System Tool 2011 infected

[vastchoirs]

Hope this can finally be taken care of. Here is what I have done thus far.

As instructed, I downloaded Malwarebytes and updated the software. I did this in Safe Mode with Networking. I went into Safe Mode with Networking and ran Malwarebytes, the log generated in zipped below with attach.txt. Rebooted back into Safe Mode with Networking.

Then:

Ran my AVG 8.5 updated Anti-virus.

Downloaded and ran Defogger, which disabled my CD Emulation drivers as instructed

Downloaded and ran DDS, which generated my dds.txt and attach.txt files. Which I save to my desktop.

I saved my most recent Malwarebytes generated logs, and have zipped it with the attach.txt file (see below)

I have copy and pasted my dds.txt file below this text.

I attempted to download the file GMER Rootkit Scanner but, the site comes up as unable to connect. I tested the site on my laptop as well, and the same issue came about. So, I was not able to run this software and generate the file associated with this.

So, I await my next instructions. I hope this will be my final run in with this pain in the you know what...virus

DDS.TXT:

DDS (Ver_10-12-12.02) - NTFSx86 NETWORK

Run by Queness at 18:16:51.64 on Wed 12/15/2010

Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_22

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1136 [GMT -5:00]

AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}

============== Running Processes ===============

C:\WINDOWS\system32\svchost -k DcomLaunch

svchost.exe

C:\WINDOWS\system32\svchost.exe -k netsvcs

svchost.exe

svchost.exe

C:\WINDOWS\Explorer.EXE

C:\Program Files\Mozilla Firefox\firefox.exe

C:\Documents and Settings\Queness\Desktop\dds.com

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.google.com/

uSearch Page = hxxp://www.google.com

uSearch Bar = hxxp://www.google.com/ie

uInternet Settings,ProxyServer = http=localhost:7171

uInternet Settings,ProxyOverride = *.local;<local>

mSearchAssistant = hxxp://www.google.com/ie

uURLSearchHooks: H - No File

uURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

uURLSearchHooks: H - No File

mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

mWinlogon: SfcDisable=-99 (0xffffff9d)

uWindows: load=?

uWindows: Run=?

BHO: {02478D38-C3F9-4efb-9B51-7695ECA05670} - No File

BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll

BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - c:\progra~1\spybot~1\SDHelper.dll

BHO: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

BHO: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll

BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll

TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll

TB: Search Toolbar: {9d425283-d487-4337-bab6-ab8354a81457} - c:\program files\search toolbar\SearchToolbar.dll

TB: LimeWire Toolbar: {d4027c7f-154a-4066-a1ad-4243d8127440} - c:\program files\ask.com\GenericAskToolbar.dll

uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe

uRun: [EA Core] "c:\program files\electronic arts\eadm\Core.exe" -silent

uRun: [AdobeUpdater] c:\program files\common files\adobe\updater5\AdobeUpdater.exe

uRun: [searchEngineProtection] c:\program files\gamesbar\SearchEngineProtection.exe

uRunOnce: [gKeBm06308] c:\documents and settings\all users\application data\gkebm06308\gKeBm06308.exe

mRun: [sunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"

mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup

mRun: [MMTray] "c:\program files\musicmatch\musicmatch jukebox\mm_tray.exe"

mRun: [mmtask] "c:\program files\musicmatch\musicmatch jukebox\mmtask.exe"

mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime

mRun: [MSConfig] c:\windows\pchealth\helpctr\binaries\MSConfig.exe /auto

dRunOnce: [nltide_3] rundll32 advpack.dll,LaunchINFSectionEx nLite.inf,C,,4,N

IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office12\EXCEL.EXE/3000

IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe

IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe

IE: {1A93C934-025B-4c3a-B38E-9654A7003239} - {6F282B65-56BF-4BD1-A8B2-A4449A05863D}

IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - c:\progra~1\spybot~1\SDHelper.dll

DPF: {00000055-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/A/7/D/A7D1EBE3-8E78-4CBE-B22B-EEECF9E3A1BC/fhg.CAB

DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab

DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} - hxxp://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab

DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab

DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} - hxxp://cdn.scan.onecare.live.com/resource/download/scanner/wlscbase5483.cab

DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} - hxxp://www.nvidia.com/content/DriverDownload/srl/2.0.0.1/sysreqlab2.cab

DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1283410721833

DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} - hxxp://pogoclub.oberon-media.com/online2/pogop/luxor_amun_rising/mjolauncher.cab

DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_10-windows-i586.cab

DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab

DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/get/shockwave/cabs/flash/swflash.cab

Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll

Notify: avgrsstarter - avgrsstx.dll

SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\queness\applic~1\mozilla\firefox\profiles\bjahqt6d.default\

FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?fr=ffsp1&p=

FF - prefs.js: browser.search.selectedEngine - Yahoo! Search

FF - prefs.js: browser.startup.homepage - www.google.com

FF - prefs.js: keyword.URL - hxxp://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p=

FF - component: c:\documents and settings\queness\application data\mozilla\firefox\profiles\bjahqt6d.default\extensions\toolbar@ask.com\chrome\content\AudioService.dll

FF - component: c:\program files\avg\avg8\firefox\components\avgssff.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils2.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils3.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\IGeared_tavgp_xputils35.dll

FF - component: c:\program files\avg\avg8\toolbar\firefox\avg@igeared\components\xpavgtbapi.dll

FF - plugin: c:\program files\common files\oberon media\ncadapter\1.0.0.7\npapicomadapter.dll

FF - plugin: c:\program files\java\jre6\bin\new_plugin\npdeployJava1.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnu.dll

FF - plugin: c:\program files\mozilla firefox\plugins\npdnupdater2.dll

FF - Ext: Default: {972ce4c6-7e08-4474-a285-3208198ce6fd} - c:\program files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

FF - Ext: Java Console: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

FF - Ext: Oberon GamesBar: gamesbar@oberon-media.com - %profile%\extensions\gamesbar@oberon-media.com

FF - Ext: LimeWire Toolbar: toolbar@ask.com - %profile%\extensions\toolbar@ask.com

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - %profile%\extensions\{20a82645-c095-46ed-80e3-08825760534b}

FF - Ext: Yahoo! Toolbar: {635abd67-4fe9-1b23-4f01-e679fa7484c1} - %profile%\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

FF - Ext: AVG Security Toolbar em:version=3.011.025.005 em:displayname=AVG Security Toolbar em:iconURL=chrome://tavgp/skin/logo.ico em:creator=AVG Technologies em:description=AVG Security Toolbar em:homepageURL=http://www.avg.com >: avg@igeared - c:\program files\avg\avg8\toolbar\firefox\avg@igeared

FF - Ext: AVG Safe Search: {3f963a5b-e555-4543-90e2-c3908898db71} - c:\program files\avg\avg8\Firefox

FF - Ext: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\DotNetAssistantExtension

FF - Ext: Java Quick Starter: jqs@sun.com - c:\program files\java\jre6\lib\deploy\jqs\ff

---- FIREFOX POLICIES ----

FF - user.js: network.protocol-handler.warn-external.dnupdate - false);user_pref(yahoo.ytff.general.dontshowhpoffer, true);user_pref(network.protocol-handler.warn-external.dnupdate, false

============= SERVICES / DRIVERS ===============

R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-5-25 108552]

S0 ymfwuc;ymfwuc;c:\windows\system32\drivers\jctk.sys --> c:\windows\system32\drivers\jctk.sys [?]

