Can't remove Win32.Autorun.tmp

**alphabet_soup** · 2010-09-09, 07:44

OTL Logs:

"OTL":

OTL logfile created on: 9/09/2010 3:40:18 PM - Run 1
OTL by OldTimer - Version 3.2.11.0 Folder = C:\Documents and Settings\willmonotti\Desktop
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000C09 | Country: Australia | Language: ENA | Date Format: d/MM/yyyy

1,015.00 Mb Total Physical Memory | 470.00 Mb Available Physical Memory | 46.00% Memory free
2.00 Gb Paging File | 2.00 Gb Available in Paging File | 80.00% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.51 Gb Total Space | 4.24 Gb Free Space | 5.69% Space Free | Partition Type: FAT32
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: WILL
Current User Name: willmonotti
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 90 Days
Output = Minimal
Quick Scan

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\willmonotti\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Documents and Settings\willmonotti\Local Settings\Application Data\Google\Chrome\Application\chrome.exe (Google Inc.)
PRC - C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
PRC - C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
PRC - C:\Program Files\Last.fm\LastFM.exe (Last.fm)
PRC - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\willmonotti\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\msvcr80.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveUtil.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
MOD - C:\Program Files\Microsoft Office\Office12\GrooveNew.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.VC80.ATL_1fc8b3b9a1e18e3b_8.0.50727.42_x-ww_6e805841\ATL80.dll (Microsoft Corporation)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\rsaenh.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (HidServ) -- C:\WINDOWS\System32\hidserv.dll File not found
SRV - (CiscoVpnInstallService) -- C:\DOCUME~1\WILLMO~1\LOCALS~1\TEMP\INSTAL~1.EXE File not found
SRV - (Ati HotKey Poller) -- C:\WINDOWS\System32\Ati2evxx.exe File not found
SRV - (getPlusHelper) getPlus(R) -- C:\Program Files\NOS\bin\getPlus_Helper.dll (NOS Microsystems Ltd.)
SRV - (WDDMService) -- C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMService.exe (WDC)
SRV - (WDSmartWareBackgroundService) -- C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWareBackgroundService.exe (Memeo)
SRV - (CVPND) -- C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe (Cisco Systems, Inc.)

========== Driver Services (SafeList) ==========

DRV - (Lbd) -- C:\WINDOWS\System32\DRIVERS\Lbd.sys File not found
DRV - (WDC_SAM) -- C:\WINDOWS\system32\drivers\wdcsam.sys (Western Digital Technologies)
DRV - (CVPNDRVA) -- C:\WINDOWS\system32\drivers\CVPNDRVA.sys (Cisco Systems, Inc.)
DRV - (DNE) -- C:\WINDOWS\system32\drivers\dne2000.sys (Deterministic Networks, Inc.)
DRV - (vsdatant) -- C:\WINDOWS\system32\vsdatant.sys (Zone Labs, LLC)
DRV - (CVirtA) -- C:\WINDOWS\system32\drivers\CVirtA.sys (Cisco Systems, Inc.)
DRV - (NTIDrvr) -- C:\WINDOWS\system32\drivers\NTIDrvr.sys (NewTech Infosystems, Inc.)
DRV - (ALCXWDM) Service for Realtek AC97 Audio (WDM) -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS (Realtek Semiconductor Corp.)
DRV - (ESDCR) -- C:\WINDOWS\system32\drivers\ESD7SK.sys (ENE Technology Inc.)
DRV - (ESMCR) -- C:\WINDOWS\system32\drivers\ESM7SK.sys (ENE Technology Inc.)
DRV - (Ktp) -- C:\WINDOWS\system32\drivers\Ktp.sys (ELANTECH Devices Corp.)
DRV - (b57w2k) Broadcom NetLink (TM) -- C:\WINDOWS\system32\drivers\b57xp32.sys (Broadcom Corporation)
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (EMSCR) -- C:\WINDOWS\system32\drivers\EMS7SK.sys (ENE Technology Inc.)
DRV - (BCM43XX) -- C:\WINDOWS\system32\drivers\BCMWL5.SYS (Broadcom Corporation)
DRV - (UBHelper) -- C:\WINDOWS\System32\drivers\UBHelper.sys ()
DRV - (HSFHWICH) -- C:\WINDOWS\system32\drivers\HSFHWICH.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (w29n51) Intel(R) -- C:\WINDOWS\system32\drivers\w29n51.sys (Intel® Corporation)
DRV - (bcm4sbxp) -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys (Broadcom Corporation)
DRV - (SMCIRDA) -- C:\WINDOWS\system32\drivers\smcirda.sys (SMSC)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://global.acer.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://trinity.unimelb.edu.au/portal
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = wwwproxy.student.unimelb.edu.au:8000

