzzzzz\Languages\turkish.lng (Backdoor.Bifrose) -> Quarantined and

deleted successfully.

C:\WINDOWS\system32\certstore.dat (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\Iasv32.dll (Trojan.Agent) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\BMb7c2cbf8.txt (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\BMb7c2cbf8.xml (Trojan.Vundo) -> Quarantined and deleted successfully.

C:\WINDOWS\cookies.ini (Malware.Trace) -> Quarantined and deleted successfully.

C:\WINDOWS\pskt.ini (Trojan.Vundo) -> Quarantined and deleted successfully.

Link to post
Share on other sites

I have just ran another quickscan (Malwarebytes) in normal mode and it found 2 viruses, which were two OTL files I had.

Standing by.

Here is the log for the last quick scan.

****************************************

Malwarebytes' Anti-Malware 1.46

www.malwarebytes.org

Database version: 4865

Windows 5.1.2600 Service Pack 2

Internet Explorer 8.0.6001.18702

10/17/2010 8:28:31 PM

mbam-log-2010-10-17 (20-28-31).txt

Scan type: Quick scan

Objects scanned: 149383

Time elapsed: 7 minute(s), 51 second(s)

Memory Processes Infected: 0

Memory Modules Infected: 0

Registry Keys Infected: 0

Registry Values Infected: 0

Registry Data Items Infected: 0

Folders Infected: 0

Files Infected: 2

Memory Processes Infected:

(No malicious items detected)

Memory Modules Infected:

(No malicious items detected)

Registry Keys Infected:

(No malicious items detected)

Registry Values Infected:

(No malicious items detected)

Registry Data Items Infected:

(No malicious items detected)

Folders Infected:

(No malicious items detected)

Files Infected:

C:\Documents and Settings\Administrator\Desktop\OTL(2).exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

C:\Documents and Settings\Administrator\Desktop\OTL.exe (Trojan.Dropper.PGen) -> Quarantined and deleted successfully.

Link to post
Share on other sites

Any time we see "Backdoor".Bifrose in a log, we have to give you this warning:

One or more of the identified infections is a backdoor trojan

This allows hackers to remotely control your computer, steal critical system information and Download and Execute files

I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Though the Trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of Trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information:

How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud?

http://www.dslreports.com/faq/10451

When Should I Format, How Should I Reinstall

http://www.dslreports.com/faq/10063

Can you run OTL now and post the log, MrC

Link to post
Share on other sites

Yep, I have ran the OTL by renaming it to winlogon.exe, here are the logs;

***************************** OTL.txt **********************************

OTL logfile created on: 10/17/2010 8:51:51 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 291.82 Gb Total Space | 237.12 Gb Free Space | 81.26% Space Free | Partition Type: NTFS

Drive H: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: NATHANMAIN | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

PRC - [2009/10/28 19:27:16 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004/08/04 03:56:44 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll

MOD - [2004/08/04 03:56:44 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll

MOD - [2004/08/04 03:56:44 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll

MOD - [2004/08/04 03:56:44 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll

MOD - [2004/08/04 03:56:42 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll

MOD - [2004/08/04 03:56:42 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

MOD - [2004/08/04 03:56:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll

MOD - [2004/08/04 03:56:41 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll

MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\RealVNC\WinVNC\winvnc.exe -- (winvnc)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/05/07 16:50:24 | 001,089,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2007/08/28 12:00:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/06/20 11:09:14 | 000,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\bwknr.sys -- (xfufd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005/01/28 14:36:00 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/04 02:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)

DRV - [2004/08/04 02:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)

DRV - [2004/08/04 02:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)

DRV - [2004/08/04 02:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/07/16 15:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)

DRV - [2001/12/21 11:10:08 | 000,303,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)

DRV - [2001/08/17 12:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)

DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/04 19:36:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 19:27:21 | 000,000,000 | ---D | M]

[2008/07/04 11:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/10/17 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions

[2008/05/09 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions\moveplayer@movenetworks.com

[2008/07/04 11:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/27 20:44:15 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (ows\s) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/22 13:15:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/30 05:02:46 | 000,000,042 | ---- | M] () - C:\autorunsc.bat -- [ NTFS ]

O32 - AutoRun File - [2008/02/19 11:16:50 | 000,088,315 | ---- | M] () - C:\autorunsc.csv -- [ NTFS ]

O32 - AutoRun File - [2006/03/07 13:19:24 | 000,249,856 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 20:51:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/10/17 20:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/10/17 18:39:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/17 18:39:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/17 18:34:38 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/10/17 15:23:52 | 000,000,000 | --SD | C] -- C:\home

[2010/10/17 10:43:55 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/17 10:36:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/17 10:36:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/17 10:36:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/17 10:36:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/17 10:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/17 10:33:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/16 17:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/10/16 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2010/10/16 15:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Z-HI-gak

[2010/10/16 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\ZZZ Kill it all

[2010/10/16 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010/10/16 11:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2010/10/16 11:47:54 | 005,344,555 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/15 19:49:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/10/15 19:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/15 19:32:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 18:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth

[2010/10/15 18:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth

[2010/10/15 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/15 17:40:35 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/11 18:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCCC

[2010/10/10 21:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Nana Pictures

[2010/10/10 13:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/10 13:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/10 13:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/10 13:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/09/09 17:51:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2010/08/22 12:23:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/08/20 19:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/08/16 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010/08/16 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/08/10 17:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS

[2010/08/10 17:27:53 | 000,000,000 | ---D | C] -- C:\ATI

[2010/08/04 18:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2010/08/04 18:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2010/08/04 17:53:41 | 000,258,048 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\REX Shared Library.dll

[2010/08/04 17:53:39 | 000,180,224 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\ReWire.dll

[2010/08/04 17:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead

[2010/07/27 13:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing

[2010/07/27 13:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/07/27 13:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2010/07/27 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010/07/27 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/07/27 13:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:49:25 | 000,574,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:46:53 | 000,479,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/17 20:46:53 | 000,123,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/17 20:42:55 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/17 20:42:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/17 20:35:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/17 20:13:58 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 20:13:10 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/10/17 15:22:48 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2010/10/17 10:32:55 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:50:10 | 005,344,555 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/16 10:53:02 | 152,662,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 19:39:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 17:47:16 | 000,292,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/15 17:32:02 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/10 20:58:17 | 202,335,232 | ---- | M] () -- C:\Outlook.pst

[2010/10/10 17:59:29 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/29 11:18:13 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nathan Bowling Resume 2010-Q4.doc

[2010/09/25 21:10:42 | 000,160,256 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/21 19:20:29 | 155,184,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/21 18:21:17 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/19 22:10:38 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/09/16 21:31:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2010/08/10 17:08:02 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/27 13:35:06 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk

[2010/07/27 13:34:48 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 20:49:12 | 000,574,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:13:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 15:21:32 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,212 | ---- | C] () -- C:\Boot.bak

[2010/10/17 10:43:58 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/17 10:36:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/17 10:36:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/17 10:36:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/17 10:36:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/17 10:36:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/17 10:31:18 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:16:22 | 152,662,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 17:47:12 | 000,292,950 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/10 21:23:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/10 17:34:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/21 18:34:55 | 155,184,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/16 21:31:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/07/27 13:34:48 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[2009/09/23 20:19:27 | 000,000,673 | ---- | C] () -- C:\WINDOWS\bgrtg32.ini

[2009/06/23 10:03:33 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{47FB62DF-832D-485F-95FC-C93BB08B8FE3}_WiseFW.ini

[2008/10/05 16:24:46 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/10/05 16:24:46 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/10/05 16:24:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/10/05 16:24:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/10/05 16:20:29 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/08/12 13:55:55 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys

[2008/08/12 13:55:55 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/07/02 19:33:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc

[2008/05/22 09:44:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2008/02/21 10:10:18 | 001,244,504 | -HS- | C] () -- C:\WINDOWS\System32\swuesrhy.ini

[2008/02/20 09:10:13 | 001,241,679 | -HS- | C] () -- C:\WINDOWS\System32\sdoyqhuc.ini

[2008/02/19 09:10:16 | 001,239,465 | -HS- | C] () -- C:\WINDOWS\System32\eaaywoxw.ini

[2008/02/18 21:27:47 | 001,238,313 | -HS- | C] () -- C:\WINDOWS\System32\rhdtjvxa.ini

[2008/02/17 09:08:17 | 001,242,181 | -HS- | C] () -- C:\WINDOWS\System32\sjnhvwkl.ini

[2008/02/16 09:07:57 | 001,242,121 | -HS- | C] () -- C:\WINDOWS\System32\xbtfsuew.ini

[2008/02/15 09:11:08 | 001,239,166 | -HS- | C] () -- C:\WINDOWS\System32\fvuxpkkv.ini

[2008/02/15 09:08:08 | 001,341,431 | -HS- | C] () -- C:\WINDOWS\System32\eqthpwos.ini

[2008/02/14 09:10:19 | 001,241,600 | -HS- | C] () -- C:\WINDOWS\System32\arqahwik.ini

[2008/02/14 09:07:17 | 001,241,300 | -HS- | C] () -- C:\WINDOWS\System32\owgfnsqq.ini

[2008/02/09 00:11:39 | 001,241,240 | -HS- | C] () -- C:\WINDOWS\System32\drxoichm.ini

[2008/02/09 00:08:50 | 001,220,530 | -HS- | C] () -- C:\WINDOWS\System32\tymtiusj.ini

[2008/02/08 00:13:33 | 001,203,359 | -HS- | C] () -- C:\WINDOWS\System32\vqvpefog.ini

[2008/02/08 00:07:33 | 001,206,702 | -HS- | C] () -- C:\WINDOWS\System32\qoobdjti.ini

[2008/02/07 00:10:33 | 001,186,980 | -HS- | C] () -- C:\WINDOWS\System32\fdtntqej.ini

[2008/02/07 00:07:33 | 001,201,383 | -HS- | C] () -- C:\WINDOWS\System32\svjqdnaj.ini

[2008/02/06 00:12:19 | 001,193,670 | -HS- | C] () -- C:\WINDOWS\System32\opvncnte.ini

[2008/02/06 00:09:20 | 001,194,337 | -HS- | C] () -- C:\WINDOWS\System32\npnrxskl.ini

[2008/02/05 00:09:19 | 001,192,298 | -HS- | C] () -- C:\WINDOWS\System32\jimwtrbd.ini

[2008/02/05 00:06:20 | 001,192,238 | -HS- | C] () -- C:\WINDOWS\System32\hdxrjoxd.ini