S1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-5-25 335240]

S1 AvgMfx86;AVG On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2009-5-25 27784]

S2 Akamai;Akamai NetSession Interface;c:\windows\system32\svchost.exe -k Akamai [2004-8-3 14336]

S2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-6-18 908056]

S2 avg8wd;AVG8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-5-25 297752]

S2 npf;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [2007-11-15 34064]

S3 JmtFltr;n52te;c:\windows\system32\drivers\jmtfltr.sys --> c:\windows\system32\drivers\JmtFltr.sys [?]

=============== File Associations ===============

regfile="%1" %*

=============== Created Last 30 ================

2010-12-15 19:00:00 -------- d-----w- c:\docume~1\alluse~1\applic~1\gKeBm06308

2010-12-14 20:33:46 40960 ------w- c:\windows\system32\dllcache\ndproxy.sys

2010-12-14 20:32:54 45568 ------w- c:\windows\system32\dllcache\wab.exe

2010-12-11 14:49:47 -------- d-----w- c:\docume~1\alluse~1\applic~1\cJhCp06301

2010-12-04 17:59:05 -------- d-----w- c:\docume~1\queness\applic~1\PhotoScape

2010-12-04 17:58:50 -------- d-----w- c:\program files\PhotoScape

2010-11-27 22:43:47 -------- d-----w- c:\docume~1\queness\applic~1\Oberon Media

2010-11-27 22:43:45 -------- d-----w- c:\docume~1\alluse~1\applic~1\GamesBar

2010-11-27 22:43:42 -------- d-----w- c:\program files\GamesBar

2010-11-27 22:43:42 -------- d-----w- c:\program files\common files\Oberon Media

2010-11-27 22:43:40 -------- d-----w- c:\program files\Oberon Media

2010-11-18 18:12:44 81920 ------w- c:\windows\system32\dllcache\isign32.dll

==================== Find3M ====================

2010-11-18 18:12:44 81920 ----a-w- c:\windows\system32\isign32.dll

2010-11-06 00:26:58 916480 ----a-w- c:\windows\system32\wininet.dll

2010-11-06 00:26:58 43520 ----a-w- c:\windows\system32\licmgr10.dll

2010-11-06 00:26:58 1469440 ----a-w- c:\windows\system32\inetcpl.cpl

2010-11-03 12:25:54 385024 ----a-w- c:\windows\system32\html.iec

2010-10-28 13:13:22 290048 ----a-w- c:\windows\system32\atmfd.dll

2010-10-26 13:25:00 1853312 ----a-w- c:\windows\system32\win32k.sys

2010-09-18 16:23:26 974848 ----a-w- c:\windows\system32\mfc42u.dll

2010-09-18 06:53:25 974848 ----a-w- c:\windows\system32\mfc42.dll

2010-09-18 06:53:25 954368 ----a-w- c:\windows\system32\mfc40.dll

2010-09-18 06:53:25 953856 ----a-w- c:\windows\system32\mfc40u.dll

2010-08-08 13:39:54 452 ----a-w- c:\program files\080820109395460.bat

============= FINISH: 18:17:45.45 ===============

mbam_log_2010_12_15__14_20_11_.zip

[Maniac]

Hello vastchoirs! Welcome to Malwarebytes' Anti-Malware Forums!

My name is Borislav and I will be glad to help you solve your problems with malware. Before we begin, please note the following:

• The process of cleaning your system may take some time, so please be patient.
  
• Follow my instructions step by step if there is a problem somewhere, stop and tell me.
  
• Stay with the thread until I tell you that your system is clean. Missing symptoms does not mean that everything is okay.
  
• Instructions that I give are for your system only!
  
• If you don't know or can't understand something please ask.
  
• Do not install or uninstall any software or hardware, while work on.
  
• Keep me informed about any changes.
  

Step 1

Going over your logs I noticed that you have LimeWire installed.

• Avoid gaming sites, pirated software, cracking tools, keygens, and peer-to-peer (P2P) file sharing programs.
  
• They are a security risk which can make your computer susceptible to a smorgasbord of malware infections, remote attacks, exposure of personal information, and identity theft. Many malicious worms and Trojans spread across P2P file sharing networks, gaming and underground sites.
  
• Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install viruses, Trojans and spyware. Ads are a target for hackers because they offer a stealthy way to distribute malware to a wide range of Internet users.
  
• The best way to reduce the risk of infection is to avoid these types of web sites and not use any P2P applications.
  

It is pretty much certain that if you continue to use P2P programs, you will get infected again.

I would recommend that you uninstall LimeWire, however that choice is up to you. If you choose to remove these programs, you can do so via Start > Control Panel > Add/Remove Programs.

If you wish to keep it, please do not use it until your computer is cleaned.

Step 2

I see the Ask Toolbar in your log.

I strongly recommend you remove Ask Toolbar from your computer because:

• It promotes its toolbars on sites targeted at kids.
  
• It promotes its toolbars through ads that appear to be part of other companies' sites.
  
• It promotes its toolbars through other companies' spyware.
  
• It is Installed without any disclosure whatsoever and without any consent from the user whatsoever.
  
• It Solicits installations via "deceptive door openers" that do not accurately describe the offer; failing to affirmatively show a license agreement; linking to a EULA via an off-screen link.
  
• It makes confusing changes to user's browsers -- increasing Ask's revenues while taking users to pages they didn't intend to visit.
  

You can read more about Ask.com here

To remove it:

Click Start-->Control Panel-->Programs and Features

Click on the program name AskBarDis to highlight it

From the menu at the top, select Uninstall or Remove.

Please reboot the computer.

