Can't remove Win32.Autorun.tmp

**alphabet_soup** · 2010-09-09, 06:43

Originally Posted by alphabet_soup

Hmmm...still didn't work! :(

After pressing OK again when I got the message about the Licence Agreement, this is what came up

Then I pressed "close" and the same error message showed up again.

^^^ Unfortunately I'm still getting this error...

**jmw3** · 2010-09-09, 07:28

Hi

Leave ComboFix for the time being.

OTL
Download OTL by Old Timer from Here & save it to your Desktop.

Double click on the icon to run it. Make sure all other windows are closed & to let it run uninterrupted
Click on Minimal Output at the top
Download the following file scan.txt to your Desktop - Click here to download it. You may need to right click on it and select "Save"
Double click inside the Custom Scan box at the bottom
A window will appear saying Click Ok to load a custom scan from a file or Cancel to cancel
Click the OK button and navigate to the file scan.txt which we just saved to your desktop
Select scan.txt & click Open. Writing will now appear under the Custom Scan box
Click the Quick Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long
- When the scan completes, it will open two notepad windows OTL.Txt & Extras.Txt. These are saved in the same location as OTL
- Copy/paste the contents of these files, one at a time & post them in your next reply

To post in next reply:
Contents of OTL.txt
Contents of Extras.txt
These are large logs, so one log per post please

**jmw3** · 2010-09-09, 07:33

What happens if you click Ignore on that message?

**alphabet_soup** · 2010-09-09, 07:37

Originally Posted by jmw3

What happens if you click Ignore on that message?

I haven't tried it; I assumed it would start running the scan without the Recovery Console?

Will do the OTL stuff now

**alphabet_soup** · 2010-09-09, 07:44

OTL Logs:

"OTL":

OTL logfile created on: 9/09/2010 3:40:18 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\willmonotti\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 470.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 4.24 Gb Free Space | 5.69% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILL
Current User Name: willmonotti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\willmonotti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\willmonotti\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\willmonotti\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (CiscoVpnInstallService) -- C:\DOCUME~1\WILLMO~1\LOCALS~1\TEMP\INSTAL~1.EXE File not found
SRV - (Ati HotKey Poller) -- C:\WINDOWS\System32\Ati2evxx.exe File not found
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (b57w2k) Broadcom NetLink (TM) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://trinity.unimelb.edu.au/portal
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwproxy.student.unimelb.edu.au:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.startup.homepage: "https://www.trinitycollege.vic.edu.au/portal/today/today.php"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.53
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.backup.ftp: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.ftp_port: 8000
FF - prefs.js..network.proxy.backup.gopher: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.gopher_port: 8000
FF - prefs.js..network.proxy.backup.socks: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.socks_port: 8000
FF - prefs.js..network.proxy.backup.ssl: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.ssl_port: 8000
FF - prefs.js..network.proxy.ftp: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.ssl_port: 8000
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/09 18:52:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/02/09 18:52:32 | 000,000,000 | ---D | M]

