can't get rid of win32.fraudload.edt

**mavson** · 2010-09-23, 23:21

ok I can't remember what the ad was that popped up but had another one earlier also for like an airline ad or something that just opened up in another window. Sorry about not knowing should have written it down I guess. here is the logs you requested:

OTL logfile created on: 9/23/2010 5:07:46 PM - Run 1
OTL by OldTimer - Version 3.2.14.1 Folder = C:\Documents and Settings\Me\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 85.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.78 Gb Free Space | 28.93% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
Drive E: | 25.21 Gb Total Space | 16.37 Gb Free Space | 64.93% Space Free | Partition Type: FAT32
Drive F: | 2.72 Gb Total Space | 0.91 Gb Free Space | 33.31% Space Free | Partition Type: FAT32
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: HP1
Current User Name: Me
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Me\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ArcCon.ac (ArcSoft)
PRC - C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
PRC - C:\Program Files\OpenOffice.org 2.2\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 2.2\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
PRC - C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
PRC - C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
PRC - C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd.exe (Hewlett-Packard)
PRC - C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
PRC - C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Me\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (SoundMAX Agent Service (default)) -- C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe (Analog Devices, Inc.)

========== Driver Services (SafeList) ==========

DRV - (catchme) -- C:\ComboFix\catchme.sys File not found
DRV - (usbaudio) USB Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (BVRPMPR5) -- C:\WINDOWS\system32\drivers\BVRPMPR5.SYS (Avanquest Software)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (b57w2k) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (Blfp) -- C:\WINDOWS\system32\drivers\baspxp32.sys (Broadcom Corporation)
DRV - (Afc) -- C:\WINDOWS\system32\drivers\afc.sys (Arcsoft, Inc.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: ([2010/09/22 20:58:44 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ArcSoft Connection Service] C:\Program Files\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe (ArcSoft)
O4 - HKLM..\Run: [DrvLsnr] C:\Program Files\Analog Devices\SoundMAX\DrvLsnr.exe (adi)
O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb09.exe (HP)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [Smapp] C:\Program Files\Analog Devices\SoundMAX\SMTray.exe (Analog Devices, Inc.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\LUMIX Simple Viewer.lnk = C:\Program Files\Panasonic\LUMIXSimpleViewer\PhLeAutoRun.exe (Matsushita Electric Industrial Co., Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ymetray.lnk = C:\Program Files\Yahoo!\Yahoo! Music Jukebox\ymetray.exe ()
O4 - Startup: C:\Documents and Settings\Me\Start Menu\Programs\Startup\OpenOffice.org 2.2.lnk = C:\Program Files\OpenOffice.org 2.2\program\quickstart.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {38AB6A6C-CC4C-4F9E-A3DD-3C5681EF18A1} http://www-cdn.freerealms.com/gameda...ler.cab?v=1044 (SonyOnlineInstallerX)
O16 - DPF: {41564D57-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...1F/wmvadvd.cab (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {C02226EB-A5D7-4B1F-BD7E-635E46C2288D} http://a.download.toontown.com/sv1.0.38.59/ttinst.cab (Toontown Installer ActiveX Control)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_15)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Me\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2007/07/20 14:50:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/06/18 15:18:14 | 000,000,262 | ---- | M] () - E:\AUTOEXEC.BAK -- [ FAT32 ]
O32 - AutoRun File - [2000/06/20 16:58:32 | 000,000,027 | -H-- | M] () - E:\AUTOEXEC.DOS -- [ FAT32 ]
O32 - AutoRun File - [2006/06/18 15:18:14 | 000,000,194 | ---- | M] () - E:\autoexec.bat -- [ FAT32 ]
O32 - AutoRun File - [2006/06/18 13:16:32 | 000,000,194 | ---- | M] () - E:\AUTOEXEC.001 -- [ FAT32 ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/09/23 17:06:31 | 000,575,488 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2010/09/23 13:21:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Desktop\gmer
[2010/09/23 08:28:08 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2010/09/23 07:43:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Me\Application Data\Malwarebytes
[2010/09/23 07:43:35 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/23 07:43:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/23 07:43:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/23 07:43:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/23 07:40:23 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2010/09/23 07:37:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Me\Desktop\mbam-setup.exe
[2010/09/23 07:33:20 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\TFC.exe
[2010/09/22 20:35:59 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2010/09/22 20:32:46 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/22 20:32:46 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/22 20:32:46 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/22 20:32:46 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2010/09/22 20:31:01 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/21 09:18:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2010/09/21 01:40:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2010/09/21 01:24:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS
[2010/09/21 01:24:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\NOS(2)
[2010/09/20 03:32:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe(3)
[2010/09/20 00:47:00 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/20 00:45:21 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/20 00:25:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(5)
[2010/09/19 01:55:22 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(4)
[2010/09/18 19:41:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2010/09/18 19:41:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2010/09/18 08:47:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(3)
[2010/09/17 16:39:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2010/09/17 16:07:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe(2)
[2010/09/17 15:55:01 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe(2)
[2010/09/17 15:42:42 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2010/09/17 15:26:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2010/09/16 08:20:33 | 000,000,000 | ---D | C] -- C:\Config.Msi
[2010/09/15 11:24:18 | 000,000,000 | ---D | C] -- C:\Program Files\InterActual