Step 3

I also see you have Viewpoint installed...

Viewpoint Manager is considered as foistware instead of malware since it is installed without users approval but doesn't spy or do anything "bad". This will change from what we know in 2006 read this article: http://www.clickz.com/news/article.php/3561546

I suggest you remove the program now. Go to Start > Settings > Control Panel > Add/Remove Programs and remove the following programs if present.

• 
  
• Viewpoint
  
• Viewpoint Manager
  
• Viewpoint Media Player
  

Step 4

• Download OTL to your desktop.
  
• Double click on the icon to run it. Make sure all other windows are closed to let it run uninterrupted.
  
• When the window appears, underneath Output at the top change it to Minimal Output.
  
• Under the Standard Registry box change it to All.
  
• Check the boxes beside LOP Check and Purity Check.
  
• Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
    

Once OTL has completed its first scan it will save notepad copies of the scans in the folder that OTL was started from. Unless set to produce an Extras log it will only produce OTL.txt in subsequent scans.

A copy of an OTL fix log is saved in a text file at

• :\_OTL\Moved Files
  • in most cases this will be C:\_OTL\Moved Files
    

[vastchoirs]

Okay. Below is the OTL.txt file. Below this post, will be the Extras.txt

I have uninstalled Viewpoint. Ask Toolbar, for some reason not finding it in the suggested location. Meaning Start>Control Panel>Program and Features....I actually do not see an icon at all for Program and Features...But, I can figure out how to uninstall it on my own, after we are finished here. LimeWire, unfortunately the person will not allow me to uninstall it. Women, go figure.

OTL File:

OTL logfile created on: 12/16/2010 2:15:53 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Queness\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 2.93 Gb Free Space | 7.86% Space Free | Partition Type: NTFS

Computer Name: CARRIE | User Name: Queness | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Queness\My Documents\Downloads\OTL.exe (OldTimer Tools)

PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Queness\My Documents\Downloads\OTL.exe (OldTimer Tools)

MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (WUSB54Gv2SVC) -- C:\Program Files\Linksys Wireless-G USB Wireless Network Monitor\WLService.exe WUSB54Gv2.exe File not found

SRV - (Akamai) -- c:\Program Files\Common Files\Akamai\netsession_win_aeec0f0.dll ()

SRV - (Apple Mobile Device) -- C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Apple Inc.)

SRV - (avg8emc) -- C:\Program Files\AVG\AVG8\avgemc.exe (AVG Technologies CZ, s.r.o.)

SRV - (avg8wd) -- C:\Program Files\AVG\AVG8\avgwdsvc.exe (AVG Technologies CZ, s.r.o.)

SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe (AOL LLC)

========== Driver Services (SafeList) ==========

DRV - (ymfwuc) -- C:\WINDOWS\System32\drivers\jctk.sys File not found

DRV - (JmtFltr) -- C:\WINDOWS\System32\Drivers\JmtFltr.sys File not found

DRV - (AvgLdx86) -- C:\WINDOWS\System32\Drivers\avgldx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgMfx86) -- C:\WINDOWS\System32\Drivers\avgmfx86.sys (AVG Technologies CZ, s.r.o.)

DRV - (AvgTdiX) -- C:\WINDOWS\System32\Drivers\avgtdix.sys (AVG Technologies CZ, s.r.o.)

DRV - (gameenum) -- C:\WINDOWS\system32\drivers\gameenum.sys (Microsoft Corporation)

DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\hdaudbus.sys (Windows ® Server 2003 DDK provider)

DRV - (npf) -- C:\WINDOWS\system32\drivers\npf.sys (CACE Technologies)

DRV - (vhidmini) -- C:\WINDOWS\system32\drivers\vhidmini.sys (Windows ® Codename Longhorn DDK provider)

DRV - (sptd) -- C:\WINDOWS\System32\Drivers\sptd.sys (Duplex Secure Ltd.)

DRV - (MDC8021X) AEGIS Protocol (IEEE 802.1x) -- C:\WINDOWS\system32\drivers\mdc8021x.sys (Meetinghouse Data Communications)

DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)

DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.Sys (Realtek Semiconductor Corp.)

DRV - (yukonwxp) -- C:\WINDOWS\system32\drivers\yk51x86.sys (Marvell)

DRV - (AmdK8) -- C:\WINDOWS\system32\drivers\AmdK8.sys (Advanced Micro Devices)

DRV - (SI3132) -- C:\WINDOWS\system32\DRIVERS\SI3132.sys (Silicon Image, Inc.)

DRV - (SiFilter) -- C:\WINDOWS\system32\DRIVERS\SiWinAcc.sys (Silicon Image, Inc.)

DRV - (MTsensor) -- C:\WINDOWS\system32\drivers\ASACPI.sys ()

DRV - (PRISM_A02) -- C:\WINDOWS\system32\drivers\WUSB20XP.sys (Cisco-Linksys, LLC.)

DRV - (GTNDIS5) -- C:\WINDOWS\system32\GTNDIS5.sys (Printing Communications Assoc., Inc. (PCAUSA))

DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)

DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)

DRV - (ms_mpu401) -- C:\WINDOWS\system32\drivers\msmpu401.sys (Microsoft Corporation)

========== Standard Registry (All) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.altavista.com/

IE - HKCU\..\URLSearchHook: *{00000000-6E41-4FD3-8538-502F5495E5FC} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: *{CFBFAE00-17A6-11D0-99CB-00C04FD64497} - Reg Error: Key error. File not found

IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local;<local>

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171

========== FireFox ==========

FF - prefs.js..browser.search.defaultengine: "Ask.com"

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"

FF - prefs.js..browser.search.defaulturl: "http://search.yahoo.com/search?fr=ffsp1&p="

FF - prefs.js..browser.search.order.1: "Ask.com"

FF - prefs.js..browser.search.param.yahoo-fr: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "chrf-ytbm"

FF - prefs.js..browser.search.param.yahoo-type: "${8}"

FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"

FF - prefs.js..browser.search.useDBForOrder: true

FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - prefs.js..extensions.enabledItems: {3f963a5b-e555-4543-90e2-c3908898db71}:8.5.0.429

FF - prefs.js..extensions.enabledItems: avg@igeared:3.011.025.005

FF - prefs.js..extensions.enabledItems: toolbar@ask.com:3.6.13.184

FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1

FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:2.1.1.20091029021655

FF - prefs.js..extensions.enabledItems: {AB2CE124-6272-4b12-94A9-7303C7397BD1}:5.0.0.6778