[2009/02/09 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Extensions
[2009/02/09 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\extensions
[2009/06/03 19:00:26 | 000,000,000 | ---D | M] (MediaWrap) -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2009/12/12 17:56:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/03/25 20:14:48 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\searchplugins\mozilla-add-ons.xml
[2009/05/22 01:42:46 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\searchplugins\youtube.xml
[2009/02/09 18:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 23:02:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/23 23:01:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/12 18:57:14 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 18:57:14 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 18:57:14 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 18:57:14 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/11/20 21:35:48 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] File not found
O4 - HKCU..\Run: [akvwx] C:\WINDOWS\System32\e1vbg3sn.exe File not found
O4 - HKCU..\Run: [cito0] C:\WINDOWS\System32\chxd60flvr.exe File not found
O4 - HKCU..\Run: [cydo8] C:\WINDOWS\System32\cttuzf81.exe File not found
O4 - HKCU..\Run: [dezpq] C:\WINDOWS\System32\w2xyt081alm.exe File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [dzuklg2] C:\WINDOWS\System32\rsnt66k8708.exe File not found
O4 - HKCU..\Run: [dzuva] C:\WINDOWS\System32\1epqlr8.exe File not found
O4 - HKCU..\Run: [ezqqlcc] C:\WINDOWS\System32\oojaavmmhy.exe File not found
O4 - HKCU..\Run: [faawmm] C:\WINDOWS\System32\3wwriid.exe File not found
O4 - HKCU..\Run: [falhcc] C:\WINDOWS\System32\1qmmhyy.exe File not found
O4 - HKCU..\Run: [hcyytkk] C:\WINDOWS\System32\qlccxoojaa.exe File not found
O4 - HKCU..\Run: [hxdtp] C:\WINDOWS\System32\hm2noj081q.exe File not found
O4 - HKCU..\Run: [lbhc6y] C:\WINDOWS\System32\lr2xd2jk.exe File not found
O4 - HKCU..\Run: [llmcdi] C:\WINDOWS\System32\bm5hdyuu.exe File not found
O4 - HKCU..\Run: [mcdi3e] C:\WINDOWS\System32\bm86y3pl.exe File not found
O4 - HKCU..\Run: [mmiyy6k] C:\WINDOWS\System32\fwwriiduupg.exe File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [nojpk0r] C:\WINDOWS\System32\0jff66w.exe File not found
O4 - HKCU..\Run: [pkkgww] C:\WINDOWS\System32\ni1eaavmmh.exe File not found
O4 - HKCU..\Run: [qhxiioj] C:\WINDOWS\System32\1cdi81u.exe File not found
O4 - HKCU..\Run: [rcc86] C:\WINDOWS\System32\q1gw1ni13p.exe File not found
O4 - HKCU..\Run: [snoejuf] C:\WINDOWS\System32\86y2ff6.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [teea6r] C:\WINDOWS\System32\w39ee5v1wb.exe File not found
O4 - HKCU..\Run: [tkkfww] C:\WINDOWS\System32\i1eaavmmhy.exe File not found
O4 - HKCU..\Run: [upggbs] C:\WINDOWS\System32\dzpplbbxnn.exe File not found
O4 - HKCU..\Run: [uplbbxc] C:\WINDOWS\System32\pff69m1i.exe File not found
O4 - HKCU..\Run: [vgr60] C:\WINDOWS\System32\6xc81oz.exe File not found
O4 - HKCU..\Run: [vqwxin] C:\WINDOWS\System32\60niy1p.exe File not found
O4 - HKCU..\Run: [wbxxoo3] C:\WINDOWS\System32\0xdyep0.exe File not found
O4 - HKCU..\Run: [wcxtoeu] C:\WINDOWS\System32\70i1zuv.exe File not found
O4 - HKCU..\Run: [wrmns] C:\WINDOWS\System32\60xs0zf.exe File not found
O4 - HKCU..\Run: [xdtyuua] C:\WINDOWS\System32\vlw2nyojzav.exe File not found
O4 - HKCU..\Run: [xsoo8] C:\WINDOWS\System32\sndu1klq.exe File not found
O4 - HKCU..\Run: [yuupgg] C:\WINDOWS\System32\ytkkfwwr.exe File not found
O4 - HKCU..\Run: [yzpf0w] C:\WINDOWS\System32\n20zvfbw.exe File not found
O4 - HKCU..\Run: [zaflw] C:\WINDOWS\System32\70bxny1.exe File not found
O4 - HKCU..\Run: [zuvqm] C:\WINDOWS\System32\kkfwwrii.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\willmonotti\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.28.240.18 203.28.240.20
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\willmonotti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\willmonotti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/24 15:15:44 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0198223c-57e9-11de-a977-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{0198223c-57e9-11de-a977-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{095707e1-8304-11de-a97c-b956f7f66bd7}\Shell - "" = AutoRun
O33 - MountPoints2\{095707e1-8304-11de-a97c-b956f7f66bd7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0cdf25b0-dbc3-11de-a988-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{0cdf25b0-dbc3-11de-a988-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{688fe0c4-ec8b-11de-a99e-0013ce34ce68}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/04 05:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{86e28224-3f1b-11df-a9cb-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{86e28224-3f1b-11df-a9cb-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86e28225-3f1b-11df-a9cb-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{86e28225-3f1b-11df-a9cb-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{b3de1543-7cf9-11df-a9e1-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{b3de1543-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c092c4e6-4125-11df-a9cd-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{c092c4e6-4125-11df-a9cd-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7ad71ec-5c09-11de-a978-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ad71ec-5c09-11de-a978-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca9e7a78-f678-11dd-a94f-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{ca9e7a78-f678-11dd-a94f-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbc09e98-fe3a-11dd-a953-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc09e98-fe3a-11dd-a953-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e03ecff4-2297-11de-a963-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{e03ecff4-2297-11de-a963-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ywyyitdy - C:\WINDOWS\system32\gnhnveo.dll ()

