Infected with Multiple Things

**Caroll** · 2011-06-02, 01:55

OTL logfile created on: 6/1/2011 6:38:29 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\FISH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.10 Mb Total Physical Memory | 558.09 Mb Available Physical Memory | 54.60% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 86.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.34 Gb Free Space | 74.28% Space Free | Partition Type: NTFS
Drive F: | 3.67 Gb Total Space | 3.66 Gb Free Space | 99.53% Space Free | Partition Type: FAT32

Computer Name: BELINDA | User Name: FISH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\FISH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
PRC - C:\Program Files\D-Link\D-Link Wireless N USB Adapter DWA-130\wirelesscm.exe ( )

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\FISH\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MRVW245) -- C:\WINDOWS\system32\drivers\MRVW245.sys (Marvell Semiconductor, Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-21-583907252-764733703-725345543-1004\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKU\S-1-5-21-583907252-764733703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-583907252-764733703-725345543-1004\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110214
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z006&form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/21 01:32:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/17 19:10:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 00:35:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 15:14:57 | 000,000,000 | ---D | M]

[2010/03/21 01:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Extensions
[2011/05/18 20:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions
[2011/03/06 14:55:22 | 000,000,000 | ---D | M] ("tektek.org GaiaOnline Toolbar 2.1") -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2011/02/18 17:40:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 05:37:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/19 21:15:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/11/19 20:10:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/04/19 21:15:46 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/03/12 06:28:08 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\personas@christopher.beard
[2011/05/15 19:33:37 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\searchplugins\anime-news-network.xml
[2010/06/10 22:45:33 | 000,002,357 | ---- | M] () -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\searchplugins\photobucket.xml
[2010/03/21 01:38:12 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\searchplugins\youtube-video-search.xml
[2011/05/18 20:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 16:05:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/04 22:13:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/04/13 19:28:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/05/31 20:09:41 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {24A123C3-A500-99BD-A120-04B53A2C8952} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKU\S-1-5-21-583907252-764733703-725345543-1004..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-583907252-764733703-725345543-1004\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-583907252-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-583907252-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-583907252-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.0.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/20 17:09:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 18:37:10 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FISH\Desktop\OTL.exe
[2011/06/01 13:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/01 13:46:06 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\FISH\Desktop\esetsmartinstaller_enu.exe
[2011/06/01 13:43:20 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\FISH\Desktop\ATF-Cleaner.exe
[2011/05/31 20:23:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/31 20:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Desktop\Malwarebytes' Anti-Malware
[2011/05/31 16:38:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/31 16:38:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/31 16:38:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/31 16:38:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/31 16:37:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/31 16:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/31 16:36:58 | 004,109,019 | R--- | C] (Swearware) -- C:\Documents and Settings\FISH\Desktop\ComboFix.exe
[2011/05/30 22:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Desktop\tdsskiller
[2011/05/19 17:32:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FISH\Recent
[2011/05/18 23:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Start Menu\Programs\Windows XP Recovery
[2011/05/18 20:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\My Documents\Logs
[2011/05/17 22:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/17 22:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/10 20:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Local Settings\Application Data\Deployment
[2011/05/10 20:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/10 20:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Application Data\SystemRequirementsLab
[2011/05/10 19:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Application Data\DAEMON Tools Lite
[2011/05/10 19:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/10 00:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2011/05/10 00:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Local Settings\Application Data\Last.fm
[2011/05/10 00:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Last.fm
[2011/05/10 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/01 18:23:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FISH\Desktop\OTL.exe
[2011/06/01 14:40:58 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for FISH.job
[2011/06/01 14:07:27 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\FISH\Set.dll
[2011/06/01 13:48:17 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/01 13:45:08 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\FISH\Desktop\esetsmartinstaller_enu.exe
[2011/06/01 13:37:42 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\FISH\Desktop\ATF-Cleaner.exe
[2011/05/31 20:09:41 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/05/31 19:46:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Skype.lnk
[2011/05/31 19:46:04 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Microsoft Office Excel 2007.lnk
[2011/05/31 16:44:09 | 000,436,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/31 16:44:09 | 000,068,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/31 16:33:20 | 004,109,019 | R--- | M] (Swearware) -- C:\Documents and Settings\FISH\Desktop\ComboFix.exe
[2011/05/30 22:18:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 22:17:44 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\tdsskiller.zip
[2011/05/19 18:27:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/18 23:20:15 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Windows XP Recovery.lnk
[2011/05/18 23:20:09 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18210596
[2011/05/18 23:04:22 | 000,015,304 | -HS- | M] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/18 23:04:22 | 000,015,304 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/18 19:54:02 | 000,000,929 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/18 00:30:46 | 000,000,355 | -HS- | M] () -- C:\boot.ini
[2011/05/17 23:05:39 | 000,012,754 | -HS- | M] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\q06y4ded434kq1vq7n7
[2011/05/17 23:05:39 | 000,012,754 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q06y4ded434kq1vq7n7
[2011/05/17 22:50:02 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cmilexobe.dat
[2011/05/17 22:50:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Txozofoyeje.bin
[2011/05/17 22:47:39 | 000,050,000 | ---- | M] () -- C:\WINDOWS\System32\zetj7n.dll
[2011/05/16 06:04:47 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/05/13 14:27:41 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Microsoft Office Word 2007.lnk
[7 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/01 13:51:26 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\FISH\Set.dll
[2011/05/31 16:38:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/31 16:38:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/31 16:38:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/31 16:38:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/31 16:38:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/30 22:19:52 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\FISH\Desktop\tdsskiller.zip
[2011/05/18 23:20:15 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\FISH\Desktop\Windows XP Recovery.lnk
[2011/05/18 23:20:09 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18210596
[2011/05/18 20:22:49 | 000,015,304 | -HS- | C] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/18 20:22:49 | 000,015,304 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/17 23:06:15 | 000,000,929 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/17 23:03:39 | 000,012,754 | -HS- | C] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\q06y4ded434kq1vq7n7
[2011/05/17 23:03:39 | 000,012,754 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q06y4ded434kq1vq7n7
[2011/05/17 22:50:02 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Cmilexobe.dat
[2011/05/17 22:50:02 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Txozofoyeje.bin
[2011/05/17 22:47:39 | 000,050,000 | ---- | C] () -- C:\WINDOWS\System32\zetj7n.dll
[2011/02/17 20:05:05 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/02/17 20:05:04 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/11/07 16:20:31 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/24 00:24:48 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/22 21:15:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2010/06/22 21:14:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP38.EXE
[2010/05/03 00:26:54 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 19:03:25 | 000,056,708 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/21 04:16:30 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/21 03:10:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/03/21 01:37:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/21 01:26:38 | 000,201,537 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/03/21 01:26:38 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2010/03/21 01:17:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/20 17:11:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 17:07:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/20 10:59:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/20 10:58:19 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,436,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,068,680 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== LOP Check ==========