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22

FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0

FF - prefs.js..extensions.enabledItems: gamesbar@oberon-media.com:1.1.0.66

FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.13

FF - prefs.js..keyword.URL: "http://us.yhs.search.yahoo.com/avg/search?fr=yhs-avg&type=yahoo_avg_hs2-tb-web_us&p="

FF - prefs.js..network.proxy.http: "localhost"

FF - prefs.js..network.proxy.http_port: 7171

FF - prefs.js..network.proxy.no_proxies_on: "*.local,localhost,127.0.0.1"

FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG8\Toolbar\Firefox\avg@igeared [2009/12/29 18:19:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG8\Firefox [2009/12/22 08:45:08 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 02:00:47 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/03/29 10:46:18 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/14 15:49:35 | 000,000,000 | ---D | M]

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/14 15:49:35 | 000,000,000 | ---D | M]

[2010/08/08 12:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Mozilla\Extensions

[2009/05/25 19:50:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Queness\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}

[2010/08/08 12:10:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Mozilla\Extensions\mozswing@mozswing.org

[2010/12/15 16:13:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\extensions

[2009/09/09 07:24:55 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}

[2010/09/19 23:46:29 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}

[2010/07/21 15:36:51 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\extensions\{d0c29249-27c7-4192-aec8-6c84436aeb80}

[2010/11/27 17:43:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\extensions\gamesbar@oberon-media.com

[2010/10/28 10:07:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\extensions\toolbar@ask.com

[2010/12/15 18:06:32 | 000,002,427 | ---- | M] () -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\searchplugins\askcom.xml

[2010/10/26 15:26:46 | 000,001,919 | ---- | M] () -- C:\Documents and Settings\Queness\Application Data\Mozilla\Firefox\Profiles\bjahqt6d.default\searchplugins\bing-zugo.xml

[2010/12/15 16:13:41 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions

[2010/12/14 15:49:26 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}

[2010/12/08 01:26:44 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions\{AB2CE124-6272-4b12-94A9-7303C7397BD1}

[2010/11/03 18:17:13 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}

[2010/12/14 15:49:25 | 000,025,048 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll

[2010/12/14 15:49:25 | 000,140,248 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll

[2010/09/15 03:50:38 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

[2009/07/07 16:20:42 | 000,061,440 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnu.dll

[2009/07/07 16:20:42 | 000,065,536 | ---- | M] (AOL LLC) -- C:\Program Files\Mozilla Firefox\plugins\npdnupdater2.dll

[2009/06/25 12:20:28 | 001,446,264 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\npLegitCheckPlugin.dll

[2010/12/14 15:49:30 | 000,066,520 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll

[2010/08/08 13:23:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll

[2010/08/08 13:23:40 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll

[2010/08/08 13:23:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll

[2010/08/08 13:23:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll

[2010/08/08 13:23:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll

[2010/08/08 13:23:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll

[2010/08/08 13:23:41 | 000,159,744 | ---- | M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll

[2010/10/12 14:18:37 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml

[2010/10/12 14:18:37 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml

[2009/07/01 16:20:21 | 000,001,489 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml

[2010/10/12 14:18:37 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml

[2010/10/12 14:18:37 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml

[2010/10/12 14:18:37 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml

[2010/08/07 17:20:32 | 000,001,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober313379421.xml

[2010/07/08 15:32:21 | 000,001,469 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober359712906.xml

[2010/08/08 08:00:42 | 000,001,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober366189234.xml

[2010/07/11 16:19:25 | 000,001,469 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober621737203.xml

[2010/11/27 17:44:01 | 000,001,600 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\WebSearchober844097312.xml

[2010/10/12 14:18:37 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml

[2010/10/12 14:18:37 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

[2009/04/07 12:59:38 | 000,000,872 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober574824218.gif

[2010/07/04 10:39:25 | 000,000,196 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\Yahooober574824218.src

O1 HOSTS File: ([2008/08/26 06:35:05 | 000,259,874 | R--- | M]) - C:\WINDOWS\system32\drivers\etc\hosts

O1 - Hosts: 127.0.0.1 localhost

O1 - Hosts: 127.0.0.1 www.007guard.com

O1 - Hosts: 127.0.0.1 007guard.com

O1 - Hosts: 127.0.0.1 008i.com

O1 - Hosts: 127.0.0.1 www.008k.com

O1 - Hosts: 127.0.0.1 008k.com

O1 - Hosts: 127.0.0.1 www.00hq.com

O1 - Hosts: 127.0.0.1 00hq.com

O1 - Hosts: 127.0.0.1 010402.com

O1 - Hosts: 127.0.0.1 www.032439.com

O1 - Hosts: 127.0.0.1 032439.com

O1 - Hosts: 127.0.0.1 1001-search.info

O1 - Hosts: 127.0.0.1 www.1001-search.info

O1 - Hosts: 127.0.0.1 100888290cs.com

O1 - Hosts: 127.0.0.1 www.100888290cs.com

O1 - Hosts: 127.0.0.1 100sexlinks.com

O1 - Hosts: 127.0.0.1 www.100sexlinks.com

O1 - Hosts: 127.0.0.1 www.10sek.com

O1 - Hosts: 127.0.0.1 10sek.com

O1 - Hosts: 127.0.0.1 www.123topsearch.com

O1 - Hosts: 127.0.0.1 123topsearch.com

O1 - Hosts: 127.0.0.1 www.132.com

O1 - Hosts: 127.0.0.1 132.com

O1 - Hosts: 127.0.0.1 136136.net

O1 - Hosts: 127.0.0.1 www.136136.net

O1 - Hosts: 9024 more lines...

O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.

O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)

O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O2 - BHO: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O2 - BHO: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O2 - BHO: (Java Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)

O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)

O3 - HKLM\..\Toolbar: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKLM\..\Toolbar: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O3 - HKCU\..\Toolbar\WebBrowser: (Search Toolbar) - {9D425283-D487-4337-BAB6-AB8354A81457} - C:\Program Files\Search Toolbar\SearchToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()

O3 - HKCU\..\Toolbar\WebBrowser: (LimeWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)

O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)

O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)

O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)

O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)

O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)

O4 - HKLM..\Run: [sunJavaUpdateSched] C:\Program Files\Common Files\Java\Java Update\jusched.exe (Sun Microsystems, Inc.)