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 15:37:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\willmonotti\Desktop\OTL.exe
[2010/09/09 15:36:36 | 000,000,000 | --SD | C] -- C:\commy
[2010/09/08 22:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Application Data\Malwarebytes
[2010/09/08 22:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 22:11:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 22:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/08 22:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/08 22:10:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\willmonotti\Desktop\mbam-setup.exe
[2010/09/08 19:57:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/08 19:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/08 19:54:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/08 19:54:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/08 19:54:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/08 14:35:50 | 000,000,000 | -HSD | C] -- C:\FOUND.031
[2010/09/08 14:24:32 | 000,000,000 | -HSD | C] -- C:\FOUND.030
[2010/09/08 13:57:30 | 000,000,000 | -HSD | C] -- C:\FOUND.029
[2010/09/08 13:43:06 | 000,000,000 | -HSD | C] -- C:\FOUND.028
[2010/09/06 14:43:12 | 000,000,000 | -HSD | C] -- C:\FOUND.027
[2010/09/05 12:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/05 12:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/05 12:16:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\willmonotti\Desktop\erunt-setup.exe
[2010/09/03 23:25:36 | 000,000,000 | -HSD | C] -- C:\FOUND.026
[2010/09/02 22:08:00 | 000,000,000 | -HSD | C] -- C:\FOUND.025
[2010/09/01 23:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/09/01 23:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/01 14:55:38 | 000,000,000 | -HSD | C] -- C:\FOUND.024
[2010/08/31 23:58:24 | 000,000,000 | -HSD | C] -- C:\FOUND.023
[2010/08/31 19:41:40 | 000,000,000 | -HSD | C] -- C:\FOUND.022
[2010/08/31 18:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\My Documents\My eBooks
[2010/08/27 21:22:10 | 000,000,000 | -HSD | C] -- C:\FOUND.021
[2010/08/26 23:15:04 | 000,000,000 | -HSD | C] -- C:\FOUND.020
[2010/08/26 14:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Desktop\VPN
[2010/07/31 13:44:48 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2010/07/31 10:40:54 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2010/07/31 01:34:08 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2010/07/27 01:23:50 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2010/07/26 19:15:58 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2010/07/24 15:16:26 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2010/07/03 11:22:10 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010/06/30 17:10:22 | 000,000,000 | ---D | C] -- C:\CyberFoot2007
[2010/06/30 16:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\SuperSoccerManager 2005
[2010/06/29 23:56:04 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/06/29 23:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/06/21 16:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\Western_Digital
[2010/06/21 16:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Application Data\Western Digital
[2010/06/21 16:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/06/21 16:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/06/21 16:01:31 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/06/21 16:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/06/21 15:58:02 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/06/21 15:57:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/06/21 15:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\Western Digital
[2010/06/16 20:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\My Documents\Downloads
[2010/06/16 20:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\Temp
[2010/06/14 23:25:24 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2008/08/29 14:00:00 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2008/08/29 14:00:00 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsi.exe

========== Files - Modified Within 90 Days ==========

[2010/09/09 15:37:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\willmonotti\Desktop\OTL.exe
[2010/09/09 15:00:40 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/09 14:30:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/09 14:29:50 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\willmonotti\Desktop\commy.exe
[2010/09/09 14:24:22 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/09/09 14:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/09 14:23:20 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 10:29:50 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/09/09 10:24:02 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\willmonotti\NTUSER.DAT
[2010/09/09 10:24:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\willmonotti\ntuser.ini
[2010/09/09 00:47:02 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089067542-3450742136-2425182029-1004Core1cb4c3f70ac632c.job
[2010/09/08 22:11:22 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 22:10:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\willmonotti\Desktop\mbam-setup.exe
[2010/09/08 13:04:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\umsywfnu.exe
[2010/09/08 12:00:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/09/08 11:57:40 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\VPN Client.lnk
[2010/09/08 00:40:18 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 12:25:04 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\willmonotti\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/05 12:16:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\willmonotti\Desktop\erunt-setup.exe
[2010/09/05 12:15:44 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\dds.scr
[2010/09/02 22:28:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/01 23:57:52 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2010/09/01 19:56:14 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/30 14:18:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/22 20:09:32 | 000,002,238 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\Google Chrome.lnk
[2010/08/22 20:09:32 | 000,002,216 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/03 17:15:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/30 17:10:24 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\CyberFoot 2007.lnk
[2010/06/21 16:01:38 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/06/21 16:01:38 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/06/21 16:01:00 | 000,411,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/21 16:01:00 | 000,397,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/21 16:01:00 | 000,060,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/16 19:58:30 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