[2011/04/25 18:30:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2011/05/10 19:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2010/12/22 21:29:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Hitman Pro
[2011/05/10 00:08:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/11/01 23:09:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2011/02/15 19:39:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PMB Files
[2010/03/27 15:09:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/04/20 18:54:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2011/04/24 17:46:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Father\Application Data\ooVoo Details
[2011/05/10 19:46:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FISH\Application Data\DAEMON Tools Lite
[2010/04/12 23:18:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FISH\Application Data\Facebook
[2011/04/11 00:47:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FISH\Application Data\FrostWire
[2011/02/26 18:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FISH\Application Data\gtk-2.0
[2011/04/19 23:03:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FISH\Application Data\ooVoo Details
[2011/05/10 20:42:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FISH\Application Data\SystemRequirementsLab
[2010/07/13 18:18:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\FISH\Application Data\Vivox

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

< End of report >

OTL Extras logfile created on: 6/1/2011 6:38:29 PM - Run 1
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\FISH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.10 Mb Total Physical Memory | 558.09 Mb Available Physical Memory | 54.60% Memory free
2.40 Gb Paging File | 2.09 Gb Available in Paging File | 86.92% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.34 Gb Free Space | 74.28% Space Free | Partition Type: NTFS
Drive F: | 3.67 Gb Total Space | 3.66 Gb Free Space | 99.53% Space Free | Partition Type: FAT32

Computer Name: BELINDA | User Name: FISH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_USERS\S-1-5-21-583907252-764733703-725345543-1004\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows NT\SystemRestore]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 1
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"58919:TCP" = 58919:TCP:*:Enabled:Pando Media Booster
"58919:UDP" = 58919:UDP:*:Enabled:Pando Media Booster

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"58919:TCP" = 58919:TCP:*:Enabled:Pando Media Booster
"58919:UDP" = 58919:UDP:*:Enabled:Pando Media Booster
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443
"37674:TCP" = 37674:TCP:*:Disabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Disabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Disabled:ooVoo UDP port 37675
"1900:TCP" = 1900:TCP:LocalSubNet:Enabled:UDP 1900
"67:UDP" = 67:UDP:*:Enabled:DHCP Server

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)
"C:\Program Files\Pando Networks\Media Booster\PMB.exe" = C:\Program Files\Pando Networks\Media Booster\PMB.exe:*:Enabled:Pando Media Booster -- ()
"C:\Program Files\ooVoo\ooVoo.exe" = C:\Program Files\ooVoo\ooVoo.exe:*:Enabled:ooVoo -- (ooVoo LLC)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07FB17D8-7DB6-4F06-80C4-8BE1719CB6A1}" = hpWLPGInstaller
"{0A042C19-1F48-4952-B3B6-828E8028A187}" = B209a-m
"{0F367CA3-3B2F-43F9-A44A-25A8EE69E45D}" = Scan
"{175F0111-2968-4935-8F70-33108C6A4DE3}" = MarketResearch
"{1CAC7A41-583B-4483-9FA5-3E5465AFF8C2}" = Microsoft Default Manager
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{21A2F5EE-1DC5-488A-BE7E-E526F8C61488}" = DeviceDiscovery
"{26A24AE4-039D-4CA4-87B4-2F83216018FF}" = Java(TM) 6 Update 21
"{2866B2D9-B57E-4829-A554-47DF68868F15}" = Fiesta
"{2EEA7AA4-C203-4b90-A34F-19FB7EF1C81C}" = BufferChm
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{42929F0F-CE14-47AF-9FC7-FF297A603021}" = Dell Resource CD