[2008/02/04 00:09:19 | 001,188,492 | -HS- | C] () -- C:\WINDOWS\System32\fdkgftxq.ini

[2008/02/04 00:03:30 | 001,188,432 | -HS- | C] () -- C:\WINDOWS\System32\wihvoeyk.ini

[2008/02/02 00:09:36 | 001,122,763 | -HS- | C] () -- C:\WINDOWS\System32\afddsfgg.ini

[2008/02/02 00:03:36 | 001,158,150 | -HS- | C] () -- C:\WINDOWS\System32\orfdrbbo.ini

[2008/02/01 00:09:36 | 001,151,881 | -HS- | C] () -- C:\WINDOWS\System32\suryrasa.ini

[2008/02/01 00:06:36 | 001,164,224 | -HS- | C] () -- C:\WINDOWS\System32\cnimnurv.ini

[2008/01/31 00:12:36 | 001,159,539 | -HS- | C] () -- C:\WINDOWS\System32\ffsoiqdb.ini

[2008/01/31 00:09:36 | 001,181,658 | -HS- | C] () -- C:\WINDOWS\System32\arlkbftp.ini

[2008/01/30 00:09:33 | 001,167,485 | -HS- | C] () -- C:\WINDOWS\System32\omcbatjq.ini

[2008/01/30 00:06:36 | 001,167,365 | -HS- | C] () -- C:\WINDOWS\System32\fbefjfqm.ini

[2008/01/29 00:12:33 | 001,162,447 | -HS- | C] () -- C:\WINDOWS\System32\wwvmkrbk.ini

[2008/01/29 00:06:35 | 001,162,387 | -HS- | C] () -- C:\WINDOWS\System32\neuktfev.ini

[2008/01/28 00:09:33 | 001,143,050 | -HS- | C] () -- C:\WINDOWS\System32\qrnrnhas.ini

[2008/01/28 00:06:36 | 001,142,990 | -HS- | C] () -- C:\WINDOWS\System32\kyjuapyk.ini

[2008/01/27 00:12:34 | 001,142,632 | -HS- | C] () -- C:\WINDOWS\System32\surfsnod.ini

[2008/01/27 00:06:48 | 001,142,572 | -HS- | C] () -- C:\WINDOWS\System32\tphatfxt.ini

[2008/01/24 19:26:55 | 001,130,338 | -HS- | C] () -- C:\WINDOWS\System32\yetxvstb.ini

[2008/01/24 19:24:09 | 001,130,098 | -HS- | C] () -- C:\WINDOWS\System32\plrrxyci.ini

[2008/01/23 07:29:39 | 001,116,654 | -HS- | C] () -- C:\WINDOWS\System32\xuiiyfxx.ini

[2008/01/23 07:23:51 | 001,109,005 | -HS- | C] () -- C:\WINDOWS\System32\upusbnuv.ini

[2008/01/21 19:25:57 | 001,089,496 | -HS- | C] () -- C:\WINDOWS\System32\wnxdlnes.ini

[2008/01/21 19:23:20 | 001,089,316 | -HS- | C] () -- C:\WINDOWS\System32\gxnooolr.ini

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini2

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini

[2007/09/19 13:45:26 | 000,000,428 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI

[2007/07/31 11:14:09 | 000,160,256 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/07/30 19:02:11 | 000,001,431 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/07/24 22:21:44 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini

[2007/07/24 21:04:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/07/22 20:05:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/07/22 09:10:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2003/02/26 16:47:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll

[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll

[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/09/25 20:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook

[2007/11/06 13:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FotoWire

[2010/10/16 11:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2008/05/18 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo

[2009/06/10 22:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++

[2010/08/04 18:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2009/05/05 19:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2009/05/22 16:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSH

[2009/06/23 09:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2007/07/24 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/08/04 18:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2008/10/05 16:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2007/07/24 21:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2008/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

(C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Outlook.pst:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\C Drive Outlook.pst:SummaryInformation

< End of report >

*********************************** Extras .txt ************************

OTL Extras logfile created on: 10/17/2010 8:51:51 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 291.82 Gb Total Space | 237.12 Gb Free Space | 81.26% Space Free | Partition Type: NTFS

Drive H: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: NATHANMAIN | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\hruxdacq.exe" = C:\WINDOWS\system32\hru

"C:\WINDOWS\system32\jwtysbwh.exe" = C:\WINDOWS\system32\jwtymgr.exe -- File not found

"C:\WINDOWS\system32\dyennlnj.exe" = C:\WINDOWS\system32\dyenmgr.exe -- File not found

"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\Program Files\InterVideo\DVD8\WinDVD.exe" = C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Documents and Settings\Administrator\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Administrator\Application Data\Facebook\facebook.exe:*:Enabled:facebook -- File not found

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\FTP Commander\Ftpcomm.exe" = C:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- ()

"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)

"C:\Program Files\Steam\steamapps\themerlot@hotmail.com\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\themerlot@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0E2B8E14-F138-4FC6-8C8E-9DAF371DFADF}" = LeapFrog Leapster2 Plugin

"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C

"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox

"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX

"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47FB62DF-832D-485F-95FC-C93BB08B8FE3}" = LeapFrog Connect

"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9

"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Yep, I have ran the OTL by renaming it to winlogon.exe, here are the logs;

***************************** OTL.txt **********************************

OTL logfile created on: 10/17/2010 8:51:51 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 291.82 Gb Total Space | 237.12 Gb Free Space | 81.26% Space Free | Partition Type: NTFS

Drive H: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: NATHANMAIN | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

PRC - [2009/10/28 19:27:16 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004/08/04 03:56:44 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll

MOD - [2004/08/04 03:56:44 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll

MOD - [2004/08/04 03:56:44 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll

MOD - [2004/08/04 03:56:44 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll

MOD - [2004/08/04 03:56:42 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll

MOD - [2004/08/04 03:56:42 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

MOD - [2004/08/04 03:56:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll

MOD - [2004/08/04 03:56:41 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll

MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\RealVNC\WinVNC\winvnc.exe -- (winvnc)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/05/07 16:50:24 | 001,089,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2007/08/28 12:00:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/06/20 11:09:14 | 000,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\bwknr.sys -- (xfufd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005/01/28 14:36:00 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/04 02:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)

DRV - [2004/08/04 02:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)

DRV - [2004/08/04 02:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)

DRV - [2004/08/04 02:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/07/16 15:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)

DRV - [2001/12/21 11:10:08 | 000,303,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)

DRV - [2001/08/17 12:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)

DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/04 19:36:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 19:27:21 | 000,000,000 | ---D | M]

[2008/07/04 11:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/10/17 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions

[2008/05/09 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions\moveplayer@movenetworks.com

[2008/07/04 11:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/27 20:44:15 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (ows\s) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/22 13:15:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/30 05:02:46 | 000,000,042 | ---- | M] () - C:\autorunsc.bat -- [ NTFS ]

O32 - AutoRun File - [2008/02/19 11:16:50 | 000,088,315 | ---- | M] () - C:\autorunsc.csv -- [ NTFS ]

O32 - AutoRun File - [2006/03/07 13:19:24 | 000,249,856 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 20:51:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/10/17 20:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/10/17 18:39:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/17 18:39:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/17 18:34:38 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/10/17 15:23:52 | 000,000,000 | --SD | C] -- C:\home

[2010/10/17 10:43:55 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/17 10:36:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/17 10:36:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/17 10:36:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/17 10:36:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/17 10:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/17 10:33:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/16 17:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/10/16 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2010/10/16 15:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Z-HI-gak

[2010/10/16 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\ZZZ Kill it all

[2010/10/16 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010/10/16 11:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2010/10/16 11:47:54 | 005,344,555 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/15 19:49:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/10/15 19:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/15 19:32:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 18:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth

[2010/10/15 18:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth

[2010/10/15 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/15 17:40:35 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/11 18:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCCC

[2010/10/10 21:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Nana Pictures

[2010/10/10 13:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/10 13:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/10 13:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/10 13:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/09/09 17:51:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2010/08/22 12:23:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/08/20 19:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/08/16 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010/08/16 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/08/10 17:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS

[2010/08/10 17:27:53 | 000,000,000 | ---D | C] -- C:\ATI

[2010/08/04 18:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2010/08/04 18:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2010/08/04 17:53:41 | 000,258,048 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\REX Shared Library.dll

[2010/08/04 17:53:39 | 000,180,224 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\ReWire.dll

[2010/08/04 17:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead

[2010/07/27 13:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing

[2010/07/27 13:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/07/27 13:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2010/07/27 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010/07/27 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/07/27 13:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:49:25 | 000,574,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:46:53 | 000,479,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/17 20:46:53 | 000,123,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/17 20:42:55 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/17 20:42:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/17 20:35:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/17 20:13:58 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 20:13:10 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/10/17 15:22:48 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2010/10/17 10:32:55 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:50:10 | 005,344,555 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/16 10:53:02 | 152,662,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 19:39:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 17:47:16 | 000,292,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/15 17:32:02 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/10 20:58:17 | 202,335,232 | ---- | M] () -- C:\Outlook.pst

[2010/10/10 17:59:29 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/29 11:18:13 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nathan Bowling Resume 2010-Q4.doc

[2010/09/25 21:10:42 | 000,160,256 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/21 19:20:29 | 155,184,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/21 18:21:17 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/19 22:10:38 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/09/16 21:31:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2010/08/10 17:08:02 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/27 13:35:06 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk

[2010/07/27 13:34:48 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 20:49:12 | 000,574,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:13:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 15:21:32 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,212 | ---- | C] () -- C:\Boot.bak

[2010/10/17 10:43:58 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/17 10:36:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/17 10:36:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/17 10:36:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/17 10:36:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/17 10:36:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/17 10:31:18 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:16:22 | 152,662,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 17:47:12 | 000,292,950 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/10 21:23:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/10 17:34:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/21 18:34:55 | 155,184,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/16 21:31:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/07/27 13:34:48 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[2009/09/23 20:19:27 | 000,000,673 | ---- | C] () -- C:\WINDOWS\bgrtg32.ini

[2009/06/23 10:03:33 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{47FB62DF-832D-485F-95FC-C93BB08B8FE3}_WiseFW.ini

[2008/10/05 16:24:46 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/10/05 16:24:46 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/10/05 16:24:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/10/05 16:24:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/10/05 16:20:29 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/08/12 13:55:55 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys

[2008/08/12 13:55:55 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/07/02 19:33:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc

[2008/05/22 09:44:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2008/02/21 10:10:18 | 001,244,504 | -HS- | C] () -- C:\WINDOWS\System32\swuesrhy.ini