========== Files Created - No Company Name ==========

[2010/09/09 14:29:48 | 003,840,723 | R--- | C] () -- C:\Documents and Settings\willmonotti\Desktop\commy.exe
[2010/09/08 22:11:21 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 19:54:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/08 19:54:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/08 19:54:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/08 19:54:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/08 19:54:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 13:04:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\umsywfnu.exe
[2010/09/05 12:25:03 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\willmonotti\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/05 12:15:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\dds.scr
[2010/09/05 00:42:46 | 000,000,950 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089067542-3450742136-2425182029-1004Core1cb4c3f70ac632c.job
[2010/06/30 17:10:22 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\CyberFoot 2007.lnk
[2010/06/21 16:01:37 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/06/21 16:01:37 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/06/16 20:04:19 | 000,002,238 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\Google Chrome.lnk
[2010/06/16 20:04:19 | 000,002,216 | ---- | C] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2009/04/19 22:12:37 | 000,001,127 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/04/03 13:26:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/11 00:07:05 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ds467.dll
[2009/02/14 22:30:45 | 000,175,616 | ---- | C] () -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 11:46:40 | 000,000,700 | ---- | C] () -- C:\Program Files\studentVPN.pcf
[2008/08/29 14:00:22 | 000,001,073 | ---- | C] () -- C:\Program Files\sig.dat
[2008/08/29 14:00:20 | 000,001,099 | ---- | C] () -- C:\Program Files\vpnclient_setup.ini
[2008/08/29 14:00:18 | 000,052,224 | ---- | C] () -- C:\Program Files\vpnclient_jp.mst
[2008/08/29 14:00:06 | 010,935,808 | ---- | C] () -- C:\Program Files\vpnclient_setup.msi
[2008/08/29 14:00:04 | 000,051,200 | ---- | C] () -- C:\Program Files\vpnclient_fc.mst
[2008/08/29 14:00:00 | 000,000,819 | ---- | C] () -- C:\Program Files\vpnclient_setup.sms
[2008/08/29 14:00:00 | 000,000,640 | ---- | C] () -- C:\Program Files\vpnclient_setup.pdf
[2008/08/29 13:59:58 | 000,056,832 | ---- | C] () -- C:\Program Files\vpnclient_setup.exe
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/08/29 13:58:04 | 000,221,315 | ---- | C] () -- C:\Program Files\installservice.exe
[2008/08/29 13:57:32 | 000,016,505 | ---- | C] () -- C:\Program Files\DelayInst.exe
[2005/05/26 09:49:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/26 09:35:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/05/26 09:35:18 | 000,000,329 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/05/26 09:31:07 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/05/24 15:16:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/05/24 15:02:43 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/05/24 15:02:39 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/24 14:58:31 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/24 14:50:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/24 14:35:43 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/05/24 14:35:29 | 000,160,603 | RHS- | C] () -- C:\WINDOWS\System32\gnhnveo.dll
[2005/05/24 14:35:27 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI

========== LOP Check ==========

[2009/02/12 21:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/02/14 21:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/01 00:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/07 21:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/30 01:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/06/21 16:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/02/14 22:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\USM2
[2009/02/18 22:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\uTorrent
[2009/07/02 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\gtk-2.0
[2009/10/19 19:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Audacity
[2009/11/22 17:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\foobar2000
[2009/12/07 21:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\acccore
[2010/03/07 01:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Windows Search
[2010/06/21 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Western Digital
[2010/09/02 22:28:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/08 12:00:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\PerfectOptimizer_home.job
[2010/03/25 00:07:32 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/05/26 11:33:48 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/01 23:57:52 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2005/05/24 14:53:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/05/24 15:15:44 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/05/24 14:53:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/05/24 14:53:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/05/26 11:34:00 | 000,000,003 | ---- | M] () -- C:\PRELOAD.TAG
[2010/09/09 14:23:20 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/30 00:48:10 | 000,012,540 | ---- | M] () -- C:\aaw7boot.log
[2009/07/12 00:02:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/12 00:02:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/17 11:34:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/17 11:34:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/03 12:34:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/03 12:34:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/19 13:58:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/19 13:58:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/21 15:15:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/21 15:15:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/23 15:08:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/08/23 15:08:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/10/19 19:18:16 | 000,009,312 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2009/12/07 21:45:34 | 000,000,397 | -H-- | M] () -- C:\IPH.PH
[2010/09/09 14:23:18 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/05/24 14:52:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/06/14 11:25:16 | 000,187,392 | ---- | M] () -- C:\WINDOWS\Acer.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/08/29 14:00:06 | 010,935,808 | ---- | M] () -- C:\Program Files\vpnclient_setup.msi
[2008/08/29 14:00:00 | 000,000,640 | ---- | M] () -- C:\Program Files\vpnclient_setup.pdf
[2008/08/29 14:00:00 | 000,000,819 | ---- | M] () -- C:\Program Files\vpnclient_setup.sms
[2008/08/29 13:57:32 | 000,016,505 | ---- | M] () -- C:\Program Files\DelayInst.exe
[2008/08/29 13:58:04 | 000,221,315 | ---- | M] () -- C:\Program Files\installservice.exe
[2008/08/29 14:00:00 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\instmsi.exe
[2008/08/29 14:00:00 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2008/08/29 14:00:22 | 000,001,073 | ---- | M] () -- C:\Program Files\sig.dat
[2008/08/29 14:00:04 | 000,051,200 | ---- | M] () -- C:\Program Files\vpnclient_fc.mst
[2008/08/29 14:00:18 | 000,052,224 | ---- | M] () -- C:\Program Files\vpnclient_jp.mst
[2008/08/29 13:59:58 | 000,056,832 | ---- | M] () -- C:\Program Files\vpnclient_setup.exe
[2008/08/29 14:00:20 | 000,001,099 | ---- | M] () -- C:\Program Files\vpnclient_setup.ini
[2008/10/16 11:46:40 | 000,000,700 | ---- | M] () -- C:\Program Files\studentVPN.pcf