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.startup.homepage: "https://www.trinitycollege.vic.edu.au/portal/today/today.php"
FF - prefs.js..extensions.enabledItems: {E2883E8F-472F-4fb0-9522-AC9BF37916A7}:1.6.2.53
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.backup.ftp: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.ftp_port: 8000
FF - prefs.js..network.proxy.backup.gopher: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.gopher_port: 8000
FF - prefs.js..network.proxy.backup.socks: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.socks_port: 8000
FF - prefs.js..network.proxy.backup.ssl: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.backup.ssl_port: 8000
FF - prefs.js..network.proxy.ftp: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.ftp_port: 8000
FF - prefs.js..network.proxy.gopher: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.gopher_port: 8000
FF - prefs.js..network.proxy.http: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.http_port: 8000
FF - prefs.js..network.proxy.share_proxy_settings: true
FF - prefs.js..network.proxy.socks: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.socks_port: 8000
FF - prefs.js..network.proxy.ssl: "wwwproxy.unimelb.edu.au"
FF - prefs.js..network.proxy.ssl_port: 8000
FF - prefs.js..network.proxy.type: 1

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/02/09 18:52:32 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/02/09 18:52:32 | 000,000,000 | ---D | M]

[2009/02/09 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Extensions
[2009/02/09 18:52:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\extensions
[2009/06/03 19:00:26 | 000,000,000 | ---D | M] (MediaWrap) -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\extensions\{dd68c513-9296-4b63-8d8b-8f1c991c8a48}
[2009/12/12 17:56:04 | 000,000,000 | ---D | M] (Adobe DLM (powered by getPlus(R))) -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2009/03/25 20:14:48 | 000,001,620 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\searchplugins\mozilla-add-ons.xml
[2009/05/22 01:42:46 | 000,004,140 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Mozilla\Firefox\Profiles\qtrsc0zj.default\searchplugins\youtube.xml
[2009/02/09 18:52:32 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/23 23:02:04 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/04/23 23:01:54 | 000,411,368 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2010/03/12 18:57:14 | 000,001,538 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazon-en-GB.xml
[2010/03/12 18:57:14 | 000,000,947 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\chambers-en-GB.xml
[2010/03/12 18:57:14 | 000,000,769 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay-en-GB.xml
[2010/03/12 18:57:14 | 000,001,135 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo-en-GB.xml