[2008/02/20 09:10:13 | 001,241,679 | -HS- | C] () -- C:\WINDOWS\System32\sdoyqhuc.ini

[2008/02/19 09:10:16 | 001,239,465 | -HS- | C] () -- C:\WINDOWS\System32\eaaywoxw.ini

[2008/02/18 21:27:47 | 001,238,313 | -HS- | C] () -- C:\WINDOWS\System32\rhdtjvxa.ini

[2008/02/17 09:08:17 | 001,242,181 | -HS- | C] () -- C:\WINDOWS\System32\sjnhvwkl.ini

[2008/02/16 09:07:57 | 001,242,121 | -HS- | C] () -- C:\WINDOWS\System32\xbtfsuew.ini

[2008/02/15 09:11:08 | 001,239,166 | -HS- | C] () -- C:\WINDOWS\System32\fvuxpkkv.ini

[2008/02/15 09:08:08 | 001,341,431 | -HS- | C] () -- C:\WINDOWS\System32\eqthpwos.ini

[2008/02/14 09:10:19 | 001,241,600 | -HS- | C] () -- C:\WINDOWS\System32\arqahwik.ini

[2008/02/14 09:07:17 | 001,241,300 | -HS- | C] () -- C:\WINDOWS\System32\owgfnsqq.ini

[2008/02/09 00:11:39 | 001,241,240 | -HS- | C] () -- C:\WINDOWS\System32\drxoichm.ini

[2008/02/09 00:08:50 | 001,220,530 | -HS- | C] () -- C:\WINDOWS\System32\tymtiusj.ini

[2008/02/08 00:13:33 | 001,203,359 | -HS- | C] () -- C:\WINDOWS\System32\vqvpefog.ini

[2008/02/08 00:07:33 | 001,206,702 | -HS- | C] () -- C:\WINDOWS\System32\qoobdjti.ini

[2008/02/07 00:10:33 | 001,186,980 | -HS- | C] () -- C:\WINDOWS\System32\fdtntqej.ini

[2008/02/07 00:07:33 | 001,201,383 | -HS- | C] () -- C:\WINDOWS\System32\svjqdnaj.ini

[2008/02/06 00:12:19 | 001,193,670 | -HS- | C] () -- C:\WINDOWS\System32\opvncnte.ini

[2008/02/06 00:09:20 | 001,194,337 | -HS- | C] () -- C:\WINDOWS\System32\npnrxskl.ini

[2008/02/05 00:09:19 | 001,192,298 | -HS- | C] () -- C:\WINDOWS\System32\jimwtrbd.ini

[2008/02/05 00:06:20 | 001,192,238 | -HS- | C] () -- C:\WINDOWS\System32\hdxrjoxd.ini

[2008/02/04 00:09:19 | 001,188,492 | -HS- | C] () -- C:\WINDOWS\System32\fdkgftxq.ini

[2008/02/04 00:03:30 | 001,188,432 | -HS- | C] () -- C:\WINDOWS\System32\wihvoeyk.ini

[2008/02/02 00:09:36 | 001,122,763 | -HS- | C] () -- C:\WINDOWS\System32\afddsfgg.ini

[2008/02/02 00:03:36 | 001,158,150 | -HS- | C] () -- C:\WINDOWS\System32\orfdrbbo.ini

[2008/02/01 00:09:36 | 001,151,881 | -HS- | C] () -- C:\WINDOWS\System32\suryrasa.ini

[2008/02/01 00:06:36 | 001,164,224 | -HS- | C] () -- C:\WINDOWS\System32\cnimnurv.ini

[2008/01/31 00:12:36 | 001,159,539 | -HS- | C] () -- C:\WINDOWS\System32\ffsoiqdb.ini

[2008/01/31 00:09:36 | 001,181,658 | -HS- | C] () -- C:\WINDOWS\System32\arlkbftp.ini

[2008/01/30 00:09:33 | 001,167,485 | -HS- | C] () -- C:\WINDOWS\System32\omcbatjq.ini

[2008/01/30 00:06:36 | 001,167,365 | -HS- | C] () -- C:\WINDOWS\System32\fbefjfqm.ini

[2008/01/29 00:12:33 | 001,162,447 | -HS- | C] () -- C:\WINDOWS\System32\wwvmkrbk.ini

[2008/01/29 00:06:35 | 001,162,387 | -HS- | C] () -- C:\WINDOWS\System32\neuktfev.ini

[2008/01/28 00:09:33 | 001,143,050 | -HS- | C] () -- C:\WINDOWS\System32\qrnrnhas.ini

[2008/01/28 00:06:36 | 001,142,990 | -HS- | C] () -- C:\WINDOWS\System32\kyjuapyk.ini

[2008/01/27 00:12:34 | 001,142,632 | -HS- | C] () -- C:\WINDOWS\System32\surfsnod.ini

[2008/01/27 00:06:48 | 001,142,572 | -HS- | C] () -- C:\WINDOWS\System32\tphatfxt.ini

[2008/01/24 19:26:55 | 001,130,338 | -HS- | C] () -- C:\WINDOWS\System32\yetxvstb.ini

[2008/01/24 19:24:09 | 001,130,098 | -HS- | C] () -- C:\WINDOWS\System32\plrrxyci.ini

[2008/01/23 07:29:39 | 001,116,654 | -HS- | C] () -- C:\WINDOWS\System32\xuiiyfxx.ini

[2008/01/23 07:23:51 | 001,109,005 | -HS- | C] () -- C:\WINDOWS\System32\upusbnuv.ini

[2008/01/21 19:25:57 | 001,089,496 | -HS- | C] () -- C:\WINDOWS\System32\wnxdlnes.ini

[2008/01/21 19:23:20 | 001,089,316 | -HS- | C] () -- C:\WINDOWS\System32\gxnooolr.ini

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini2

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini

[2007/09/19 13:45:26 | 000,000,428 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI

[2007/07/31 11:14:09 | 000,160,256 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/07/30 19:02:11 | 000,001,431 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/07/24 22:21:44 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini

[2007/07/24 21:04:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/07/22 20:05:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/07/22 09:10:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2003/02/26 16:47:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll

[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll

[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/09/25 20:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook

[2007/11/06 13:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FotoWire

[2010/10/16 11:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2008/05/18 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo

[2009/06/10 22:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++

[2010/08/04 18:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2009/05/05 19:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2009/05/22 16:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSH

[2009/06/23 09:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2007/07/24 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/08/04 18:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2008/10/05 16:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2007/07/24 21:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2008/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

(C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Outlook.pst:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\C Drive Outlook.pst:SummaryInformation

< End of report >

*********************************** Extras .txt ************************

OTL Extras logfile created on: 10/17/2010 8:51:51 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 291.82 Gb Total Space | 237.12 Gb Free Space | 81.26% Space Free | Partition Type: NTFS

Drive H: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: NATHANMAIN | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\hruxdacq.exe" = C:\WINDOWS\system32\hru

"C:\WINDOWS\system32\jwtysbwh.exe" = C:\WINDOWS\system32\jwtymgr.exe -- File not found

"C:\WINDOWS\system32\dyennlnj.exe" = C:\WINDOWS\system32\dyenmgr.exe -- File not found

"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\Program Files\InterVideo\DVD8\WinDVD.exe" = C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Documents and Settings\Administrator\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Administrator\Application Data\Facebook\facebook.exe:*:Enabled:facebook -- File not found

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\FTP Commander\Ftpcomm.exe" = C:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- ()

"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)

"C:\Program Files\Steam\steamapps\themerlot@hotmail.com\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\themerlot@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0E2B8E14-F138-4FC6-8C8E-9DAF371DFADF}" = LeapFrog Leapster2 Plugin

"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C

"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox

"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX

"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47FB62DF-832D-485F-95FC-C93BB08B8FE3}" = LeapFrog Connect

"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9

"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Yep, I have ran the OTL by renaming it to winlogon.exe, here are the logs;

***************************** OTL.txt **********************************

OTL logfile created on: 10/17/2010 8:51:51 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 291.82 Gb Total Space | 237.12 Gb Free Space | 81.26% Space Free | Partition Type: NTFS

Drive H: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: NATHANMAIN | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

PRC - [2009/10/28 19:27:16 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004/08/04 03:56:44 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll

MOD - [2004/08/04 03:56:44 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll

MOD - [2004/08/04 03:56:44 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll

MOD - [2004/08/04 03:56:44 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll

MOD - [2004/08/04 03:56:42 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll

MOD - [2004/08/04 03:56:42 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

MOD - [2004/08/04 03:56:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll

MOD - [2004/08/04 03:56:41 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll

MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\RealVNC\WinVNC\winvnc.exe -- (winvnc)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/05/07 16:50:24 | 001,089,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2007/08/28 12:00:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/06/20 11:09:14 | 000,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\bwknr.sys -- (xfufd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005/01/28 14:36:00 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/04 02:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)

DRV - [2004/08/04 02:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)

DRV - [2004/08/04 02:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)

DRV - [2004/08/04 02:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/07/16 15:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)

DRV - [2001/12/21 11:10:08 | 000,303,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)

DRV - [2001/08/17 12:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)

DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/04 19:36:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 19:27:21 | 000,000,000 | ---D | M]

[2008/07/04 11:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/10/17 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions

[2008/05/09 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions\moveplayer@movenetworks.com

[2008/07/04 11:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/27 20:44:15 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (ows\s) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/22 13:15:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/30 05:02:46 | 000,000,042 | ---- | M] () - C:\autorunsc.bat -- [ NTFS ]

O32 - AutoRun File - [2008/02/19 11:16:50 | 000,088,315 | ---- | M] () - C:\autorunsc.csv -- [ NTFS ]

O32 - AutoRun File - [2006/03/07 13:19:24 | 000,249,856 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 20:51:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/10/17 20:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/10/17 18:39:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/17 18:39:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/17 18:34:38 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/10/17 15:23:52 | 000,000,000 | --SD | C] -- C:\home

[2010/10/17 10:43:55 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/17 10:36:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/17 10:36:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/17 10:36:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/17 10:36:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/17 10:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/17 10:33:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/16 17:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/10/16 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2010/10/16 15:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Z-HI-gak

[2010/10/16 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\ZZZ Kill it all

[2010/10/16 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010/10/16 11:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2010/10/16 11:47:54 | 005,344,555 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/15 19:49:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/10/15 19:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/15 19:32:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 18:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth

[2010/10/15 18:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth

[2010/10/15 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/15 17:40:35 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/11 18:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCCC