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/05/24 14:42:34 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/05/24 14:42:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/05/24 14:42:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/05/24 14:53:24 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/08 06:41:04 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/05/24 14:59:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/08 13:04:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\umsywfnu.exe
[2010/09/05 12:16:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\willmonotti\Desktop\erunt-setup.exe
[2010/09/09 14:29:50 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\willmonotti\Desktop\commy.exe
[2010/09/09 15:37:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\willmonotti\Desktop\OTL.exe
[2010/09/08 22:10:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\willmonotti\Desktop\mbam-setup.exe
[2010/03/07 01:12:46 | 005,520,400 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\willmonotti\Desktop\WindowsSearch-KB940157-XP-x86-enu.exe
[1997/10/06 21:15:48 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\Join32.exe
[2010/03/01 22:12:12 | 016,492,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\willmonotti\Desktop\jre-6u18-windows-i586-s.exe
[1997/10/06 21:22:28 | 000,033,024 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\JOIN16.EXE
[2009/11/30 01:25:04 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\willmonotti\Desktop\spybotsd162.exe
[2009/11/30 00:55:20 | 000,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\willmonotti\Desktop\avast_home_setup.exe
[2009/04/04 18:03:12 | 526,428,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\willmonotti\Desktop\X12-30307.exe
[2009/04/11 17:26:22 | 001,234,120 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\wrar380.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/08 06:41:04 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\willmonotti\Favorites\Desktop.ini
[2009/03/11 00:06:58 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\willmonotti\Favorites\First Principles of Business Law.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/09 15:00:42 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\willmonotti\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 05:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2004/08/04 01:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/12/25 08:15:38 | 000,345,983 | ---- | M] () -- C:\WINDOWS\system\RCDsetup.exe

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

**alphabet_soup** · 2010-09-09, 07:46

"Extras":

OTL Extras logfile created on: 9/09/2010 3:40:18 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\willmonotti\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 470.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 4.24 Gb Free Space | 5.69% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILL
Current User Name: willmonotti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --playlist-enqueue "%1" ()
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MICROS~2\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Directory [PlayWithVLC] -- C:\Program Files\VideoLAN\VLC\vlc.exe --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3453:TCP" = 3453:TCP:*:Enabled:huxutzgk
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"3389:TCP" = 3389:TCP:*:Enabled:@xpsp2res.dll,-22009
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\DC++\DCPlusPlus.exe" = C:\Program Files\DC++\DCPlusPlus.exe:*:Enabled:DC++ -- ()
"C:\Documents and Settings\willmonotti\Desktop\utorrent.exe" = C:\Documents and Settings\willmonotti\Desktop\utorrent.exe:*:Enabled:µTorrent -- File not found

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"{232DB76D-4751-41A9-9EC2-CDC0DAC1FAB6}" = WD SmartWare
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 20
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"{3C80C102-40C7-4119-B786-7765936F8472}" = First Principles of Business Law
"{3FA365DF-2D68-45ED-8F83-8C8A33E65143}" = Apple Application Support
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}" = Cisco Systems VPN Client 5.0.04.0300
"{5D601655-6D54-4384-B52C-17EC5385FBBD}" = iTunes
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{8355F970-601D-442D-A79B-1D7DB4F24CAD}" = Apple Mobile Device Support
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel(R) Graphics Media Accelerator Driver for Mobile
"{8B7917E0-AF55-4E8A-9473-017F0AA03AC8}" = QuickTime
"{8F432F86-A16B-42DA-B5F5-FE4CB7257814}" = Skills-Task 2 Feedback
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{91120000-002E-0000-0000-0000000FF1CE}" = Microsoft Office Ultimate 2007
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{A5181519-9F3D-4372-ABC6-C333C2F3A816}_is1" = RunAlyzer
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{C5C649A8-1D21-4C83-9B08-7B3752E580F4}" = Safari
"{E2883E8F-472F-4fb0-9522-AC9BF37916A7}" = Adobe Download Manager
"{F1B8DB67-D30E-4FF9-A85F-3CEE51825AA2}" = SMSC IrCC V5.1.3600.5 SP2
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AIM Search" = AIM Search
"AIM_7" = AIM 7
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.9 (Unicode)
"CNXT_MODEM_PCI_VEN_8086&DEV_266D&SUBSYS_00811025" = SoftV90 Data Fax Modem with SmartCP
"DC++" = DC++ 0.7091
"Elantech" = KTP Ware PS/2-WDM 5.0.1.2
"ERUNT_is1" = ERUNT 1.1j
"foobar2000" = foobar2000 v0.9.6.9
"InstallShield_{1577A05B-EE62-4BBC-9DB7-FE748FA44EC2}" = NTI CD & DVD-Maker
"InstallShield_{385979FE-DC4F-4140-8EAD-A59625000D72}" = NTI Backup NOW! 4
"LAME for Audacity_is1" = LAME v3.98.2 for Audacity
"LastFM_is1" = Last.fm 1.5.4.24567
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.6.3)" = Mozilla Firefox (3.6.3)
"OGG MP3 Converter" = OGG MP3 Converter 3.2 build 827
"Protected Music Converter_is1" = Protected Music Converter 1.0.0.21
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Totalcmd" = Total Commander (Remove or Repair)
"Trillian" = Trillian
"ULTIMATER" = Microsoft Office Ultimate 2007
"VLC media player" = VLC media player 0.9.8a
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"XiphQT" = Xiph QuickTime Components