O1 HOSTS File: ([2009/11/20 21:35:48 | 000,000,732 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - No CLSID value found.
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] C:\WINDOWS\System32\bthprops.cpl (Microsoft Corporation)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe File not found
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\System32\igfxtray.exe File not found
O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [KTPWare] C:\Program Files\Elantech\ktp.exe File not found
O4 - HKLM..\Run: [LaunchApp] C:\WINDOWS\Alaunch.exe (Acer Inc.)
O4 - HKLM..\Run: [MSPY2002] C:\WINDOWS\System32\IME\PINTLGNT\ImScInst.exe ()
O4 - HKLM..\Run: [PHIME2002A] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [PHIME2002ASync] C:\WINDOWS\System32\IME\TINTLGNT\TINTSETP.EXE (Microsoft Corporation)
O4 - HKLM..\Run: [SoundMan] File not found
O4 - HKCU..\Run: [akvwx] C:\WINDOWS\System32\e1vbg3sn.exe File not found
O4 - HKCU..\Run: [cito0] C:\WINDOWS\System32\chxd60flvr.exe File not found
O4 - HKCU..\Run: [cydo8] C:\WINDOWS\System32\cttuzf81.exe File not found
O4 - HKCU..\Run: [dezpq] C:\WINDOWS\System32\w2xyt081alm.exe File not found
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe File not found
O4 - HKCU..\Run: [dzuklg2] C:\WINDOWS\System32\rsnt66k8708.exe File not found
O4 - HKCU..\Run: [dzuva] C:\WINDOWS\System32\1epqlr8.exe File not found
O4 - HKCU..\Run: [ezqqlcc] C:\WINDOWS\System32\oojaavmmhy.exe File not found
O4 - HKCU..\Run: [faawmm] C:\WINDOWS\System32\3wwriid.exe File not found
O4 - HKCU..\Run: [falhcc] C:\WINDOWS\System32\1qmmhyy.exe File not found
O4 - HKCU..\Run: [hcyytkk] C:\WINDOWS\System32\qlccxoojaa.exe File not found
O4 - HKCU..\Run: [hxdtp] C:\WINDOWS\System32\hm2noj081q.exe File not found
O4 - HKCU..\Run: [lbhc6y] C:\WINDOWS\System32\lr2xd2jk.exe File not found
O4 - HKCU..\Run: [llmcdi] C:\WINDOWS\System32\bm5hdyuu.exe File not found
O4 - HKCU..\Run: [mcdi3e] C:\WINDOWS\System32\bm86y3pl.exe File not found
O4 - HKCU..\Run: [mmiyy6k] C:\WINDOWS\System32\fwwriiduupg.exe File not found
O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe File not found
O4 - HKCU..\Run: [nojpk0r] C:\WINDOWS\System32\0jff66w.exe File not found
O4 - HKCU..\Run: [pkkgww] C:\WINDOWS\System32\ni1eaavmmh.exe File not found
O4 - HKCU..\Run: [qhxiioj] C:\WINDOWS\System32\1cdi81u.exe File not found
O4 - HKCU..\Run: [rcc86] C:\WINDOWS\System32\q1gw1ni13p.exe File not found
O4 - HKCU..\Run: [snoejuf] C:\WINDOWS\System32\86y2ff6.exe File not found
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - HKCU..\Run: [teea6r] C:\WINDOWS\System32\w39ee5v1wb.exe File not found
O4 - HKCU..\Run: [tkkfww] C:\WINDOWS\System32\i1eaavmmhy.exe File not found
O4 - HKCU..\Run: [upggbs] C:\WINDOWS\System32\dzpplbbxnn.exe File not found
O4 - HKCU..\Run: [uplbbxc] C:\WINDOWS\System32\pff69m1i.exe File not found
O4 - HKCU..\Run: [vgr60] C:\WINDOWS\System32\6xc81oz.exe File not found
O4 - HKCU..\Run: [vqwxin] C:\WINDOWS\System32\60niy1p.exe File not found
O4 - HKCU..\Run: [wbxxoo3] C:\WINDOWS\System32\0xdyep0.exe File not found
O4 - HKCU..\Run: [wcxtoeu] C:\WINDOWS\System32\70i1zuv.exe File not found
O4 - HKCU..\Run: [wrmns] C:\WINDOWS\System32\60xs0zf.exe File not found
O4 - HKCU..\Run: [xdtyuua] C:\WINDOWS\System32\vlw2nyojzav.exe File not found
O4 - HKCU..\Run: [xsoo8] C:\WINDOWS\System32\sndu1klq.exe File not found
O4 - HKCU..\Run: [yuupgg] C:\WINDOWS\System32\ytkkfwwr.exe File not found
O4 - HKCU..\Run: [yzpf0w] C:\WINDOWS\System32\n20zvfbw.exe File not found
O4 - HKCU..\Run: [zaflw] C:\WINDOWS\System32\70bxny1.exe File not found
O4 - HKCU..\Run: [zuvqm] C:\WINDOWS\System32\kkfwwrii.exe File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk = C:\WINDOWS\Installer\{51FB15F4-AD27-43BC-AD4B-DD0354FB6BBD}\Icon3E5562ED7.ico ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk = C:\Program Files\Western Digital\WD SmartWare\WD Drive Manager\WDDMStatus.exe (WDC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk = C:\Program Files\Western Digital\WD SmartWare\Front Parlor\WDSmartWare.exe (Western Digital)
O4 - Startup: C:\Documents and Settings\willmonotti\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office12\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.microsoft.com/downlo...8f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_20)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 203.28.240.18 203.28.240.20
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807563E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\willmonotti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\willmonotti\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/05/24 15:15:44 | 000,000,050 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{0198223c-57e9-11de-a977-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{0198223c-57e9-11de-a977-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{095707e1-8304-11de-a97c-b956f7f66bd7}\Shell - "" = AutoRun
O33 - MountPoints2\{095707e1-8304-11de-a97c-b956f7f66bd7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{0cdf25b0-dbc3-11de-a988-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{0cdf25b0-dbc3-11de-a988-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{688fe0c4-ec8b-11de-a99e-0013ce34ce68}\Shell\AutoRun\command - "" = C:\WINDOWS\System32\setup.exe -- [2004/08/04 05:00:00 | 000,023,040 | ---- | M] (Microsoft Corporation)
O33 - MountPoints2\{86e28224-3f1b-11df-a9cb-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{86e28224-3f1b-11df-a9cb-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{86e28225-3f1b-11df-a9cb-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{86e28225-3f1b-11df-a9cb-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b3de1542-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun\command - "" = F:\WD SmartWare.exe -- File not found
O33 - MountPoints2\{b3de1543-7cf9-11df-a9e1-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{b3de1543-7cf9-11df-a9e1-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c092c4e6-4125-11df-a9cd-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{c092c4e6-4125-11df-a9cd-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{c7ad71ec-5c09-11de-a978-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{c7ad71ec-5c09-11de-a978-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{ca9e7a78-f678-11dd-a94f-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{ca9e7a78-f678-11dd-a94f-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{dbc09e98-fe3a-11dd-a953-0013ce34ce68}\Shell - "" = AutoRun
O33 - MountPoints2\{dbc09e98-fe3a-11dd-a953-0013ce34ce68}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{e03ecff4-2297-11de-a963-00059a3c7800}\Shell - "" = AutoRun
O33 - MountPoints2\{e03ecff4-2297-11de-a963-00059a3c7800}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: HidServ - C:\WINDOWS\System32\hidserv.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found
NetSvcs: ywyyitdy - C:\WINDOWS\system32\gnhnveo.dll ()