[2010/10/10 21:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Nana Pictures

[2010/10/10 13:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/10 13:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/10 13:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/10 13:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/09/09 17:51:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2010/08/22 12:23:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/08/20 19:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/08/16 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010/08/16 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/08/10 17:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS

[2010/08/10 17:27:53 | 000,000,000 | ---D | C] -- C:\ATI

[2010/08/04 18:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2010/08/04 18:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2010/08/04 17:53:41 | 000,258,048 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\REX Shared Library.dll

[2010/08/04 17:53:39 | 000,180,224 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\ReWire.dll

[2010/08/04 17:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead

[2010/07/27 13:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing

[2010/07/27 13:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/07/27 13:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2010/07/27 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010/07/27 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/07/27 13:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:49:25 | 000,574,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:46:53 | 000,479,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/17 20:46:53 | 000,123,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/17 20:42:55 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/17 20:42:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/17 20:35:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/17 20:13:58 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 20:13:10 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/10/17 15:22:48 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2010/10/17 10:32:55 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:50:10 | 005,344,555 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/16 10:53:02 | 152,662,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 19:39:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 17:47:16 | 000,292,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/15 17:32:02 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/10 20:58:17 | 202,335,232 | ---- | M] () -- C:\Outlook.pst

[2010/10/10 17:59:29 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/29 11:18:13 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nathan Bowling Resume 2010-Q4.doc

[2010/09/25 21:10:42 | 000,160,256 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/21 19:20:29 | 155,184,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/21 18:21:17 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/19 22:10:38 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/09/16 21:31:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2010/08/10 17:08:02 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/27 13:35:06 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk

[2010/07/27 13:34:48 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 20:49:12 | 000,574,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:13:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 15:21:32 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,212 | ---- | C] () -- C:\Boot.bak

[2010/10/17 10:43:58 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/17 10:36:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/17 10:36:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/17 10:36:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/17 10:36:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/17 10:36:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/17 10:31:18 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:16:22 | 152,662,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 17:47:12 | 000,292,950 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/10 21:23:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/10 17:34:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/21 18:34:55 | 155,184,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/16 21:31:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/07/27 13:34:48 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[2009/09/23 20:19:27 | 000,000,673 | ---- | C] () -- C:\WINDOWS\bgrtg32.ini

[2009/06/23 10:03:33 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{47FB62DF-832D-485F-95FC-C93BB08B8FE3}_WiseFW.ini

[2008/10/05 16:24:46 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/10/05 16:24:46 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/10/05 16:24:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/10/05 16:24:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/10/05 16:20:29 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/08/12 13:55:55 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys

[2008/08/12 13:55:55 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/07/02 19:33:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc

[2008/05/22 09:44:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2008/02/21 10:10:18 | 001,244,504 | -HS- | C] () -- C:\WINDOWS\System32\swuesrhy.ini

[2008/02/20 09:10:13 | 001,241,679 | -HS- | C] () -- C:\WINDOWS\System32\sdoyqhuc.ini

[2008/02/19 09:10:16 | 001,239,465 | -HS- | C] () -- C:\WINDOWS\System32\eaaywoxw.ini

[2008/02/18 21:27:47 | 001,238,313 | -HS- | C] () -- C:\WINDOWS\System32\rhdtjvxa.ini

[2008/02/17 09:08:17 | 001,242,181 | -HS- | C] () -- C:\WINDOWS\System32\sjnhvwkl.ini

[2008/02/16 09:07:57 | 001,242,121 | -HS- | C] () -- C:\WINDOWS\System32\xbtfsuew.ini

[2008/02/15 09:11:08 | 001,239,166 | -HS- | C] () -- C:\WINDOWS\System32\fvuxpkkv.ini

[2008/02/15 09:08:08 | 001,341,431 | -HS- | C] () -- C:\WINDOWS\System32\eqthpwos.ini

[2008/02/14 09:10:19 | 001,241,600 | -HS- | C] () -- C:\WINDOWS\System32\arqahwik.ini

[2008/02/14 09:07:17 | 001,241,300 | -HS- | C] () -- C:\WINDOWS\System32\owgfnsqq.ini

[2008/02/09 00:11:39 | 001,241,240 | -HS- | C] () -- C:\WINDOWS\System32\drxoichm.ini

[2008/02/09 00:08:50 | 001,220,530 | -HS- | C] () -- C:\WINDOWS\System32\tymtiusj.ini

[2008/02/08 00:13:33 | 001,203,359 | -HS- | C] () -- C:\WINDOWS\System32\vqvpefog.ini

[2008/02/08 00:07:33 | 001,206,702 | -HS- | C] () -- C:\WINDOWS\System32\qoobdjti.ini

[2008/02/07 00:10:33 | 001,186,980 | -HS- | C] () -- C:\WINDOWS\System32\fdtntqej.ini

[2008/02/07 00:07:33 | 001,201,383 | -HS- | C] () -- C:\WINDOWS\System32\svjqdnaj.ini

[2008/02/06 00:12:19 | 001,193,670 | -HS- | C] () -- C:\WINDOWS\System32\opvncnte.ini

[2008/02/06 00:09:20 | 001,194,337 | -HS- | C] () -- C:\WINDOWS\System32\npnrxskl.ini

[2008/02/05 00:09:19 | 001,192,298 | -HS- | C] () -- C:\WINDOWS\System32\jimwtrbd.ini

[2008/02/05 00:06:20 | 001,192,238 | -HS- | C] () -- C:\WINDOWS\System32\hdxrjoxd.ini

[2008/02/04 00:09:19 | 001,188,492 | -HS- | C] () -- C:\WINDOWS\System32\fdkgftxq.ini

[2008/02/04 00:03:30 | 001,188,432 | -HS- | C] () -- C:\WINDOWS\System32\wihvoeyk.ini

[2008/02/02 00:09:36 | 001,122,763 | -HS- | C] () -- C:\WINDOWS\System32\afddsfgg.ini

[2008/02/02 00:03:36 | 001,158,150 | -HS- | C] () -- C:\WINDOWS\System32\orfdrbbo.ini

[2008/02/01 00:09:36 | 001,151,881 | -HS- | C] () -- C:\WINDOWS\System32\suryrasa.ini

[2008/02/01 00:06:36 | 001,164,224 | -HS- | C] () -- C:\WINDOWS\System32\cnimnurv.ini

[2008/01/31 00:12:36 | 001,159,539 | -HS- | C] () -- C:\WINDOWS\System32\ffsoiqdb.ini

[2008/01/31 00:09:36 | 001,181,658 | -HS- | C] () -- C:\WINDOWS\System32\arlkbftp.ini

[2008/01/30 00:09:33 | 001,167,485 | -HS- | C] () -- C:\WINDOWS\System32\omcbatjq.ini

[2008/01/30 00:06:36 | 001,167,365 | -HS- | C] () -- C:\WINDOWS\System32\fbefjfqm.ini

[2008/01/29 00:12:33 | 001,162,447 | -HS- | C] () -- C:\WINDOWS\System32\wwvmkrbk.ini

[2008/01/29 00:06:35 | 001,162,387 | -HS- | C] () -- C:\WINDOWS\System32\neuktfev.ini

[2008/01/28 00:09:33 | 001,143,050 | -HS- | C] () -- C:\WINDOWS\System32\qrnrnhas.ini

[2008/01/28 00:06:36 | 001,142,990 | -HS- | C] () -- C:\WINDOWS\System32\kyjuapyk.ini

[2008/01/27 00:12:34 | 001,142,632 | -HS- | C] () -- C:\WINDOWS\System32\surfsnod.ini

[2008/01/27 00:06:48 | 001,142,572 | -HS- | C] () -- C:\WINDOWS\System32\tphatfxt.ini

[2008/01/24 19:26:55 | 001,130,338 | -HS- | C] () -- C:\WINDOWS\System32\yetxvstb.ini

[2008/01/24 19:24:09 | 001,130,098 | -HS- | C] () -- C:\WINDOWS\System32\plrrxyci.ini

[2008/01/23 07:29:39 | 001,116,654 | -HS- | C] () -- C:\WINDOWS\System32\xuiiyfxx.ini

[2008/01/23 07:23:51 | 001,109,005 | -HS- | C] () -- C:\WINDOWS\System32\upusbnuv.ini

[2008/01/21 19:25:57 | 001,089,496 | -HS- | C] () -- C:\WINDOWS\System32\wnxdlnes.ini

[2008/01/21 19:23:20 | 001,089,316 | -HS- | C] () -- C:\WINDOWS\System32\gxnooolr.ini

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini2

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini

[2007/09/19 13:45:26 | 000,000,428 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI

[2007/07/31 11:14:09 | 000,160,256 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/07/30 19:02:11 | 000,001,431 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/07/24 22:21:44 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini

[2007/07/24 21:04:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/07/22 20:05:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/07/22 09:10:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2003/02/26 16:47:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll

[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll

[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/09/25 20:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook

[2007/11/06 13:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FotoWire

[2010/10/16 11:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2008/05/18 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo

[2009/06/10 22:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++

[2010/08/04 18:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2009/05/05 19:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2009/05/22 16:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSH

[2009/06/23 09:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2007/07/24 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/08/04 18:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2008/10/05 16:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2007/07/24 21:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2008/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

(C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Outlook.pst:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\C Drive Outlook.pst:SummaryInformation

< End of report >

Link to post
Share on other sites

Yep, I have ran the OTL by renaming it to winlogon.exe, here are the logs;

***************************** OTL.txt **********************************

OTL logfile created on: 10/17/2010 8:51:51 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 291.82 Gb Total Space | 237.12 Gb Free Space | 81.26% Space Free | Partition Type: NTFS

Drive H: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: NATHANMAIN | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Processes (SafeList) ==========

PRC - File not found --

PRC - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

PRC - [2009/10/28 19:27:16 | 000,908,280 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe

PRC - [2007/06/13 06:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe

========== Modules (SafeList) ==========

MOD - [2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

MOD - [2004/08/04 03:57:00 | 001,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll

MOD - [2004/08/04 03:56:44 | 000,245,760 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui1.dll

MOD - [2004/08/04 03:56:44 | 000,080,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netui0.dll

MOD - [2004/08/04 03:56:44 | 000,043,520 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\ntlanman.dll

MOD - [2004/08/04 03:56:44 | 000,012,288 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\netrap.dll

MOD - [2004/08/04 03:56:42 | 000,071,680 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msacm32.dll

MOD - [2004/08/04 03:56:42 | 000,024,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\davclnt.dll