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome
"Universal Soccer Manager 2" = Universal Soccer Manager 2

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 7/09/2010 11:57:51 PM | Computer Name = WILL | Source = CiscoVpnInstallService | ID = 0
Description =

Error - 8/09/2010 12:06:49 AM | Computer Name = WILL | Source = CiscoVpnInstallService | ID = 0
Description =

Error - 8/09/2010 12:15:49 AM | Computer Name = WILL | Source = CiscoVpnInstallService | ID = 0
Description =

Error - 8/09/2010 12:24:57 AM | Computer Name = WILL | Source = CiscoVpnInstallService | ID = 0
Description =

Error - 8/09/2010 12:36:11 AM | Computer Name = WILL | Source = CiscoVpnInstallService | ID = 0
Description =

Error - 8/09/2010 12:45:32 AM | Computer Name = WILL | Source = CiscoVpnInstallService | ID = 0
Description =

Error - 8/09/2010 2:30:06 AM | Computer Name = WILL | Source = CiscoVpnInstallService | ID = 0
Description =

Error - 8/09/2010 3:04:21 AM | Computer Name = WILL | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.6.2.46, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/09/2010 3:04:26 AM | Computer Name = WILL | Source = Application Hang | ID = 1001
Description = Fault bucket 1116954496.

Error - 8/09/2010 7:44:14 PM | Computer Name = WILL | Source = Google Update | ID = 20
Description =

[ OSession Events ]
Error - 30/06/2009 10:26:25 AM | Computer Name = WILL | Source = Microsoft Office 12 Sessions | ID = 7001
Description = ID: 0, Application Name: Microsoft Office Word, Application Version:
12.0.4518.1014, Microsoft Office Version: 12.0.4518.1014. This session lasted 216517
seconds with 240 seconds of active time. This session ended with a crash.

[ System Events ]
Error - 8/09/2010 8:28:45 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7000
Description = The Cisco Systems, Inc. Installer service service failed to start
due to the following error: %%2

Error - 8/09/2010 8:28:45 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7023
Description = The System Monitor service terminated with the following error: %%1114

Error - 8/09/2010 8:28:45 PM | Computer Name = WILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
IntelIde Lbd

Error - 9/09/2010 12:24:16 AM | Computer Name = WILL | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service BITS with arguments
"" in order to run the server: {4991D34B-80A1-4291-83B6-3328366B9097}

Error - 9/09/2010 12:25:00 AM | Computer Name = WILL | Source = Service Control Manager | ID = 7000
Description = The Ati HotKey Poller service failed to start due to the following
error: %%2

Error - 9/09/2010 12:25:00 AM | Computer Name = WILL | Source = Service Control Manager | ID = 7000
Description = The Cisco Systems, Inc. Installer service service failed to start
due to the following error: %%2

Error - 9/09/2010 12:25:00 AM | Computer Name = WILL | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the WD SmartWare Background
Service service to connect.

Error - 9/09/2010 12:25:00 AM | Computer Name = WILL | Source = Service Control Manager | ID = 7023
Description = The System Monitor service terminated with the following error: %%1114

Error - 9/09/2010 12:25:00 AM | Computer Name = WILL | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Lbd

Error - 9/09/2010 12:27:42 AM | Computer Name = WILL | Source = MRxSmb | ID = 8003
Description = The master browser has received a server announcement from the computer
KAT-PC that believes that it is the master browser for the domain on transport NetBT_Tcpip_{773F261F-5C09-4150-B9.
The
master browser is stopping or an election is being forced.

< End of report >

**jmw3** · 2010-09-09, 11:29

Hi

Warning: Please note that this fix is specific for this poster & should not be used by anyone else.