O4 - HKCU..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe (Adobe Systems Incorporated)

O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)

O4 - HKCU..\Run: [EA Core] C:\Program Files\Electronic Arts\EADM\Core.exe File not found

O4 - HKCU..\Run: [searchEngineProtection] C:\Program Files\GamesBar\SearchEngineProtection.exe (Oberon Media )

O4 - HKCU..\RunOnce: [gKeBm06308] C:\Documents and Settings\All Users\Application Data\gKeBm06308\gKeBm06308.exe (Microsoft Corporation)

F3 - HKCU WinNT: Load - (?) - File not found

F3 - HKCU WinNT: Run - (?) - File not found

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1

O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1

O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145

O9 - Extra 'Tools' menuitem : GamesBar - {1A93C934-025B-4c3a-B38E-9654A7003239} - Reg Error: Value error. File not found

O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)

O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)

O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)

O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)

O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)

O16 - DPF: {00000055-9980-0010-8000-00AA00389B71} http://download.microsoft.com/download/A/7...9E3A1BC/fhg.CAB (Reg Error: Key error.)

O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)

O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (MetaStreamCtl Class)

O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1006.cab (MySpace Uploader Control)

O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab (Windows Live Safety Center Base Module)

O16 - DPF: {67A5F8DC-1A4B-4D66-9F24-A704AD929EEE} http://www.nvidia.com/content/DriverDownlo.../sysreqlab2.cab (System Requirements Lab Class)

O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1283410721833 (MUWebControl Class)

O16 - DPF: {7E980B9B-8AE5-466A-B6D6-DA8CF814E78A} http://pogoclub.oberon-media.com/online2/p...mjolauncher.cab (MJLauncherCtrl Class)

O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-0015-0000-0010-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-...indows-i586.cab (Reg Error: Key error.)

O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_22)

O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.macromedia.com/get/shock...ash/swflash.cab (Shockwave Flash Object)

O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 68.87.64.150 68.87.75.198

O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ipp - No CLSID value found

O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)

O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)

O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp - No CLSID value found

O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)

O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)

O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)

O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)

O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)

O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)

O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)

O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)

O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)

O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)

O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)

O20 - Winlogon\Notify\dimsntfy: DllName - %SystemRoot%\System32\dimsntfy.dll - C:\WINDOWS\system32\dimsntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)

O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)

O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)

O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)

O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)

O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)

O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)

O24 - Desktop Components:0 (My Current Home Page) - About:Home

O24 - Desktop WallPaper: C:\Documents and Settings\Queness\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O24 - Desktop BackupWallPaper: C:\Documents and Settings\Queness\Local Settings\Application Data\Microsoft\Wallpaper1.bmp

O28 - HKLM ShellExecuteHooks: {AEB6717E-7E19-11d0-97EE-00C04FD91972} - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)

O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)

O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)

O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)

O31 - SafeBoot: AlternateShell - cmd.exe

O32 - HKLM CDRom: AutoRun - 1

O32 - AutoRun File - [2006/12/27 01:08:23 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

O34 - HKLM BootExecute: (autocheck autochk *) - File not found

O35 - HKLM\..comfile [open] -- "%1" %*

O35 - HKLM\..exefile [open] -- "%1" %*

O37 - HKLM\...com [@ = comfile] -- "%1" %*

O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2010/12/15 14:00:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\gKeBm06308

[2010/12/14 15:33:46 | 000,040,960 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ndproxy.sys

[2010/12/14 15:32:54 | 000,045,568 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wab.exe

[2010/12/11 09:49:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\cJhCp06301

[2010/12/10 01:09:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Queness\Desktop\Originals

[2010/12/08 01:26:40 | 000,000,000 | -HSD | C] -- C:\Config.Msi

[2010/12/04 12:59:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Queness\Application Data\PhotoScape

[2010/12/04 12:58:50 | 000,000,000 | ---D | C] -- C:\Program Files\PhotoScape

[2010/12/04 12:39:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Queness\Desktop\Foot

[2010/11/27 17:43:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Queness\Application Data\Oberon Media

[2010/11/27 17:43:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\GamesBar

[2010/11/27 17:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Oberon Media

[2010/11/27 17:43:42 | 000,000,000 | ---D | C] -- C:\Program Files\GamesBar

[2010/11/27 17:43:40 | 000,000,000 | ---D | C] -- C:\Program Files\Oberon Media

[2010/11/18 13:12:44 | 000,081,920 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/12/15 20:12:10 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/15 18:33:34 | 000,004,501 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\mbam-log-2010-12-15 (14-20-11).zip

[2010/12/15 18:32:54 | 000,003,916 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\Attach.zip

[2010/12/15 18:27:22 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl

[2010/12/15 18:27:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat

[2010/12/15 18:22:17 | 000,156,144 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml

[2010/12/15 18:16:47 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\dds.com

[2010/12/15 18:03:08 | 000,000,020 | ---- | M] () -- C:\Documents and Settings\Queness\defogger_reenable

[2010/12/15 14:29:35 | 000,000,223 | RHS- | M] () -- C:\boot.ini

[2010/12/15 14:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job

[2010/12/15 13:50:56 | 000,005,709 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\Evoken_send.doc

[2010/12/15 12:20:10 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job

[2010/12/15 09:24:09 | 068,961,391 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm

[2010/12/15 03:22:22 | 002,333,928 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT

[2010/12/15 03:05:13 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

[2010/12/08 22:07:03 | 000,143,360 | -H-- | M] () -- C:\Documents and Settings\Queness\Desktop\photothumb.db

[2010/12/08 01:17:29 | 000,001,136 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\Resume Download - Adobe_Photoshop_CS5_Extended__English_Windows.lnk

[2010/12/08 01:17:28 | 000,000,000 | -H-- | M] () -- C:\Documents and Settings\Queness\Desktop\Photoshop_12_LS1.7z.part

[2010/12/05 13:57:36 | 000,006,623 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\ZebraPinknotecard.1.jpg

[2010/12/05 13:36:43 | 000,463,872 | -H-- | M] () -- C:\Documents and Settings\Queness\My Documents\photothumb.db

[2010/12/05 13:36:14 | 000,028,489 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\img-thing.jpg

[2010/12/05 13:35:16 | 000,009,466 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\animal-print-border-blank-card-invitation.jpg

[2010/12/04 18:20:02 | 000,024,143 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\diamond-background-white1.jpg

[2010/12/04 12:58:58 | 000,000,724 | ---- | M] () -- C:\Documents and Settings\Queness\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk

[2010/12/04 12:58:58 | 000,000,706 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\PhotoScape.lnk

[2010/11/30 22:09:08 | 000,000,699 | ---- | M] () -- C:\WINDOWS\cdPlayer.ini

[2010/11/30 18:45:04 | 000,001,302 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\ss.ini