MOD - [2004/08/04 03:56:42 | 000,014,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drprov.dll

MOD - [2004/08/04 03:56:41 | 001,852,416 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\AppPatch\acgenral.dll

MOD - [2004/08/04 02:01:17 | 000,102,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msscript.ocx

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- C:\Program Files\RealVNC\WinVNC\winvnc.exe -- (winvnc)

SRV - File not found [Disabled | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)

SRV - File not found [Disabled | Stopped] -- C:\WINDOWS\System32\hidserv.dll -- (HidServ)

SRV - [2010/03/25 21:40:44 | 000,017,904 | ---- | M] () [Auto | Stopped] -- c:\Program Files\Microsoft Security Essentials\MsMpEng.exe -- (MsMpSvc)

SRV - [2009/05/07 16:50:24 | 001,089,536 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\LeapFrog\LeapFrog Connect\CommandService.exe -- (LeapFrog Connect Device Service)

SRV - [2007/08/28 12:00:56 | 000,654,848 | ---- | M] (Macrovision Europe Ltd.) [Disabled | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)

SRV - [2007/06/20 11:09:14 | 000,258,856 | ---- | M] (Citrix Online, a division of Citrix Systems, Inc.) [Disabled | Stopped] -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe -- (GoToMyPC)

SRV - [2004/09/29 12:14:36 | 000,069,632 | ---- | M] (HP) [Disabled | Stopped] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)

========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\bwknr.sys -- (xfufd)

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\ADMINI~1\LOCALS~1\Temp\catchme.sys -- (catchme)

DRV - [2009/09/27 16:12:22 | 007,655,872 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)

DRV - [2008/02/15 13:12:06 | 005,854,752 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\igxpmp32.sys -- (ialm)

DRV - [2005/05/27 09:32:52 | 001,317,152 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\lvcm.sys -- (QCMerced)

DRV - [2005/05/27 09:31:28 | 000,022,016 | ---- | M] (Logitech Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\LVUSBSta.sys -- (LVUSBSta)

DRV - [2005/01/28 14:36:00 | 000,171,008 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\MarvinBus.sys -- (MarvinBus)

DRV - [2004/10/15 12:50:20 | 000,015,295 | ---- | M] (Brother Industries Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\BrScnUsb.sys -- (BrScnUsb)

DRV - [2004/10/07 21:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)

DRV - [2004/08/04 02:10:10 | 000,048,128 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\61883.sys -- (61883)

DRV - [2004/08/04 02:10:10 | 000,038,912 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\avc.sys -- (Avc)

DRV - [2004/08/04 02:09:58 | 000,051,328 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msdv.sys -- (MSDV)

DRV - [2004/08/04 02:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)

DRV - [2004/08/04 01:07:56 | 000,059,264 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)

DRV - [2004/07/16 15:47:14 | 000,014,165 | ---- | M] (Pinnacle Systems GmbH) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\Pclepci.sys -- (PCLEPCI)

DRV - [2004/03/10 15:27:18 | 000,011,264 | ---- | M] (Pinnacle Systems GmbH) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\asapiW2k.sys -- (ASAPIW2k)

DRV - [2001/12/21 11:10:08 | 000,303,232 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mpad.sys -- (ati2mpad)

DRV - [2001/08/17 12:49:00 | 000,075,136 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atimpae.sys -- (atirage3)

DRV - [2001/08/17 12:20:04 | 000,096,256 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ac97intc.sys -- (ac97intc) Intel® 82801 Audio Driver Install Service (WDM)

DRV - [2001/08/17 12:19:34 | 000,040,704 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\es1371mp.sys -- (es1371) Creative AudioPCI (ES1371,ES1373) (WDM)

DRV - [2001/08/17 12:12:40 | 000,019,017 | ---- | M] (Realtek Semiconductor Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\RTL8029.sys -- (rtl8029) Realtek RTL8029(AS)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.msn.com/

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-19\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-20\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/06/04 19:36:01 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.5.4\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/10/28 19:27:21 | 000,000,000 | ---D | M]

[2008/07/04 11:36:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions

[2010/10/17 20:44:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions

[2008/05/09 20:04:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\rz1ci2bm.default\extensions\moveplayer@movenetworks.com

[2008/07/04 11:36:25 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

O1 HOSTS File: ([2009/11/27 20:44:15 | 000,000,021 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.

F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\Software\Policies\Microsoft\Internet Explorer\Control Panel present

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323

O7 - HKU\S-1-5-21-776561741-1647877149-839522115-500\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_03)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1

O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)

O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.

O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (ows\s) - File not found

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2007/07/22 13:15:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O32 - AutoRun File - [2006/03/30 05:02:46 | 000,000,042 | ---- | M] () - C:\autorunsc.bat -- [ NTFS ]

O32 - AutoRun File - [2008/02/19 11:16:50 | 000,088,315 | ---- | M] () - C:\autorunsc.csv -- [ NTFS ]

O32 - AutoRun File - [2006/03/07 13:19:24 | 000,249,856 | ---- | M] (Sysinternals - www.sysinternals.com) - C:\autorunsc.exe -- [ NTFS ]

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe -- File not found

O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe -- File not found

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 90 Days ==========

[2010/10/17 20:51:14 | 000,574,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:35:55 | 000,000,000 | ---D | C] -- C:\Program Files\Trend Micro

[2010/10/17 20:13:58 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Essentials

[2010/10/17 18:39:46 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/10/17 18:39:45 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/10/17 18:34:38 | 000,000,000 | --SD | C] -- C:\ComboFix

[2010/10/17 15:23:52 | 000,000,000 | --SD | C] -- C:\home

[2010/10/17 10:43:55 | 000,000,000 | RHSD | C] -- C:\cmdcons

[2010/10/17 10:36:52 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe

[2010/10/17 10:36:52 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe

[2010/10/17 10:36:52 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe

[2010/10/17 10:36:52 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

[2010/10/17 10:36:33 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT

[2010/10/17 10:33:20 | 000,000,000 | ---D | C] -- C:\Qoobox

[2010/10/16 17:44:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe

[2010/10/16 17:11:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads

[2010/10/16 15:50:16 | 000,000,000 | ---D | C] -- C:\Program Files\Z-HI-gak

[2010/10/16 12:05:31 | 000,000,000 | ---D | C] -- C:\Program Files\ZZZ Kill it all

[2010/10/16 11:59:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2010/10/16 11:53:24 | 000,000,000 | ---D | C] -- C:\Program Files\ImgBurn

[2010/10/16 11:47:54 | 005,344,555 | ---- | C] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/15 19:49:04 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent

[2010/10/15 19:40:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware

[2010/10/15 19:40:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes

[2010/10/15 19:32:38 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 18:00:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\PCHealth

[2010/10/15 18:00:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\PCHealth

[2010/10/15 17:41:37 | 000,000,000 | ---D | C] -- C:\Program Files\CCleaner

[2010/10/15 17:40:35 | 003,430,224 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/11 18:51:48 | 000,000,000 | ---D | C] -- C:\Program Files\CCCC

[2010/10/10 21:03:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Desktop\Nana Pictures

[2010/10/10 13:25:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia

[2010/10/10 13:25:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe

[2010/10/10 13:07:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia

[2010/10/10 13:07:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe

[2010/09/09 17:51:31 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\IECompatCache

[2010/08/22 12:23:39 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\appmgmt

[2010/08/20 19:57:05 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft CAPICOM 2.1.0.2

[2010/08/16 19:19:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NVIDIA Corporation

[2010/08/16 19:19:22 | 000,000,000 | ---D | C] -- C:\Program Files\NVIDIA Corporation

[2010/08/10 17:27:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\WINDOWS

[2010/08/10 17:27:53 | 000,000,000 | ---D | C] -- C:\ATI

[2010/08/04 18:09:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2010/08/04 18:07:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2010/08/04 17:53:41 | 000,258,048 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\REX Shared Library.dll

[2010/08/04 17:53:39 | 000,180,224 | ---- | C] (Propellerhead Software AB) -- C:\WINDOWS\ReWire.dll

[2010/08/04 17:53:38 | 000,000,000 | ---D | C] -- C:\Program Files\Propellerhead

[2010/07/27 13:35:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Tracing

[2010/07/27 13:34:33 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft

[2010/07/27 13:34:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

[2010/07/27 13:34:17 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live SkyDrive

[2010/07/27 13:33:52 | 000,000,000 | ---D | C] -- C:\Program Files\Windows Live

[2010/07/27 13:32:28 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Windows Live

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 90 Days ==========

[2010/10/17 20:50:46 | 000,574,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\winlogon.exe

[2010/10/17 20:49:25 | 000,574,464 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:46:53 | 000,479,508 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat

[2010/10/17 20:46:53 | 000,123,476 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat

[2010/10/17 20:42:55 | 000,002,422 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/10/17 20:42:34 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/10/17 20:35:56 | 000,001,734 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/17 20:13:58 | 000,000,820 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 20:13:10 | 000,253,748 | ---- | M] () -- C:\WINDOWS\System32\NvApps.xml

[2010/10/17 15:22:48 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,328 | RHS- | M] () -- C:\boot.ini

[2010/10/17 10:32:55 | 003,879,251 | R--- | M] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:50:10 | 005,344,555 | ---- | M] (LIGHTNING UK!) -- C:\Documents and Settings\Administrator\Desktop\SetupImgBurn_2.5.2.0.exe

[2010/10/16 10:53:02 | 152,662,016 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 19:39:09 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Administrator\Desktop\mbam-setup-1.46.exe

[2010/10/15 17:47:16 | 000,292,950 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/15 17:32:02 | 003,430,224 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup236.exe

[2010/10/10 20:58:17 | 202,335,232 | ---- | M] () -- C:\Outlook.pst

[2010/10/10 17:59:29 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/29 11:18:13 | 000,106,496 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Nathan Bowling Resume 2010-Q4.doc

[2010/09/25 21:10:42 | 000,160,256 | -H-- | M] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2010/09/21 19:20:29 | 155,184,736 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/21 18:21:17 | 000,072,080 | ---- | M] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/19 22:10:38 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk

[2010/09/16 21:31:43 | 000,019,968 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | M] () -- C:\WINDOWS\System32\nvModes.dat

[2010/08/10 17:08:02 | 000,164,320 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/07/27 13:35:06 | 000,000,927 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Sharing Folders.lnk

[2010/07/27 13:34:48 | 000,001,839 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/10/17 20:49:12 | 000,574,464 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OTL.com

[2010/10/17 20:13:58 | 000,000,820 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Microsoft Security Essentials.lnk