"{43CDF946-F5D9-4292-B006-BA0D92013021}" = WebReg
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4A70EF07-7F88-4434-BB61-D1DE8AE93DD4}" = SolutionCenter
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{61EDBE71-5D3E-4AB7-AD95-E53FEAF68C17}" = Bing Rewards Client Installer
"{63FF21C9-A810-464F-B60A-3111747B1A6D}" = GPBaseService2
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68A10D12-0D0F-4212-BDE6-D87FAD32A8FA}" = SmartWebPrinting
"{6B2FFB21-AC88-45C3-9A7D-4BB3E744EC91}" = HPSSupply
"{6BBA26E9-AB03-4FE7-831A-3535584CA002}" = Toolbox
"{7059BDA7-E1DB-442C-B7A1-6144596720A4}" = HP Update
"{75247E38-5C9B-45D6-ADF8-E11CB56B4990}" = Network
"{7C5B4583-7CBF-4289-B195-03B553959DEA}" = VoiceOver Kit
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}_VISPRO_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}_VISPRO_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}_VISPRO_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}" = Microsoft Office Visio Professional 2007
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{0FD405D3-CAF8-4CA6-8BFD-911D2F8A6585}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-0051-0000-0000-0000000FF1CE}_VISPRO_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{90120000-0054-0409-0000-0000000FF1CE}" = Microsoft Office Visio MUI (English) 2007
"{90120000-0054-0409-0000-0000000FF1CE}_VISPRO_{519D9F45-CBF4-4E57-B419-11F196CCA8AE}" = Microsoft Office Visio 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-006E-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}_VISPRO_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{92127AF5-FDD8-4ADF-BC40-C356C9EE0B7D}" = 32 Bit HP CIO Components Installer
"{922E8525-AC7E-4294-ACAA-43712D4423C0}" = Adobe Flash Player 10 ActiveX
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{980A182F-E0A2-4A40-94C1-AE0C1235902E}" = Pando Media Booster
"{9FEF1A18-8F26-4F49-A5A4-956C12210624}" = HP Photosmart Plus B209a-m All-In-One Driver Software 13.0 Rel .6
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A385AA5D-4B9C-4BB4-A3D9-8BA006D6E831}" = D-Link Wireless N USB Adapter DWA-130
"{AC76BA86-7AD7-1033-7B44-A70800000002}" = Adobe Reader 7.0.8
"{AE8705FB-E13C-40A9-8A2D-68D6733FBFC2}" = Status
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B65759DD-26C6-4EA6-9014-CA798907EBFD}" = PS_AIO_06_B209a-m_SW_Min
"{BD7204BA-DD64-499E-9B55-6A282CDF4FA4}" = Destinations
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{C43326F5-F135-4551-8270-7F7ABA0462E1}" = HPProductAssistant
"{C75CDBA2-3C86-481e-BD10-BDDA758F9DFF}" = hpPrintProjects
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DC0A5F99-FD66-433F-9D3A-05DCBA64BE42}" = TrayApp
"{E127B28D-1A2A-45C4-A74E-C817E0A74E3E}" = Fiesta
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FAE36873-1941-4076-A9A5-48812B5EA0B7}" = iTunes
"{FF1C31AE-0CDC-40CE-AB85-406F8B70D643}" = Bonjour
"7-Zip" = 7-Zip 9.16 beta
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"CANONBJ_Deinstall_CNMCP38.DLL" = Canon S300
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ESET Online Scanner" = ESET Online Scanner v3
"HP Imaging Device Functions" = HP Imaging Device Functions 13.0
"HP Print Projects" = HP Print Projects 1.0
"HP Smart Web Printing" = HP Smart Web Printing 4.5
"HP Solution Center & Imaging Support Tools" = HP Solution Center 13.0
"HPExtendedCapabilities" = HP Customer Participation Program 13.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"LastFM_is1" = Last.fm 1.5.4.27091
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.6.17)" = Mozilla Firefox (3.6.17)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NSS" = Norton Security Scan
"NVIDIA Drivers" = NVIDIA Drivers
"Shop for HP Supplies" = Shop for HP Supplies
"SystemRequirementsLab" = System Requirements Lab
"VISPRO" = Microsoft Office Visio Professional 2007
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = GIMP 2.6.8