========== Files - Modified Within 30 Days ==========

[2010/09/23 17:08:48 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/23 17:06:32 | 000,575,488 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\OTL.exe
[2010/09/23 16:15:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2010/09/23 15:48:22 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2010/09/23 15:48:18 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/09/23 15:48:06 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2010/09/23 15:48:00 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/23 15:45:42 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\Me\ntuser.ini
[2010/09/23 15:45:41 | 004,980,736 | ---- | M] () -- C:\Documents and Settings\Me\ntuser.dat
[2010/09/23 15:45:04 | 004,836,196 | -H-- | M] () -- C:\Documents and Settings\Me\Local Settings\Application Data\IconCache.db
[2010/09/23 13:20:42 | 000,284,915 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\gmer.zip
[2010/09/23 10:01:47 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/23 07:43:38 | 000,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/23 07:37:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Me\Desktop\mbam-setup.exe
[2010/09/23 07:33:21 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Me\Desktop\TFC.exe
[2010/09/22 21:00:06 | 000,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2010/09/22 20:58:44 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2010/09/22 20:36:07 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2010/09/22 20:31:52 | 003,850,032 | R--- | M] () -- C:\Documents and Settings\Me\Desktop\ComboFix.exe
[2010/09/20 17:06:01 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/09/20 01:02:01 | 000,004,167 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Attach.zip
[2010/09/20 00:09:06 | 000,001,917 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/09/19 22:44:57 | 000,103,824 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/08/27 14:49:37 | 000,001,323 | ---- | M] () -- C:\Documents and Settings\Me\Desktop\Shortcut to DSCN1185[1].JPG.lnk
[2010/08/25 14:04:03 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Me\My Documents\CM_Pee_Wee_Football_Schedule_2010.doc

========== Files Created - No Company Name ==========

[2010/09/23 13:20:41 | 000,284,915 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\gmer.zip
[2010/09/23 07:43:38 | 000,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/22 20:36:07 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2010/09/22 20:36:03 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2010/09/22 20:32:46 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/22 20:32:46 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/22 20:32:46 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/22 20:32:46 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/22 20:32:46 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/22 20:25:22 | 003,850,032 | R--- | C] () -- C:\Documents and Settings\Me\Desktop\ComboFix.exe
[2010/09/20 01:02:01 | 000,004,167 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Attach.zip
[2010/09/19 23:52:56 | 000,007,168 | -HS- | C] () -- C:\Documents and Settings\Me\Thumbs.db
[2010/09/09 21:10:37 | 004,980,736 | ---- | C] () -- C:\Documents and Settings\Me\ntuser.dat
[2010/08/27 14:49:37 | 000,001,323 | ---- | C] () -- C:\Documents and Settings\Me\Desktop\Shortcut to DSCN1185[1].JPG.lnk
[2010/08/25 14:04:03 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Me\My Documents\CM_Pee_Wee_Football_Schedule_2010.doc
[2010/05/02 09:57:06 | 000,354,816 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2009/08/01 18:03:50 | 000,000,151 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/07/14 20:39:10 | 000,000,206 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2009/01/25 14:03:49 | 000,000,069 | ---- | C] () -- C:\WINDOWS\MediaManager.INI
[2008/05/22 13:49:45 | 000,000,324 | ---- | C] () -- C:\WINDOWS\game.ini
[2008/02/19 07:50:14 | 000,001,755 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2008/01/06 13:40:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PhEdit.INI
[2008/01/06 13:14:29 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2007/12/10 07:27:16 | 000,007,168 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/11/20 18:56:31 | 000,010,605 | ---- | C] () -- C:\WINDOWS\hpdj3600.ini
[2007/09/29 11:18:11 | 000,000,125 | ---- | C] () -- C:\Documents and Settings\Me\Local Settings\Application Data\fusioncache.dat
[2007/07/21 17:01:39 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\msssc.dll
[2006/10/22 12:22:00 | 001,703,936 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/10/22 12:22:00 | 001,474,560 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/03/06 11:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2004/09/16 14:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS

========== LOP Check ==========

[2010/07/03 11:39:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alawar Stargaze
[2010/07/03 10:49:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AlawarWrapper
[2008/09/28 00:07:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/09/28 00:06:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/05/01 20:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2010/04/19 20:38:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/11/24 10:55:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2010/03/26 07:42:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\LPECommon
[2008/01/06 13:28:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Panasonic
[2010/07/03 10:49:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\SecretIslandUSA
[2010/07/10 15:12:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Me\Application Data\Sony Online Entertainment

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys
[2004/08/03 23:07:42 | 000,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\ReinstallBackups\0009\DriverFiles\i386\AGP440.SYS

< MD5 for: ATAPI.SYS >
[2004/08/04 02:05:44 | 018,738,937 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2009/10/02 13:46:41 | 023,852,652 | ---- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2004/08/03 18:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0002\DriverFiles\i386\atapi.sys
[2004/08/03 22:59:44 | 000,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ERDNT\cache\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll
[2008/04/13 20:11:53 | 000,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\system32\eventlog.dll
[2004/08/04 01:56:44 | 000,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/04 01:56:46 | 000,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/04 01:56:46 | 000,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ERDNT\cache\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll
[2008/04/13 20:12:05 | 000,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\system32\scecli.dll

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.sys /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2007/07/20 09:29:55 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2007/07/20 09:29:55 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2007/07/20 09:29:55 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

========== Alternate Data Streams ==========

@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5D17C178
< End of report >

Thread: can't get rid of win32.fraudload.edt

Thread Tools

Display

Threaded View

Posting Permissions