[2010/10/17 15:21:32 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

[2010/10/17 10:44:02 | 000,000,212 | ---- | C] () -- C:\Boot.bak

[2010/10/17 10:43:58 | 000,260,272 | RHS- | C] () -- C:\cmldr

[2010/10/17 10:36:52 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe

[2010/10/17 10:36:52 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe

[2010/10/17 10:36:52 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe

[2010/10/17 10:36:52 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe

[2010/10/17 10:36:52 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe

[2010/10/17 10:31:18 | 003,879,251 | R--- | C] () -- C:\Documents and Settings\Administrator\Desktop\homebob.com

[2010/10/17 01:16:25 | 000,000,552 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat

[2010/10/16 17:43:02 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBRCheck.exe

[2010/10/16 11:53:24 | 000,001,546 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\ImgBurn.lnk

[2010/10/16 11:53:24 | 000,001,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ImgBurn.lnk

[2010/10/16 11:16:22 | 152,662,016 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\trinity-rescue-kit.3.4-build-367.iso

[2010/10/15 17:47:12 | 000,292,950 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\cc_20101015_174707.reg

[2010/10/10 21:23:18 | 000,001,734 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\HijackThis.lnk

[2010/10/10 17:34:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav

[2010/09/30 20:30:06 | 000,102,579 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\notebadBACK.jpg

[2010/09/21 18:34:55 | 155,184,736 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\OOo_3.2.1_Win_x86_install-wJRE_en-US.exe

[2010/09/20 20:07:02 | 000,027,218 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\beacon.jpg

[2010/09/16 21:31:43 | 000,019,968 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\dud.doc

[2010/09/05 15:01:11 | 000,000,798 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Reason.lnk

[2010/08/16 19:25:10 | 000,000,008 | ---- | C] () -- C:\WINDOWS\System32\nvModes.dat

[2010/07/27 13:34:48 | 000,001,839 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Windows Live Messenger .lnk

[2009/09/23 20:19:27 | 000,000,673 | ---- | C] () -- C:\WINDOWS\bgrtg32.ini

[2009/06/23 10:03:33 | 000,000,110 | ---- | C] () -- C:\WINDOWS\{47FB62DF-832D-485F-95FC-C93BB08B8FE3}_WiseFW.ini

[2008/10/05 16:24:46 | 000,000,229 | ---- | C] () -- C:\WINDOWS\Brpfx04a.ini

[2008/10/05 16:24:46 | 000,000,093 | ---- | C] () -- C:\WINDOWS\brpcfx.ini

[2008/10/05 16:24:31 | 000,000,419 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI

[2008/10/05 16:24:31 | 000,000,027 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI

[2008/10/05 16:20:29 | 000,031,567 | ---- | C] () -- C:\WINDOWS\maxlink.ini

[2008/08/12 13:55:55 | 001,317,152 | ---- | C] () -- C:\WINDOWS\System32\drivers\lvcm.sys

[2008/08/12 13:55:55 | 000,009,255 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini

[2008/07/02 19:33:16 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\$_hpcst$.hpc

[2008/05/22 09:44:33 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4926.dll

[2008/02/21 10:10:18 | 001,244,504 | -HS- | C] () -- C:\WINDOWS\System32\swuesrhy.ini

[2008/02/20 09:10:13 | 001,241,679 | -HS- | C] () -- C:\WINDOWS\System32\sdoyqhuc.ini

[2008/02/19 09:10:16 | 001,239,465 | -HS- | C] () -- C:\WINDOWS\System32\eaaywoxw.ini

[2008/02/18 21:27:47 | 001,238,313 | -HS- | C] () -- C:\WINDOWS\System32\rhdtjvxa.ini

[2008/02/17 09:08:17 | 001,242,181 | -HS- | C] () -- C:\WINDOWS\System32\sjnhvwkl.ini

[2008/02/16 09:07:57 | 001,242,121 | -HS- | C] () -- C:\WINDOWS\System32\xbtfsuew.ini

[2008/02/15 09:11:08 | 001,239,166 | -HS- | C] () -- C:\WINDOWS\System32\fvuxpkkv.ini

[2008/02/15 09:08:08 | 001,341,431 | -HS- | C] () -- C:\WINDOWS\System32\eqthpwos.ini

[2008/02/14 09:10:19 | 001,241,600 | -HS- | C] () -- C:\WINDOWS\System32\arqahwik.ini

[2008/02/14 09:07:17 | 001,241,300 | -HS- | C] () -- C:\WINDOWS\System32\owgfnsqq.ini

[2008/02/09 00:11:39 | 001,241,240 | -HS- | C] () -- C:\WINDOWS\System32\drxoichm.ini

[2008/02/09 00:08:50 | 001,220,530 | -HS- | C] () -- C:\WINDOWS\System32\tymtiusj.ini

[2008/02/08 00:13:33 | 001,203,359 | -HS- | C] () -- C:\WINDOWS\System32\vqvpefog.ini

[2008/02/08 00:07:33 | 001,206,702 | -HS- | C] () -- C:\WINDOWS\System32\qoobdjti.ini

[2008/02/07 00:10:33 | 001,186,980 | -HS- | C] () -- C:\WINDOWS\System32\fdtntqej.ini

[2008/02/07 00:07:33 | 001,201,383 | -HS- | C] () -- C:\WINDOWS\System32\svjqdnaj.ini

[2008/02/06 00:12:19 | 001,193,670 | -HS- | C] () -- C:\WINDOWS\System32\opvncnte.ini

[2008/02/06 00:09:20 | 001,194,337 | -HS- | C] () -- C:\WINDOWS\System32\npnrxskl.ini

[2008/02/05 00:09:19 | 001,192,298 | -HS- | C] () -- C:\WINDOWS\System32\jimwtrbd.ini

[2008/02/05 00:06:20 | 001,192,238 | -HS- | C] () -- C:\WINDOWS\System32\hdxrjoxd.ini

[2008/02/04 00:09:19 | 001,188,492 | -HS- | C] () -- C:\WINDOWS\System32\fdkgftxq.ini

[2008/02/04 00:03:30 | 001,188,432 | -HS- | C] () -- C:\WINDOWS\System32\wihvoeyk.ini

[2008/02/02 00:09:36 | 001,122,763 | -HS- | C] () -- C:\WINDOWS\System32\afddsfgg.ini

[2008/02/02 00:03:36 | 001,158,150 | -HS- | C] () -- C:\WINDOWS\System32\orfdrbbo.ini

[2008/02/01 00:09:36 | 001,151,881 | -HS- | C] () -- C:\WINDOWS\System32\suryrasa.ini

[2008/02/01 00:06:36 | 001,164,224 | -HS- | C] () -- C:\WINDOWS\System32\cnimnurv.ini

[2008/01/31 00:12:36 | 001,159,539 | -HS- | C] () -- C:\WINDOWS\System32\ffsoiqdb.ini

[2008/01/31 00:09:36 | 001,181,658 | -HS- | C] () -- C:\WINDOWS\System32\arlkbftp.ini

[2008/01/30 00:09:33 | 001,167,485 | -HS- | C] () -- C:\WINDOWS\System32\omcbatjq.ini

[2008/01/30 00:06:36 | 001,167,365 | -HS- | C] () -- C:\WINDOWS\System32\fbefjfqm.ini

[2008/01/29 00:12:33 | 001,162,447 | -HS- | C] () -- C:\WINDOWS\System32\wwvmkrbk.ini

[2008/01/29 00:06:35 | 001,162,387 | -HS- | C] () -- C:\WINDOWS\System32\neuktfev.ini

[2008/01/28 00:09:33 | 001,143,050 | -HS- | C] () -- C:\WINDOWS\System32\qrnrnhas.ini

[2008/01/28 00:06:36 | 001,142,990 | -HS- | C] () -- C:\WINDOWS\System32\kyjuapyk.ini

[2008/01/27 00:12:34 | 001,142,632 | -HS- | C] () -- C:\WINDOWS\System32\surfsnod.ini

[2008/01/27 00:06:48 | 001,142,572 | -HS- | C] () -- C:\WINDOWS\System32\tphatfxt.ini

[2008/01/24 19:26:55 | 001,130,338 | -HS- | C] () -- C:\WINDOWS\System32\yetxvstb.ini

[2008/01/24 19:24:09 | 001,130,098 | -HS- | C] () -- C:\WINDOWS\System32\plrrxyci.ini

[2008/01/23 07:29:39 | 001,116,654 | -HS- | C] () -- C:\WINDOWS\System32\xuiiyfxx.ini

[2008/01/23 07:23:51 | 001,109,005 | -HS- | C] () -- C:\WINDOWS\System32\upusbnuv.ini

[2008/01/21 19:25:57 | 001,089,496 | -HS- | C] () -- C:\WINDOWS\System32\wnxdlnes.ini

[2008/01/21 19:23:20 | 001,089,316 | -HS- | C] () -- C:\WINDOWS\System32\gxnooolr.ini

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini2

[2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini

[2007/09/19 13:45:26 | 000,000,428 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI

[2007/07/31 11:14:09 | 000,160,256 | -H-- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2007/07/30 19:02:11 | 000,001,431 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log

[2007/07/24 22:21:44 | 000,000,080 | ---- | C] () -- C:\WINDOWS\sierra.ini

[2007/07/24 21:04:47 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll

[2007/07/22 20:05:07 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI

[2007/07/22 09:10:13 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2004/03/18 07:44:29 | 001,663,068 | ---- | C] () -- C:\WINDOWS\System32\libmmd.dll

[2003/02/26 16:47:14 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\MimicICM.dll

[2002/10/06 14:42:57 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll

[2002/10/04 19:04:25 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll

[2002/10/04 19:04:24 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll

[2002/10/04 19:04:17 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll

[1999/01/27 14:39:06 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\indounin.dll

[1997/06/13 08:56:08 | 000,056,832 | ---- | C] () -- C:\WINDOWS\System32\Iyvu9_32.dll

========== LOP Check ==========

[2008/09/25 20:20:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Facebook

[2007/11/06 13:31:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\FotoWire

[2010/10/16 11:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ImgBurn

[2008/05/18 22:14:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\InterVideo

[2009/06/10 22:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Notepad++

[2010/08/04 18:09:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Propellerhead Software

[2009/05/05 19:35:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ScanSoft

[2009/05/22 16:28:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SSH

[2009/06/23 09:53:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Leapfrog

[2007/07/24 21:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/08/04 18:07:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Propellerhead Software

[2008/10/05 16:20:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft

[2007/07/24 21:06:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SmartSound Software Inc

[2008/08/31 13:53:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SpinTop Games