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-583907252-764733703-725345543-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Facebook Plug-In" = Facebook Plug-In

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/17/2011 11:21:42 PM | Computer Name = BELINDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 6359

Error - 3/17/2011 11:21:44 PM | Computer Name = BELINDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: Continuously busy for more than a second

Error - 3/17/2011 11:21:44 PM | Computer Name = BELINDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledEvent 8312

Error - 3/17/2011 11:21:44 PM | Computer Name = BELINDA | Source = Bonjour Service | ID = 100
Description = Task Scheduling Error: m->NextScheduledSPRetry 8312

Error - 3/18/2011 3:35:47 AM | Computer Name = BELINDA | Source = Application Error | ID = 1000
Description = Faulting application fiesta.bin, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 3/31/2011 11:59:49 AM | Computer Name = BELINDA | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.2.4095, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 4/8/2011 11:13:04 PM | Computer Name = BELINDA | Source = ESENT | ID = 490
Description = svchost (996) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

Error - 4/9/2011 6:06:56 PM | Computer Name = BELINDA | Source = Application Error | ID = 1000
Description = Faulting application fiesta.bin, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/10/2011 3:33:50 PM | Computer Name = BELINDA | Source = Application Error | ID = 1000
Description = Faulting application fiesta.bin, version 0.0.0.0, faulting module
, version 0.0.0.0, fault address 0x00000000.