[2010/11/29 17:42:18 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys

[2010/11/29 17:42:06 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys

[2010/11/27 17:44:34 | 000,001,108 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\Pogo Games.lnk

[2010/11/24 11:59:06 | 000,045,103 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\native.jpg

[2010/11/23 04:24:04 | 000,235,397 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\red009.jpg

[2010/11/23 04:21:06 | 000,279,300 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\red008.jpg

[2010/11/23 03:24:40 | 000,243,799 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\nyxpurple.jpg

[2010/11/23 03:17:23 | 000,180,774 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\boyshorts-1.jpg

[2010/11/22 21:38:12 | 000,055,709 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\pin6-1.jpg

[2010/11/22 21:03:10 | 000,008,934 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\100-0609.gif

[2010/11/22 21:00:55 | 000,008,888 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\50-0609.gif

[2010/11/22 20:57:17 | 000,008,859 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\25-0609.gif

[2010/11/22 20:50:10 | 000,011,563 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\PEACE CATS.jpg

[2010/11/19 11:43:47 | 000,005,419 | ---- | M] () -- C:\Documents and Settings\Queness\Desktop\avatar18209_16.gif

[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\isign32.dll

[2010/11/18 13:12:44 | 000,081,920 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\isign32.dll

[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

[1 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/12/15 20:12:10 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat

[2010/12/15 18:33:34 | 000,004,501 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\mbam-log-2010-12-15 (14-20-11).zip

[2010/12/15 18:32:54 | 000,003,916 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\Attach.zip

[2010/12/15 18:16:46 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\dds.com

[2010/12/15 18:03:02 | 000,000,020 | ---- | C] () -- C:\Documents and Settings\Queness\defogger_reenable

[2010/12/15 12:24:33 | 000,005,709 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\Evoken_send.doc

[2010/12/11 10:26:54 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp

[2010/12/08 01:17:28 | 000,001,136 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\Resume Download - Adobe_Photoshop_CS5_Extended__English_Windows.lnk

[2010/12/08 01:17:28 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Queness\Desktop\Photoshop_12_LS1.7z.part

[2010/12/05 13:57:28 | 000,006,623 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\ZebraPinknotecard.1.jpg

[2010/12/05 13:36:14 | 000,028,489 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\img-thing.jpg

[2010/12/05 13:35:15 | 000,009,466 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\animal-print-border-blank-card-invitation.jpg

[2010/12/04 18:20:01 | 000,024,143 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\diamond-background-white1.jpg

[2010/12/04 12:59:48 | 000,143,360 | -H-- | C] () -- C:\Documents and Settings\Queness\Desktop\photothumb.db

[2010/12/04 12:58:58 | 000,000,724 | ---- | C] () -- C:\Documents and Settings\Queness\Application Data\Microsoft\Internet Explorer\Quick Launch\PhotoScape.lnk

[2010/12/04 12:58:58 | 000,000,706 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\PhotoScape.lnk

[2010/11/24 11:58:56 | 000,045,103 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\native.jpg

[2010/11/23 04:24:03 | 000,235,397 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\red009.jpg

[2010/11/23 04:21:05 | 000,279,300 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\red008.jpg

[2010/11/23 03:24:39 | 000,243,799 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\nyxpurple.jpg

[2010/11/23 03:17:22 | 000,180,774 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\boyshorts-1.jpg

[2010/11/22 21:38:12 | 000,055,709 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\pin6-1.jpg

[2010/11/22 21:03:10 | 000,008,934 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\100-0609.gif

[2010/11/22 21:00:55 | 000,008,888 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\50-0609.gif

[2010/11/22 20:57:17 | 000,008,859 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\25-0609.gif

[2010/11/22 20:50:08 | 000,011,563 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\PEACE CATS.jpg

[2010/11/19 11:43:42 | 000,005,419 | ---- | C] () -- C:\Documents and Settings\Queness\Desktop\avatar18209_16.gif

[2010/11/03 23:13:12 | 000,001,302 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini

[2010/08/08 08:39:54 | 000,000,452 | ---- | C] () -- C:\Program Files\080820109395460.bat

[2010/07/22 20:22:50 | 000,000,699 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini

[2009/06/23 02:04:00 | 000,000,197 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI

[2009/05/18 18:56:54 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\93266086.ini

[2009/05/17 11:49:46 | 000,052,224 | ---- | C] () -- C:\WINDOWS\System32\drivers\UACxaplngsmpuffdql.sys

[2008/01/02 00:33:56 | 000,001,403 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache

[2007/10/09 11:35:50 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI

[2007/04/30 06:41:00 | 000,017,920 | ---- | C] () -- C:\Documents and Settings\Queness\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

[2006/12/27 01:35:42 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll

[2006/12/27 01:35:41 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

[2006/12/27 01:35:41 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll

[2006/12/27 01:35:37 | 000,001,512 | ---- | C] () -- C:\WINDOWS\System32\WLAN.INI

[2006/12/27 01:18:26 | 000,135,168 | R--- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll

[2006/12/27 01:16:55 | 000,026,361 | ---- | C] () -- C:\WINDOWS\Ascd_log.ini

[2006/12/27 01:16:48 | 000,026,323 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini

[2006/12/27 01:16:48 | 000,005,810 | R--- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys

[2006/12/27 01:16:43 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS

[2006/12/26 22:37:53 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini

[2006/12/26 16:56:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI

[2006/10/22 15:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll

[2006/10/22 15:22:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll

[2006/10/22 15:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll

[2006/10/22 15:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll

[2006/10/22 15:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll

[2006/10/22 15:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll

[2006/10/22 15:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll

[2006/04/22 18:00:10 | 000,053,299 | ---- | C] () -- C:\WINDOWS\System32\pthreadVC.dll

[2002/05/17 17:18:30 | 000,124,928 | ---- | C] () -- C:\WINDOWS\System32\mp4fil32.dll

========== LOP Check ==========

[2009/04/04 19:18:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\2DBoy

[2010/08/31 07:30:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM

[2010/07/21 15:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AppRanger

[2009/07/31 05:52:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar

[2010/09/20 20:49:03 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ

[2010/11/13 20:56:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\cJhCp06301

[2010/06/12 20:20:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Deadtime Stories

[2010/07/04 10:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EA

[2010/06/12 22:26:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Electronic Arts

[2010/11/03 23:08:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP

[2010/11/28 02:24:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GamesBar

[2010/12/15 14:00:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\gKeBm06308