========== Purity Check ==========

========== Files - Unicode (All) ==========

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

[2008/01/22 18:14:15 | 000,000,000 | ---D | M](C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

(C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET) -- C:\Documents and Settings\Administrator\Application Data\?icrosoft.NET

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Outlook.pst:SummaryInformation

@Alternate Data Stream - 88 bytes -> C:\C Drive Outlook.pst:SummaryInformation

< End of report >

*********************************** Extras .txt ************************

OTL Extras logfile created on: 10/17/2010 8:51:51 PM - Run 1

OTL by OldTimer - Version 3.2.15.2 Folder = C:\Documents and Settings\Administrator\Desktop

Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 754.00 Mb Available Physical Memory | 74.00% Memory free

2.00 Gb Paging File | 2.00 Gb Available in Paging File | 94.00% Paging File free

Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 291.82 Gb Total Space | 237.12 Gb Free Space | 81.26% Space Free | Partition Type: NTFS

Drive H: | 6.27 Gb Total Space | 0.88 Gb Free Space | 14.11% Space Free | Partition Type: NTFS

Computer Name: NATHANMAIN | User Name: Administrator | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: All users | Quick Scan

Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 90 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

http [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

https [open] -- "C:\Program Files\Mozilla Firefox\firefox.exe" -requestPending -osint -url "%1" (Mozilla Corporation)

piffile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)

Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)

Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 1

"FirewallOverride" = 0

"AntiVirusDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004

"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005

"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001

"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"C:\WINDOWS\system32\hruxdacq.exe" = C:\WINDOWS\system32\hru

"C:\WINDOWS\system32\jwtysbwh.exe" = C:\WINDOWS\system32\jwtymgr.exe -- File not found

"C:\WINDOWS\system32\dyennlnj.exe" = C:\WINDOWS\system32\dyenmgr.exe -- File not found

"C:\Program Files\Trillian\trillian.exe" = C:\Program Files\Trillian\trillian.exe:*:Enabled:Trillian -- (Cerulean Studios)

"C:\Program Files\InterVideo\DVD8\WinDVD.exe" = C:\Program Files\InterVideo\DVD8\WinDVD.exe:*:Enabled:WinDVD -- (InterVideo Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe:*:Enabled:Logitech Desktop Messenger -- (Logitech Inc.)

"C:\Documents and Settings\Administrator\Application Data\Facebook\facebook.exe" = C:\Documents and Settings\Administrator\Application Data\Facebook\facebook.exe:*:Enabled:facebook -- File not found

"C:\WINDOWS\system32\ftp.exe" = C:\WINDOWS\system32\ftp.exe:*:Enabled:File Transfer Program -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\rapimgr.exe" = C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\wcescomm.exe" = C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager -- (Microsoft Corporation)

"C:\Program Files\Microsoft ActiveSync\WCESMgr.exe" = C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application -- (Microsoft Corporation)

"C:\Program Files\FTP Commander\Ftpcomm.exe" = C:\Program Files\FTP Commander\Ftpcomm.exe:*:Enabled:Ftpcomm -- ()

"C:\Program Files\Starcraft\StarCraft.exe" = C:\Program Files\Starcraft\StarCraft.exe:*:Enabled:Starcraft -- (Blizzard Entertainment)

"C:\Program Files\Steam\steamapps\themerlot@hotmail.com\counter-strike\hl.exe" = C:\Program Files\Steam\steamapps\themerlot@hotmail.com\counter-strike\hl.exe:*:Enabled:Half-Life Launcher -- (Valve)

"C:\Program Files\MSN Messenger\livecall.exe" = C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{048298C9-A4D3-490B-9FF9-AB023A9238F3}" = Steam

"{04AF207D-9A77-465A-8B76-991F6AB66245}" = Adobe Help Viewer CS3

"{0650BB10-BCF4-400A-85EE-04097E3046C6}" = Adobe Setup

"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour

"{08B32819-6EEF-4057-AEDA-5AB681A36A23}" = Adobe Bridge Start Meeting

"{08CA9554-B5FE-4313-938F-D4A417B81175}" = QuickTime

"{0B33B738-AD79-4E32-90C5-E67BFB10BBFF}" = AiO_Scan

"{0E2B8E14-F138-4FC6-8C8E-9DAF371DFADF}" = LeapFrog Leapster2 Plugin

"{1DB2FBA5-D57A-42A7-8E87-5B3EEBED8283}" = Wal-Mart Music Downloads Store

"{20471B27-D702-4FE8-8DEC-0702CC8C0A85}" = InterVideo WinDVD 8

"{205C6BDD-7B73-42DE-8505-9A093F35A238}" = Windows Live Upload Tool

"{22B775E7-6C42-4FC5-8E10-9A5E3257BD94}" = MSVCRT

"{2BC2781A-F7F6-452E-95EB-018A522F1B2C}" = PaperPort Image Printer

"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java 6 Update 3

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{3A08B59E-A9F0-4F4D-B7E5-6875D7F13327}" = Brother MFL-Pro Suite MFC-290C

"{3B62CF95-5E25-4720-A3D6-B4A2B0501961}" = Browser Highlighter - Firefox

"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX

"{44734179-8A79-4DEE-BB08-73037F065543}" = Apple Mobile Device Support

"{45338B07-A236-4270-9A77-EBB4115517B5}" = Windows Live Sign-in Assistant

"{47FB62DF-832D-485F-95FC-C93BB08B8FE3}" = LeapFrog Connect

"{49FB31C1-26EC-44c6-AB47-73C66E2BC41E}" = HP PSC & OfficeJet 5.3.B

"{4A7FDA4D-F4D7-4A49-934A-066D59A43C7E}" = SmartSound Quicktracks Plugin

"{541DEAC0-5F3D-45E6-B7CB-94ECF3B96748}" = Skype web features

"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC

"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update

"{6FF5DD7A-FE28-4439-B8CF-1E9AF4EA0A61}" = Adobe Asset Services CS3

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{74E2CD0C-D4A2-11D3-95A6-0000E86CFDE5}" = SSH Secure Shell

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{7A8FF745-BBC5-482B-88E4-18D3178249A9}" = ScanSoft PaperPort 11

"{7C10F5C7-F00F-4BD3-A110-C7D240D2DD25}" = Adobe Dreamweaver CS3

"{81128EE8-8EAD-4DB0-85C6-17C2CE50FF71}" = Windows Live Essentials

"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder

"{8D2BA474-F406-4710-9AE4-D4F22D21F0DD}" = Adobe Device Central CS3

"{8E6808E2-613D-4FCD-81A2-6C8FA8E03312}" = Adobe Type Support

"{900B1197-53F5-4F46-A882-2CFFFE2EEDCB}" = Logitech Desktop Messenger

"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system

"{90176341-0A8B-4CCC-A78D-F862228A6B95}" = Adobe Anchor Service CS3

"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage

"{90850409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Word Viewer 2003

"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting

"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync

"{9C9824D9-9000-4373-A6A5-D0E5D4831394}" = Adobe Bridge CS3

"{9E491AB7-4589-48CA-9CBB-874CB2788391}" = Studio 9

"{9F70BF98-003C-491D-81FC-FF9792206AF0}" = iTunes

"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender

"{A1F66FC9-11EE-4F2F-98C9-16F8D1E69FB7}" = Segoe UI

"{A2B242BD-FF8D-4840-9DAA-9170EABEC59C}" = Adobe CMaps

"{A4D7B764-4140-11D4-88EB-0050DA3579C0}" = Nero - Burning Rom

"{A85FD55B-891B-4314-97A5-EA96C0BD80B5}" = Windows Live Messenger

"{AC76BA86-7AD7-1033-7B44-A81000000003}" = Adobe Reader 8.1.0

"{B376402D-58EA-45EA-BD50-DD924EB67A70}" = HP Memories Disc

"{B3BF6689-A81D-40D8-9A86-4AC4ACD9FC1C}" = Adobe Camera Raw 4.0

"{B9B35331-B7E4-4E5C-BF4C-7BC87856124D}" = Adobe Default Language CS3

"{BE5F3842-8309-4754-92D5-83E02E6077A3}" = Adobe Extension Manager CS3

"{C2D69781-F392-4118-A5A7-C7E9C38DBFC2}" = Adobe ExtendScript Toolkit 2

"{C43048A9-742C-4DAD-90D2-E3B53C9DB825}" = Logitech QuickCam Software

"{C506A18C-1469-4678-B094-F4EC9DAE6DB7}" = Scan

"{D0DFF92A-492E-4C40-B862-A74A173C25C5}" = Adobe Version Cue CS3 Client

"{D103C4BA-F905-437A-8049-DB24763BBE36}" = Skype

Link to post
Share on other sites

Please do this:

Run OTL

  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
    DRV - File not found [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\drivers\bwknr.sys -- (xfufd)
    O3 - HKLM\..\Toolbar: (no name) - - No CLSID value found.
    F3 - HKU\.DEFAULT WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found
    F3 - HKU\S-1-5-18 WinNT: Load - (C:\WINDOWS\System32\pmnnl.exe) - C:\WINDOWS\System32\pmnnl.exe File not found
    O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - CLSID or File not found.
    O30 - LSA: Authentication Packages - (ows\s) - File not found
    O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\AutoRun\command - "" = L:\Setup_FlipShare.exe -- File not found
    O33 - MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\Shell\Setup FlipShare\command - "" = L:\Setup_FlipShare.exe -- File not found
    [2010/10/10 17:59:29 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\.wtav
    [2010/10/10 17:34:38 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\.wtav
    [2008/02/21 10:10:18 | 001,244,504 | -HS- | C] () -- C:\WINDOWS\System32\swuesrhy.ini
    [2008/02/20 09:10:13 | 001,241,679 | -HS- | C] () -- C:\WINDOWS\System32\sdoyqhuc.ini
    [2008/02/19 09:10:16 | 001,239,465 | -HS- | C] () -- C:\WINDOWS\System32\eaaywoxw.ini
    [2008/02/18 21:27:47 | 001,238,313 | -HS- | C] () -- C:\WINDOWS\System32\rhdtjvxa.ini
    [2008/02/17 09:08:17 | 001,242,181 | -HS- | C] () -- C:\WINDOWS\System32\sjnhvwkl.ini
    [2008/02/16 09:07:57 | 001,242,121 | -HS- | C] () -- C:\WINDOWS\System32\xbtfsuew.ini
    [2008/02/15 09:11:08 | 001,239,166 | -HS- | C] () -- C:\WINDOWS\System32\fvuxpkkv.ini
    [2008/02/15 09:08:08 | 001,341,431 | -HS- | C] () -- C:\WINDOWS\System32\eqthpwos.ini
    [2008/02/14 09:10:19 | 001,241,600 | -HS- | C] () -- C:\WINDOWS\System32\arqahwik.ini
    [2008/02/14 09:07:17 | 001,241,300 | -HS- | C] () -- C:\WINDOWS\System32\owgfnsqq.ini
    [2008/02/09 00:11:39 | 001,241,240 | -HS- | C] () -- C:\WINDOWS\System32\drxoichm.ini
    [2008/02/09 00:08:50 | 001,220,530 | -HS- | C] () -- C:\WINDOWS\System32\tymtiusj.ini
    [2008/02/08 00:13:33 | 001,203,359 | -HS- | C] () -- C:\WINDOWS\System32\vqvpefog.ini
    [2008/02/08 00:07:33 | 001,206,702 | -HS- | C] () -- C:\WINDOWS\System32\qoobdjti.ini
    [2008/02/07 00:10:33 | 001,186,980 | -HS- | C] () -- C:\WINDOWS\System32\fdtntqej.ini
    [2008/02/07 00:07:33 | 001,201,383 | -HS- | C] () -- C:\WINDOWS\System32\svjqdnaj.ini
    [2008/02/06 00:12:19 | 001,193,670 | -HS- | C] () -- C:\WINDOWS\System32\opvncnte.ini
    [2008/02/06 00:09:20 | 001,194,337 | -HS- | C] () -- C:\WINDOWS\System32\npnrxskl.ini
    [2008/02/05 00:09:19 | 001,192,298 | -HS- | C] () -- C:\WINDOWS\System32\jimwtrbd.ini
    [2008/02/05 00:06:20 | 001,192,238 | -HS- | C] () -- C:\WINDOWS\System32\hdxrjoxd.ini
    [2008/02/04 00:09:19 | 001,188,492 | -HS- | C] () -- C:\WINDOWS\System32\fdkgftxq.ini
    [2008/02/04 00:03:30 | 001,188,432 | -HS- | C] () -- C:\WINDOWS\System32\wihvoeyk.ini
    [2008/02/02 00:09:36 | 001,122,763 | -HS- | C] () -- C:\WINDOWS\System32\afddsfgg.ini
    [2008/02/02 00:03:36 | 001,158,150 | -HS- | C] () -- C:\WINDOWS\System32\orfdrbbo.ini
    [2008/02/01 00:09:36 | 001,151,881 | -HS- | C] () -- C:\WINDOWS\System32\suryrasa.ini
    [2008/02/01 00:06:36 | 001,164,224 | -HS- | C] () -- C:\WINDOWS\System32\cnimnurv.ini
    [2008/01/31 00:12:36 | 001,159,539 | -HS- | C] () -- C:\WINDOWS\System32\ffsoiqdb.ini
    [2008/01/31 00:09:36 | 001,181,658 | -HS- | C] () -- C:\WINDOWS\System32\arlkbftp.ini
    [2008/01/30 00:09:33 | 001,167,485 | -HS- | C] () -- C:\WINDOWS\System32\omcbatjq.ini
    [2008/01/30 00:06:36 | 001,167,365 | -HS- | C] () -- C:\WINDOWS\System32\fbefjfqm.ini
    [2008/01/29 00:12:33 | 001,162,447 | -HS- | C] () -- C:\WINDOWS\System32\wwvmkrbk.ini
    [2008/01/29 00:06:35 | 001,162,387 | -HS- | C] () -- C:\WINDOWS\System32\neuktfev.ini
    [2008/01/28 00:09:33 | 001,143,050 | -HS- | C] () -- C:\WINDOWS\System32\qrnrnhas.ini
    [2008/01/28 00:06:36 | 001,142,990 | -HS- | C] () -- C:\WINDOWS\System32\kyjuapyk.ini
    [2008/01/27 00:12:34 | 001,142,632 | -HS- | C] () -- C:\WINDOWS\System32\surfsnod.ini
    [2008/01/27 00:06:48 | 001,142,572 | -HS- | C] () -- C:\WINDOWS\System32\tphatfxt.ini
    [2008/01/24 19:26:55 | 001,130,338 | -HS- | C] () -- C:\WINDOWS\System32\yetxvstb.ini
    [2008/01/24 19:24:09 | 001,130,098 | -HS- | C] () -- C:\WINDOWS\System32\plrrxyci.ini
    [2008/01/23 07:29:39 | 001,116,654 | -HS- | C] () -- C:\WINDOWS\System32\xuiiyfxx.ini
    [2008/01/23 07:23:51 | 001,109,005 | -HS- | C] () -- C:\WINDOWS\System32\upusbnuv.ini
    [2008/01/21 19:25:57 | 001,089,496 | -HS- | C] () -- C:\WINDOWS\System32\wnxdlnes.ini
    [2008/01/21 19:23:20 | 001,089,316 | -HS- | C] () -- C:\WINDOWS\System32\gxnooolr.ini
    [2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini2
    [2008/01/20 17:07:56 | 000,237,521 | -HS- | C] () -- C:\WINDOWS\System32\lnnmp.ini
    :Commands
    [emptytemp]


  • Then click the Run Fix button at the top
  • Let the program run unhindered, when done it will say "Fix Complete press ok to open the log"
  • Please post that log in your next reply. Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTL\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

MrC

Link to post
Share on other sites

I did have to reboot.

*************************

All processes killed

========== OTL ==========

Service xfufd stopped successfully!

Service xfufd deleted successfully!

File C:\WINDOWS\System32\drivers\bwknr.sys not found.

Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\ deleted successfully.

Registry value HKEY_USERS\.DEFAULT\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\WINDOWS\System32\pmnnl.exe deleted successfully.

Registry value HKEY_USERS\S-1-5-18\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:C:\WINDOWS\System32\pmnnl.exe deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\CDBurn deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{fbeb8a05-beee-4442-804e-409d6c4515e9}\ deleted successfully.

Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:ows\s deleted successfully.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\ deleted successfully.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5500450e-f96f-11dd-b595-0000216381c5}\ not found.

File L:\Setup_FlipShare.exe not found.

Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{5500450e-f96f-11dd-b595-0000216381c5}\ not found.

Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{5500450e-f96f-11dd-b595-0000216381c5}\ not found.

File L:\Setup_FlipShare.exe not found.

C:\Documents and Settings\All Users\Application Data\.wtav moved successfully.

File C:\Documents and Settings\All Users\Application Data\.wtav not found.

C:\WINDOWS\system32\swuesrhy.ini moved successfully.

C:\WINDOWS\system32\sdoyqhuc.ini moved successfully.

C:\WINDOWS\system32\eaaywoxw.ini moved successfully.

C:\WINDOWS\system32\rhdtjvxa.ini moved successfully.

C:\WINDOWS\system32\sjnhvwkl.ini moved successfully.

C:\WINDOWS\system32\xbtfsuew.ini moved successfully.

C:\WINDOWS\system32\fvuxpkkv.ini moved successfully.

C:\WINDOWS\system32\eqthpwos.ini moved successfully.

C:\WINDOWS\system32\arqahwik.ini moved successfully.

C:\WINDOWS\system32\owgfnsqq.ini moved successfully.

C:\WINDOWS\system32\drxoichm.ini moved successfully.

C:\WINDOWS\system32\tymtiusj.ini moved successfully.

C:\WINDOWS\system32\vqvpefog.ini moved successfully.

C:\WINDOWS\system32\qoobdjti.ini moved successfully.

C:\WINDOWS\system32\fdtntqej.ini moved successfully.

C:\WINDOWS\system32\svjqdnaj.ini moved successfully.

C:\WINDOWS\system32\opvncnte.ini moved successfully.

C:\WINDOWS\system32\npnrxskl.ini moved successfully.

C:\WINDOWS\system32\jimwtrbd.ini moved successfully.

C:\WINDOWS\system32\hdxrjoxd.ini moved successfully.

C:\WINDOWS\system32\fdkgftxq.ini moved successfully.

C:\WINDOWS\system32\wihvoeyk.ini moved successfully.

C:\WINDOWS\system32\afddsfgg.ini moved successfully.

C:\WINDOWS\system32\orfdrbbo.ini moved successfully.

C:\WINDOWS\system32\suryrasa.ini moved successfully.

C:\WINDOWS\system32\cnimnurv.ini moved successfully.

C:\WINDOWS\system32\ffsoiqdb.ini moved successfully.

C:\WINDOWS\system32\arlkbftp.ini moved successfully.

C:\WINDOWS\system32\omcbatjq.ini moved successfully.

C:\WINDOWS\system32\fbefjfqm.ini moved successfully.

C:\WINDOWS\system32\wwvmkrbk.ini moved successfully.

C:\WINDOWS\system32\neuktfev.ini moved successfully.

C:\WINDOWS\system32\qrnrnhas.ini moved successfully.

C:\WINDOWS\system32\kyjuapyk.ini moved successfully.

C:\WINDOWS\system32\surfsnod.ini moved successfully.

C:\WINDOWS\system32\tphatfxt.ini moved successfully.

C:\WINDOWS\system32\yetxvstb.ini moved successfully.

C:\WINDOWS\system32\plrrxyci.ini moved successfully.

C:\WINDOWS\system32\xuiiyfxx.ini moved successfully.

C:\WINDOWS\system32\upusbnuv.ini moved successfully.

C:\WINDOWS\system32\wnxdlnes.ini moved successfully.

C:\WINDOWS\system32\gxnooolr.ini moved successfully.

C:\WINDOWS\system32\lnnmp.ini2 moved successfully.

C:\WINDOWS\system32\lnnmp.ini moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

->Temp folder emptied: 118619 bytes

->Temporary Internet Files folder emptied: 167743 bytes

->Java cache emptied: 0 bytes

->FireFox cache emptied: 50801307 bytes

->Flash cache emptied: 10900 bytes

User: All Users

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 81920569 bytes

->Flash cache emptied: 11302 bytes

User: nathan

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 67 bytes

->FireFox cache emptied: 5499821 bytes

->Flash cache emptied: 405 bytes

User: NetworkService

->Temp folder emptied: 6232 bytes

->Temporary Internet Files folder emptied: 22390420 bytes

->Flash cache emptied: 9439 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 1119318 bytes

%systemroot%\System32 .tmp files removed: 2577 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 34227 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 730483 bytes

RecycleBin emptied: 792576 bytes

Total Files Cleaned = 156.00 mb

OTL by OldTimer - Version 3.2.15.2 log created on 10172010_220949

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
  • Recently Browsing   0 members

    • No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.