Error - 4/20/2011 6:08:44 AM | Computer Name = BELINDA | Source = ESENT | ID = 490
Description = svchost (860) An attempt to open the file "C:\WINDOWS\system32\CatRoot2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\catdb"
for read / write access failed with system error 32 (0x00000020): "The process
cannot access the file because it is being used by another process. ". The open
file operation will fail with error -1032 (0xfffffbf8).

[ System Events ]
Error - 5/1/2011 10:08:14 PM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/2/2011 12:23:15 AM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/2/2011 3:18:19 AM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/2/2011 9:14:39 PM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/5/2011 4:58:07 PM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/5/2011 6:12:04 PM | Computer Name = BELINDA | Source = Print | ID = 6161
Description = The document Boeing offers Embraer link in Brazil contract bid owned
by FISH failed to print on printer Canon S300. Data type: NT EMF 1.008. Size of
the spool file in bytes: 4422128. Number of bytes printed: 53008. Total number
of pages in the document: 3. Number of pages printed: 1. Client machine: \\BELINDA.
Win32 error code returned by the print processor: 122 (0x7a).

Error - 5/6/2011 9:18:47 AM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/7/2011 6:04:27 PM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/8/2011 5:33:50 PM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

Error - 5/8/2011 5:45:11 PM | Computer Name = BELINDA | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
cercsr6

< End of report >

**ken545** · 2011-06-02, 02:19

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
O2 - BHO: (no name) - {24A123C3-A500-99BD-A120-04B53A2C8952} - No CLSID value found.
[2011/05/17 22:50:02 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Cmilexobe.dat
[2011/05/17 22:50:02 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Txozofoyeje.bin
[2011/05/17 22:47:39 | 000,050,000 | ---- | M] () -- C:\WINDOWS\System32\zetj7n.dll


:Services

:Reg

:Files
ipconfig /release /c
ipconfig /renew /c
ipconfig /flushdns /c





:Commands
[purity]
[resethosts]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**Caroll** · 2011-06-02, 08:12

All processes killed
========== PROCESSES ==========
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{24A123C3-A500-99BD-A120-04B53A2C8952}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24A123C3-A500-99BD-A120-04B53A2C8952}\ not found.
C:\WINDOWS\Cmilexobe.dat moved successfully.
C:\WINDOWS\Txozofoyeje.bin moved successfully.
C:\WINDOWS\system32\zetj7n.dll moved successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
< ipconfig /release /c >
C:\Documents and Settings\FISH\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\FISH\Desktop\cmd.txt deleted successfully.
< ipconfig /renew /c >
C:\Documents and Settings\FISH\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\FISH\Desktop\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\FISH\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\FISH\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->FireFox cache emptied: 73738868 bytes
->Flash cache emptied: 1363 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes

User: Father
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 106090532 bytes
->Flash cache emptied: 92990 bytes

User: FISH
->Temp folder emptied: 597337 bytes
->Temporary Internet Files folder emptied: 2095304 bytes
->Java cache emptied: 20272 bytes
->FireFox cache emptied: 53365857 bytes
->Flash cache emptied: 175897 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 28 bytes
->Flash cache emptied: 71472 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 1091917 bytes
->Flash cache emptied: 104010 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2195181 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 61160 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 32902 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 229.00 mb

OTL by OldTimer - Version 3.2.23.0 log created on 06012011_234128

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

New OTL Log:
OTL logfile created on: 6/2/2011 1:03:58 AM - Run 2
OTL by OldTimer - Version 3.2.23.0 Folder = C:\Documents and Settings\FISH\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1022.10 Mb Total Physical Memory | 484.18 Mb Available Physical Memory | 47.37% Memory free
2.40 Gb Paging File | 2.01 Gb Available in Paging File | 83.64% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.50 Gb Total Space | 55.50 Gb Free Space | 74.50% Space Free | Partition Type: NTFS

Computer Name: BELINDA | User Name: FISH | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\FISH\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\FISH\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (npggsvc) -- C:\WINDOWS\System32\GameMon.des (INCA Internet Co., Ltd.)