[2009/09/18 16:17:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft

[2010/07/11 16:20:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo

[2010/11/27 19:46:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Media

[2010/12/14 14:51:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\oKaCn06309

[2010/01/18 22:39:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pinnacle

[2010/08/07 17:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Playrix Entertainment

[2010/08/08 08:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Pogo

[2010/03/12 11:00:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Rumbic Studio

[2010/11/27 19:45:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP

[2010/12/16 14:03:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint

[2008/08/25 12:39:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WholeSecurity

[2010/08/08 13:27:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}

[2006/12/26 22:39:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\acccore

[2009/04/09 10:43:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Amazon

[2009/04/18 17:40:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Anabel

[2010/10/27 21:50:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\AskToolbar

[2010/09/20 20:50:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Canon

[2010/12/08 01:21:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\CBS Interactive

[2010/07/04 10:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\EA

[2010/07/03 13:24:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\funkitron

[2010/01/04 13:50:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\GetRightToGo

[2009/09/26 14:15:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\iWin

[2010/08/08 14:00:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\LimeWire

[2007/07/29 19:49:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Morpheus Software

[2010/07/22 20:17:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Musicmatch

[2010/11/27 17:44:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Oberon Media

[2010/12/04 23:16:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\PhotoScape

[2009/12/29 17:12:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Playrix Entertainment

[2010/08/08 08:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Pogo

[2009/10/09 16:06:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Pogo Games

[2010/01/25 18:10:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Skip-Bo

[2010/05/05 21:32:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Queness\Application Data\Viewpoint

[2010/12/15 14:01:00 | 000,000,238 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7E05A6E

@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09

@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F538558

@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB554F94

@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E7B4F69

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3F4C22C

@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B874BDDD

@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F34C507

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914

@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABD3B354

@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79

@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB

@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D458568

@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDAF118C

@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1969F3F5

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561

@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373C6DC2

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8C4808B

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC36F550

@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB

@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F72FAFBF

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEF919E6

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E748D4C

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3AB0B43

@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6987107A

@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D

< End of report >

[vastchoirs]

Extras.txt:

OTL Extras logfile created on: 12/16/2010 2:15:53 PM - Run 1

OTL by OldTimer - Version 3.2.17.3 Folder = C:\Documents and Settings\Queness\My Documents\Downloads

Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation

Internet Explorer (Version = 8.0.6001.18702)

Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 81.00% Memory free

3.00 Gb Paging File | 3.00 Gb Available in Paging File | 97.00% Paging File free

Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files

Drive C: | 37.26 Gb Total Space | 2.93 Gb Free Space | 7.86% Space Free | Partition Type: NTFS

Computer Name: CARRIE | User Name: Queness | Logged in as Administrator.

Boot Mode: SafeMode with Networking | Scan Mode: Current user

Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]

.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]

batfile [open] -- "%1" %*

cmdfile [open] -- "%1" %*

comfile [open] -- "%1" %*

exefile [open] -- "%1" %*

htafile [open] -- "%1" %*

htmlfile [edit] -- Reg Error: Key error.

piffile [open] -- "%1" %*

regfile [open] -- "%1" %*

regfile [merge] -- Reg Error: Key error.

scrfile [config] -- "%1"

scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)

scrfile [open] -- "%1" /S

txtfile [edit] -- Reg Error: Key error.

Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1

Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)

Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)

Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]

"FirstRunDisabled" = 1

"AntiVirusDisableNotify" = 0

"FirewallDisableNotify" = 0

"UpdatesDisableNotify" = 0

"AntiVirusOverride" = 0

"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]

"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]

"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]

"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]

"EnableFirewall" = 1

"DoNotAllowExceptions" = 0

"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

"3724:TCP" = 3724:TCP:*:Enabled:Blizzard Downloader: 3724

"80:TCP" = 80:TCP:*:Enabled:SYS32DLL

"7171:TCP" = 7171:TCP:*:Enabled:SYS32DLL

"1035:TCP" = 1035:TCP:*:Enabled:Akamai NetSession Interface

"5000:UDP" = 5000:UDP:*:Enabled:Akamai NetSession Interface

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\trlrm\RMHSvc.exe" = C:\WINDOWS\trlrm\RMHSvc.exe:*:Enabled:RMHSvc.exe -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

"%windir%\system32\sessmgr.exe" = %windir%\system32\sessmgr.exe:*:enabled:@xpsp2res.dll,-22019 -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)

"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)

"C:\Program Files\Common Files\AOL\acs\AOLDial.exe" = C:\Program Files\Common Files\AOL\acs\AOLDial.exe:*:Enabled:AOL Connectivity Service Dialer -- (AOL LLC)

"C:\Program Files\Common Files\AOL\acs\AOLacsd.exe" = C:\Program Files\Common Files\AOL\acs\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- (AOL LLC)

"C:\Program Files\AOL 9.0\waol.exe" = C:\Program Files\AOL 9.0\waol.exe:*:Enabled:AOL -- (AOL, LLC.)

"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)

"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)

"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found

"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)

"C:\Program Files\Common Files\AOL\1171930634\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1171930634\ee\aolsoftware.exe:*:Enabled:AOL Services -- (AOL LLC)

"C:\Documents and Settings\Queness\Local Settings\Application Data\Abacast\Abaclient.exe" = C:\Documents and Settings\Queness\Local Settings\Application Data\Abacast\Abaclient.exe:*:Enabled:Abaclient -- File not found

"C:\Program Files\Curse\CurseClient.exe" = C:\Program Files\Curse\CurseClient.exe:*:Enabled:Curse Client -- File not found

"C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe" = C:\Program Files\World of Warcraft\WoW-2.4.3-to-3.0.2-enUS-Win-Final-downloader.exe:*:Enabled:Blizzard Downloader -- (Blizzard Entertainment)

"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found

"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL, LLC.)

"C:\WINDOWS\system32\SYS32DLL.exe" = C:\WINDOWS\system32\SYS32DLL.exe:*:Disabled:SYS32DLL -- File not found

"C:\Program Files\AVG\AVG8\avgemc.exe" = C:\Program Files\AVG\AVG8\avgemc.exe:*:Enabled:avgemc.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgupd.exe" = C:\Program Files\AVG\AVG8\avgupd.exe:*:Enabled:avgupd.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\AVG\AVG8\avgnsx.exe" = C:\Program Files\AVG\AVG8\avgnsx.exe:*:Enabled:avgnsx.exe -- (AVG Technologies CZ, s.r.o.)