Backup Your Registry with ERUNT

Download ERUNT from here & follow the installation prompts
Uncheck Create NTREGOPT desktop icon at the Additional Tasks screen. Click No when prompted to create an ERUNT entry in the startup folder.
Double click the Erunt icon on your desktop to open the program then click OK at the prompt
Use the default settings unless there is more than one user account. (If more the one user account tick Other open user registries in Backup Options)
Click OK

The following instruction should only be carried out if you need to restore the registry backup:
Navigate to the folder where the backup is saved
Double click on ERDNT.exe then OK
When the program opens click OK

Run Fix With OTL
Highlight the following in the code box and press Ctrl+C on the keyboard
Make sure you include the first colon (:)

Code:

:Commands
[CreateRestorePoint]
:Files
C:\WINDOWS\system32\gnhnveo.dll
:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"3453:TCP" =-
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Documents and Settings\willmonotti\Desktop\utorrent.exe" =-
:otl
SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (CiscoVpnInstallService) -- C:\DOCUME~1\WILLMO~1\LOCALS~1\TEMP\INSTAL~1.EXE File not found
SRV - (Ati HotKey Poller) -- C:\WINDOWS\System32\Ati2evxx.exe File not found
DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe File not found
O4 - HKLM..\Run: [SoundMan] File not found
O4 - HKCU..\Run: [akvwx] C:\WINDOWS\System32\e1vbg3sn.exe File not found
O4 - HKCU..\Run: [cito0] C:\WINDOWS\System32\chxd60flvr.exe File not found
O4 - HKCU..\Run: [cydo8] C:\WINDOWS\System32\cttuzf81.exe File not found
O4 - HKCU..\Run: [dezpq] C:\WINDOWS\System32\w2xyt081alm.exe File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [dzuklg2] C:\WINDOWS\System32\rsnt66k8708.exe File not found
O4 - HKCU..\Run: [dzuva] C:\WINDOWS\System32\1epqlr8.exe File not found
O4 - HKCU..\Run: [ezqqlcc] C:\WINDOWS\System32\oojaavmmhy.exe File not found
O4 - HKCU..\Run: [faawmm] C:\WINDOWS\System32\3wwriid.exe File not found
O4 - HKCU..\Run: [falhcc] C:\WINDOWS\System32\1qmmhyy.exe File not found
O4 - HKCU..\Run: [hcyytkk] C:\WINDOWS\System32\qlccxoojaa.exe File not found
O4 - HKCU..\Run: [hxdtp] C:\WINDOWS\System32\hm2noj081q.exe File not found
O4 - HKCU..\Run: [lbhc6y] C:\WINDOWS\System32\lr2xd2jk.exe File not found
O4 - HKCU..\Run: [llmcdi] C:\WINDOWS\System32\bm5hdyuu.exe File not found
O4 - HKCU..\Run: [mcdi3e] C:\WINDOWS\System32\bm86y3pl.exe File not found
O4 - HKCU..\Run: [mmiyy6k] C:\WINDOWS\System32\fwwriiduupg.exe File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [nojpk0r] C:\WINDOWS\System32\0jff66w.exe File not found
O4 - HKCU..\Run: [pkkgww] C:\WINDOWS\System32\ni1eaavmmh.exe File not found
O4 - HKCU..\Run: [qhxiioj] C:\WINDOWS\System32\1cdi81u.exe File not found
O4 - HKCU..\Run: [rcc86] C:\WINDOWS\System32\q1gw1ni13p.exe File not found
O4 - HKCU..\Run: [snoejuf] C:\WINDOWS\System32\86y2ff6.exe File not found
O4 - HKCU..\Run: [teea6r] C:\WINDOWS\System32\w39ee5v1wb.exe File not found
O4 - HKCU..\Run: [tkkfww] C:\WINDOWS\System32\i1eaavmmhy.exe File not found
O4 - HKCU..\Run: [upggbs] C:\WINDOWS\System32\dzpplbbxnn.exe File not found
O4 - HKCU..\Run: [uplbbxc] C:\WINDOWS\System32\pff69m1i.exe File not found
O4 - HKCU..\Run: [vgr60] C:\WINDOWS\System32\6xc81oz.exe File not found
O4 - HKCU..\Run: [vqwxin] C:\WINDOWS\System32\60niy1p.exe File not found
O4 - HKCU..\Run: [wbxxoo3] C:\WINDOWS\System32\0xdyep0.exe File not found
O4 - HKCU..\Run: [wcxtoeu] C:\WINDOWS\System32\70i1zuv.exe File not found
O4 - HKCU..\Run: [wrmns] C:\WINDOWS\System32\60xs0zf.exe File not found
O4 - HKCU..\Run: [xdtyuua] C:\WINDOWS\System32\vlw2nyojzav.exe File not found
O4 - HKCU..\Run: [xsoo8] C:\WINDOWS\System32\sndu1klq.exe File not found
O4 - HKCU..\Run: [yuupgg] C:\WINDOWS\System32\ytkkfwwr.exe File not found
O4 - HKCU..\Run: [yzpf0w] C:\WINDOWS\System32\n20zvfbw.exe File not found
O4 - HKCU..\Run: [zaflw] C:\WINDOWS\System32\70bxny1.exe File not found
O4 - HKCU..\Run: [zuvqm] C:\WINDOWS\System32\kkfwwrii.exe File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O32 - AutoRun File - [2005/05/24 15:15:44 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0198223c-57e9-11de-a977-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{0198223c-57e9-11de-a977-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{095707e1-8304-11de-a97c-b956f7f66bd7}\Shell - "" = AutoRun