========== Driver Services (SafeList) ==========

DRV - (Changer) -- C:\WINDOWS\System32\drivers\changer.sys (Microsoft Corporation)
DRV - (lbrtfdc) -- C:\WINDOWS\System32\drivers\lbrtfdc.sys (Toshiba Corp.)
DRV - (IntcAzAudAddService) Service for Realtek HD Audio (WDM) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (MRVW245) -- C:\WINDOWS\system32\drivers\MRVW245.sys (Marvell Semiconductor, Inc)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://en-US.start3.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official"
FF - prefs.js..extensions.enabledItems: {0df7b3bb-9581-44bb-835f-061a29ec8a46}:2.1.20110214
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: personas@christopher.beard:1.6.2
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {dd3d7613-0246-469d-bc65-2a3cc1668adc}:0.7.1.1
FF - prefs.js..extensions.enabledItems: {c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}:4.1
FF - prefs.js..keyword.URL: "http://www.bing.com/search?pc=Z006&form=ZGAADF&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/03/21 01:32:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3252b9ae-c69a-4eaf-9502-dc9c1f6c009e}: C:\Program Files\Microsoft\Search Enhancement Pack\Default Manager\DMExtension\ [2010/12/17 19:10:18 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/12 00:35:01 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.17\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 15:14:57 | 000,000,000 | ---D | M]

[2010/03/21 01:17:29 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Extensions
[2011/05/18 20:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions
[2011/03/06 14:55:22 | 000,000,000 | ---D | M] ("tektek.org GaiaOnline Toolbar 2.1") -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{0df7b3bb-9581-44bb-835f-061a29ec8a46}
[2011/02/18 17:40:57 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/20 05:37:25 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2011/04/19 21:15:46 | 000,000,000 | ---D | M] (Easy Youtube Video Downloader) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{c0c9a2c7-2e5c-4447-bc53-97718bc91e1b}
[2010/11/19 20:10:44 | 000,000,000 | ---D | M] (BlockSite) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{dd3d7613-0246-469d-bc65-2a3cc1668adc}
[2011/04/19 21:15:46 | 000,000,000 | ---D | M] (Multirow Bookmarks Toolbar) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\{FBF6D7FB-F305-4445-BB3D-FEF66579A033}
[2011/03/12 06:28:08 | 000,000,000 | ---D | M] (Personas) -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\extensions\personas@christopher.beard
[2011/05/15 19:33:37 | 000,002,431 | ---- | M] () -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\searchplugins\anime-news-network.xml
[2010/06/10 22:45:33 | 000,002,357 | ---- | M] () -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\searchplugins\photobucket.xml
[2010/03/21 01:38:12 | 000,002,057 | ---- | M] () -- C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Profiles\gsbrydu4.default\searchplugins\youtube-video-search.xml
[2011/05/18 20:35:23 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/07/22 16:05:11 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/04 22:13:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/04/13 19:28:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/17 05:00:04 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll

O1 HOSTS File: ([2011/06/02 00:58:59 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (no name) - {24A123C3-A500-99BD-A120-04B53A2C8952} - No CLSID value found.
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [PDVDDXSrv] C:\Program Files\CyberLink\PowerDVD DX\PDVDDXSrv.exe (CyberLink Corp.)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_21)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Desktop Background.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\FISH\Application Data\Mozilla\Firefox\Desktop Background.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2010/03/20 17:09:42 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/01 23:41:28 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/01 18:37:10 | 000,580,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\FISH\Desktop\OTL.exe
[2011/06/01 13:46:16 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/06/01 13:46:06 | 002,322,184 | ---- | C] (ESET) -- C:\Documents and Settings\FISH\Desktop\esetsmartinstaller_enu.exe
[2011/06/01 13:43:20 | 000,050,688 | ---- | C] (Atribune.org) -- C:\Documents and Settings\FISH\Desktop\ATF-Cleaner.exe
[2011/05/31 20:23:07 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/31 20:17:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Desktop\Malwarebytes' Anti-Malware
[2011/05/31 16:38:01 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/05/31 16:38:01 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/05/31 16:38:01 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/05/31 16:38:01 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/05/31 16:37:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/05/31 16:37:54 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/05/31 16:36:58 | 004,109,019 | R--- | C] (Swearware) -- C:\Documents and Settings\FISH\Desktop\ComboFix.exe
[2011/05/30 22:20:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Desktop\tdsskiller
[2011/05/19 17:32:18 | 000,000,000 | R--D | C] -- C:\Documents and Settings\FISH\Recent
[2011/05/18 23:20:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Start Menu\Programs\Windows XP Recovery
[2011/05/18 20:05:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\My Documents\Logs
[2011/05/17 22:59:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\AdobeUM
[2011/05/17 22:58:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/05/10 20:45:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Local Settings\Application Data\Deployment
[2011/05/10 20:42:20 | 000,000,000 | ---D | C] -- C:\Program Files\SystemRequirementsLab
[2011/05/10 20:42:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Application Data\SystemRequirementsLab
[2011/05/10 19:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Application Data\DAEMON Tools Lite
[2011/05/10 19:32:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DAEMON Tools Lite
[2011/05/10 00:08:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2011/05/10 00:07:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\FISH\Local Settings\Application Data\Last.fm
[2011/05/10 00:07:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Last.fm
[2011/05/10 00:07:48 | 000,000,000 | ---D | C] -- C:\Program Files\Last.fm

========== Files - Modified Within 30 Days ==========

[2011/06/02 01:00:54 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/02 00:58:59 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/01 18:23:44 | 000,580,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\FISH\Desktop\OTL.exe
[2011/06/01 14:40:58 | 000,000,472 | -H-- | M] () -- C:\WINDOWS\tasks\Norton Security Scan for FISH.job
[2011/06/01 14:07:27 | 000,000,667 | ---- | M] () -- C:\Documents and Settings\FISH\Set.dll
[2011/06/01 13:45:08 | 002,322,184 | ---- | M] (ESET) -- C:\Documents and Settings\FISH\Desktop\esetsmartinstaller_enu.exe
[2011/06/01 13:37:42 | 000,050,688 | ---- | M] (Atribune.org) -- C:\Documents and Settings\FISH\Desktop\ATF-Cleaner.exe
[2011/05/31 19:46:41 | 000,002,265 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Skype.lnk
[2011/05/31 19:46:04 | 000,002,473 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Microsoft Office Excel 2007.lnk
[2011/05/31 16:44:09 | 000,436,228 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/31 16:44:09 | 000,068,680 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/31 16:33:20 | 004,109,019 | R--- | M] (Swearware) -- C:\Documents and Settings\FISH\Desktop\ComboFix.exe
[2011/05/30 22:18:45 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/30 22:17:44 | 001,301,452 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\tdsskiller.zip
[2011/05/19 18:27:13 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/18 23:20:15 | 000,000,819 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Windows XP Recovery.lnk
[2011/05/18 23:20:09 | 000,000,336 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\18210596
[2011/05/18 23:04:22 | 000,015,304 | -HS- | M] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/18 23:04:22 | 000,015,304 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/18 19:54:02 | 000,000,929 | ---- | M] () -- C:\WINDOWS\wininit.ini
[2011/05/18 00:30:46 | 000,000,355 | -HS- | M] () -- C:\boot.ini
[2011/05/17 23:05:39 | 000,012,754 | -HS- | M] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\q06y4ded434kq1vq7n7
[2011/05/17 23:05:39 | 000,012,754 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\q06y4ded434kq1vq7n7
[2011/05/16 06:04:47 | 000,002,483 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Microsoft Office PowerPoint 2007.lnk
[2011/05/13 14:27:41 | 000,002,515 | ---- | M] () -- C:\Documents and Settings\FISH\Desktop\Microsoft Office Word 2007.lnk