"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)

"C:\WINDOWS\trlrm\RMHSvc.exe" = C:\WINDOWS\trlrm\RMHSvc.exe:*:Enabled:RMHSvc.exe -- File not found

"C:\Program Files\AppRanger\SWTray.exe" = C:\Program Files\AppRanger\SWTray.exe:*:Enabled:SWTray Application -- File not found

"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)

"C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\RM.exe:*:Enabled:Render Manager -- File not found

"C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\umi.exe:*:Enabled:umi -- File not found

"C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe" = C:\Program Files\Pinnacle\VideoSpin\Programs\VideoSpin.exe:*:Enabled:Pinnacle VideoSpin -- File not found

"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)

"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)

"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- File not found

"C:\Program Files\Skype\Plugin Manager\skypePM.exe" = C:\Program Files\Skype\Plugin Manager\skypePM.exe:*:Enabled:Skype Extras Manager -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]

"{0CB9668D-F979-4F31-B8B8-67FE90F929F8}" = Bonjour

"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP210_series" = Canon MP210 series

"{197A3012-8C85-4FD3-AB66-9EC7E13DB92E}" = Adobe AIR

"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java 6 Update 22

"{3248F0A8-6813-11D6-A77B-00B0D0150100}" = J2SE Runtime Environment 5.0 Update 10

"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP

"{39F6E2B4-CFE8-C30A-66E8-489651F0F34C}" = Adobe Media Player

"{3D9892BB-A751-4E48-ADC8-E4289956CE1D}" = QuickTime

"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater

"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.5

"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable

"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053

"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries

"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable

"{85991ED2-010C-4930-96FA-52F43C2CE98A}" = Apple Mobile Device Support

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch

[Maniac]

• Run OTL.exe
  
• Under Custom Scans/Fixes post the following script:
  

:OTL
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=localhost:7171
F3 - HKCU WinNT: Load - (?) - File not found
F3 - HKCU WinNT: Run - (?) - File not found
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E7E05A6E
@Alternate Data Stream - 179 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7
@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 149 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F538558
@Alternate Data Stream - 146 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AB554F94
@Alternate Data Stream - 145 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6E7B4F69
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A3F4C22C
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B874BDDD
@Alternate Data Stream - 143 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2F34C507
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:B203B914
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ABD3B354
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB
@Alternate Data Stream - 137 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D458568
@Alternate Data Stream - 136 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0E660858
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FDAF118C
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1969F3F5
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:373C6DC2
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E8C4808B
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EC36F550
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F72FAFBF
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FEF919E6
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5E748D4C
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3AB0B43
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6987107A
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D

:files
C:\Documents and Settings\All Users\Application Data\gKeBm06308
C:\Documents and Settings\All Users\Application Data\cJhCp06301
C:\WINDOWS\System32\*.tmp
C:\WINDOWS\*.tmp
C:\Documents and Settings\All Users\Application Data\Viewpoint

:Commands
[purity]
[emptytemp]
[resethosts]

• Then click the Run Fix button at the top
  
• Let the program run unhindered,when it is done it will say "Fix Complete press ok to open log"
  
• Please post that log in your next reply.
  

[vastchoirs]

Okay, log results from running "Run Fix button" with the above copy and pasted info:

All processes killed

========== OTL ==========

HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer| /E : value set successfully!

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Load:? deleted successfully.

Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\Run:? deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:E7E05A6E deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:588B60C7 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:07348C09 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5F538558 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:AB554F94 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:6E7B4F69 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:A3F4C22C deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:2D0C22DC deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B874BDDD deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:2F34C507 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:D09AEE3D deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:B203B914 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:ABD3B354 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B059D79 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5EC637CB deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5D458568 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:0E660858 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:FDAF118C deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:1969F3F5 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:9B7E8561 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:373C6DC2 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:E8C4808B deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:EC36F550 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:4EFDF5FB deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:F72FAFBF deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:FEF919E6 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:5E748D4C deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:F3AB0B43 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:2A8A3140 deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:6987107A deleted successfully.

ADS C:\Documents and Settings\All Users\Application Data\TEMP:02C1CB6D deleted successfully.

========== FILES ==========

C:\Documents and Settings\All Users\Application Data\gKeBm06308 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\cJhCp06301 folder moved successfully.

C:\WINDOWS\System32\CONFIG.TMP moved successfully.

C:\WINDOWS\002759_.tmp moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9Plus folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell\AOL9 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\UserShell folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_03 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_02 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_01 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources\ResourceFolder_00 folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player\Resources folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\Viewpoint Media Player folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint\AxMetaStream_Win folder moved successfully.

C:\Documents and Settings\All Users\Application Data\Viewpoint folder moved successfully.

========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

->Flash cache emptied: 70 bytes

User: Default User

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 33170 bytes

->Flash cache emptied: 83 bytes

User: LocalService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 23977749 bytes

User: NetworkService

->Temp folder emptied: 0 bytes

->Temporary Internet Files folder emptied: 4707392 bytes

User: Queness

->Temp folder emptied: 54819640 bytes

->Temporary Internet Files folder emptied: 132843922 bytes

->Java cache emptied: 1851315241 bytes

->FireFox cache emptied: 59051929 bytes

->Flash cache emptied: 5643093 bytes

%systemdrive% .tmp files removed: 0 bytes

%systemroot% .tmp files removed: 0 bytes

%systemroot%\System32 .tmp files removed: 0 bytes

%systemroot%\System32\dllcache .tmp files removed: 0 bytes

%systemroot%\System32\drivers .tmp files removed: 0 bytes

Windows Temp folder emptied: 2292918 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 91210892 bytes

%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes

RecycleBin emptied: 8673318 bytes

Total Files Cleaned = 2,131.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.

HOSTS file reset successfully

OTL by OldTimer - Version 3.2.17.3 log created on 12162010_145901

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

[Maniac]

How are things now?

[vastchoirs]

Rebooted into regular mode and all seems okay right now. No system Tool coming up etc.

[vastchoirs]

I just have to find this Ask Toolbar. Since I'm not finding Programs and Features under Control Panel. But, I'm sure I can figure it out.

[Maniac]

Good!

About Ask toolbar, I saw it in your last log too.

"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar

If it is not there, we could clean it up with OTL.

[vastchoirs]

Yes, indeed, let's clean it with OTL. How do I go about doing that?

[Maniac]

I'll write a script. Post a new fresh OTL log.

[LDTate]

Due to the lack of feedback this topic is closed to prevent others from posting here. If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.

Other members who need assistance please start your own topic in a new thread. Thanks!