O33 - MountPoints2\{095707e1-8304-11de-a97c-b956f7f66bd7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0cdf25b0-dbc3-11de-a988-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{0cdf25b0-dbc3-11de-a988-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{688fe0c4-ec8b-11de-a99e-0013ce34ce68}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/04 05:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{86e28224-3f1b-11df-a9cb-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{86e28224-3f1b-11df-a9cb-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86e28225-3f1b-11df-a9cb-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{86e28225-3f1b-11df-a9cb-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{b3de1543-7cf9-11df-a9e1-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{b3de1543-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c092c4e6-4125-11df-a9cd-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{c092c4e6-4125-11df-a9cd-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7ad71ec-5c09-11de-a978-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ad71ec-5c09-11de-a978-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca9e7a78-f678-11dd-a94f-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{ca9e7a78-f678-11dd-a94f-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbc09e98-fe3a-11dd-a953-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc09e98-fe3a-11dd-a953-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e03ecff4-2297-11de-a963-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{e03ecff4-2297-11de-a963-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ywyyitdy - C:\WINDOWS\system32\gnhnveo.dll ()
[2010/09/09 15:36:36 | 000,000,000 | --SD | C] -- C:\commy
[2010/09/08 14:35:50 | 000,000,000 | -HSD | C] -- C:\FOUND.031
[2010/09/08 14:24:32 | 000,000,000 | -HSD | C] -- C:\FOUND.030
[2010/09/08 13:57:30 | 000,000,000 | -HSD | C] -- C:\FOUND.029
[2010/09/08 13:43:06 | 000,000,000 | -HSD | C] -- C:\FOUND.028
[2010/09/06 14:43:12 | 000,000,000 | -HSD | C] -- C:\FOUND.027
[2010/09/03 23:25:36 | 000,000,000 | -HSD | C] -- C:\FOUND.026
[2010/09/02 22:08:00 | 000,000,000 | -HSD | C] -- C:\FOUND.025
[2010/09/01 14:55:38 | 000,000,000 | -HSD | C] -- C:\FOUND.024
[2010/08/31 23:58:24 | 000,000,000 | -HSD | C] -- C:\FOUND.023
[2010/08/31 19:41:40 | 000,000,000 | -HSD | C] -- C:\FOUND.022
[2010/08/27 21:22:10 | 000,000,000 | -HSD | C] -- C:\FOUND.021
[2010/08/26 23:15:04 | 000,000,000 | -HSD | C] -- C:\FOUND.020
[2010/07/31 13:44:48 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2010/07/31 10:40:54 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2010/07/31 01:34:08 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2010/07/27 01:23:50 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2010/07/26 19:15:58 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2010/07/24 15:16:26 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2010/07/03 11:22:10 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010/06/29 23:56:04 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/06/29 23:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/06/14 23:25:24 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2010/09/08 12:00:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2009/03/11 00:07:05 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ds467.dll
[2009/02/18 22:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\uTorrent
[2009/10/19 19:18:16 | 000,009,312 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2010/09/05 12:16:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\willmonotti\Desktop\erunt-setup.exe
[2010/09/09 14:29:50 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\willmonotti\Desktop\commy.exe
[2010/09/08 22:10:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\willmonotti\Desktop\mbam-setup.exe
[2010/03/07 01:12:46 | 005,520,400 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\willmonotti\Desktop\WindowsSearch-KB940157-XP-x86-enu.exe
[2010/03/01 22:12:12 | 016,492,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\willmonotti\Desktop\jre-6u18-windows-i586-s.exe
[2009/11/30 01:25:04 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\willmonotti\Desktop\spybotsd162.exe
[2009/11/30 00:55:20 | 000,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\willmonotti\Desktop\avast_home_setup.exe
:Commands
[Purity]
[EmptyTemp]
[Reboot]

Double-click on the OTL.exe file to start OTL. OK any warning about running OTL.
Click in the Custom Scans/Fixes box at the bottom of the OTL window
Press Ctrl+V to paste the above code in the box (check that the code appears)
Click the Run Fix button
Post the resulting log in your next reply.

Re-scan With OTL
Then run another scan with OTL using the direction previously posted Here

Thread: Can't remove Win32.Autorun.tmp

Thread Tools

Display

Hybrid View

Posting Permissions