========== Files Created - No Company Name ==========

[2011/06/01 13:51:26 | 000,000,667 | ---- | C] () -- C:\Documents and Settings\FISH\Set.dll
[2011/05/31 16:38:01 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/05/31 16:38:01 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/05/31 16:38:01 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/05/31 16:38:01 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/05/31 16:38:01 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/05/30 22:19:52 | 001,301,452 | ---- | C] () -- C:\Documents and Settings\FISH\Desktop\tdsskiller.zip
[2011/05/18 23:20:15 | 000,000,819 | ---- | C] () -- C:\Documents and Settings\FISH\Desktop\Windows XP Recovery.lnk
[2011/05/18 23:20:09 | 000,000,336 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\18210596
[2011/05/18 20:22:49 | 000,015,304 | -HS- | C] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/18 20:22:49 | 000,015,304 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\m02aj8c05sb8ycm2623sjs105ifan2c26ws
[2011/05/17 23:06:15 | 000,000,929 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2011/05/17 23:03:39 | 000,012,754 | -HS- | C] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\q06y4ded434kq1vq7n7
[2011/05/17 23:03:39 | 000,012,754 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\q06y4ded434kq1vq7n7
[2011/02/17 20:05:05 | 000,230,752 | ---- | C] () -- C:\WINDOWS\patchw32.dll
[2011/02/17 20:05:04 | 000,118,176 | ---- | C] () -- C:\WINDOWS\patchw.dll
[2010/11/07 16:20:31 | 000,016,968 | ---- | C] () -- C:\WINDOWS\System32\drivers\hitmanpro35.sys
[2010/08/24 00:24:48 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/06/22 21:15:15 | 000,005,632 | ---- | C] () -- C:\WINDOWS\System32\CNMVS38.DLL
[2010/06/22 21:14:58 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\CNMCP38.EXE
[2010/05/03 00:26:54 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\FISH\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/04/20 19:03:25 | 000,056,708 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/03/21 04:16:30 | 000,000,162 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2010/03/21 03:10:53 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2010/03/21 01:37:43 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/03/21 01:26:38 | 000,201,537 | ---- | C] () -- C:\WINDOWS\hpoins40.dat
[2010/03/21 01:26:38 | 000,000,992 | ---- | C] () -- C:\WINDOWS\hpomdl40.dat
[2010/03/21 01:17:24 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/03/20 17:11:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2010/03/20 17:07:02 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2010/03/20 10:59:29 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2010/03/20 10:58:19 | 000,268,600 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/03/22 13:48:43 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/03/22 13:48:43 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/04 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/04 05:00:00 | 000,436,228 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/04 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/04 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/04 05:00:00 | 000,068,680 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/04 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/04 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/04 05:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/04 05:00:00 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/08/04 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat

========== Alternate Data Streams ==========

@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB15613

< End of report >

**ken545** · 2011-06-02, 09:56

Great, how is your system running now , any browser redirects or unwanted pop up windows, is your computer running faster than before ?

What other problems do you have, please explain them in detail and if there windows related I can link you to a forum that can help

**Caroll** · 2011-06-02, 23:17

It looks like everything is fine excepted for the hidden files and folders that I can't access still. I think it's some remnants of the Windows XP virus but I'm not quite sure.

**ken545** · 2011-06-02, 23:56

Did you ever set your computer to hide system files ?

You can try this and see if you can see them now

You need to enable windows to Show all Files and Folders
Instructions for your Operating System HERE

Let me know how it went , I can link you to a good windows forum for help if you need it

**Caroll** · 2011-06-03, 00:40

Still not showing.

**ken545** · 2011-06-03, 02:11

Carol, we just do malware removal on this forum. I would like you to post at WhattheTech for your problem. All us forums work together so I would like you to link them to this thread so they can see what we have done, please keep in mind that the infection you had was pretty nasty and may have done some damage, but I am not sure
http://forums.spybot.info/showthread.php?t=62889

This forum like Safer is free but you will need to register
http://forums.whatthetech.com/index.php?showforum=119

Please post back and let me know how it went and if they were able to fix your issue

**ken545** · 2011-06-08, 22:17

Carol, how are you coming along ?

Thread: Infected with Multiple Things

Thread Tools

Display

Posting Permissions