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 90 Days ==========

[2010/09/09 15:37:43 | 000,574,976 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\willmonotti\Desktop\OTL.exe
[2010/09/09 15:36:36 | 000,000,000 | --SD | C] -- C:\commy
[2010/09/08 22:11:29 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Application Data\Malwarebytes
[2010/09/08 22:11:18 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/09/08 22:11:17 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/09/08 22:11:17 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2010/09/08 22:11:17 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2010/09/08 22:10:20 | 006,153,352 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\willmonotti\Desktop\mbam-setup.exe
[2010/09/08 19:57:45 | 000,000,000 | --SD | C] -- C:\ComboFix
[2010/09/08 19:54:53 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2010/09/08 19:54:53 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2010/09/08 19:54:53 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2010/09/08 19:54:16 | 000,000,000 | ---D | C] -- C:\Qoobox
[2010/09/08 14:35:50 | 000,000,000 | -HSD | C] -- C:\FOUND.031
[2010/09/08 14:24:32 | 000,000,000 | -HSD | C] -- C:\FOUND.030
[2010/09/08 13:57:30 | 000,000,000 | -HSD | C] -- C:\FOUND.029
[2010/09/08 13:43:06 | 000,000,000 | -HSD | C] -- C:\FOUND.028
[2010/09/06 14:43:12 | 000,000,000 | -HSD | C] -- C:\FOUND.027
[2010/09/05 12:25:16 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2010/09/05 12:24:56 | 000,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2010/09/05 12:16:21 | 000,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\willmonotti\Desktop\erunt-setup.exe
[2010/09/03 23:25:36 | 000,000,000 | -HSD | C] -- C:\FOUND.026
[2010/09/02 22:08:00 | 000,000,000 | -HSD | C] -- C:\FOUND.025
[2010/09/01 23:56:04 | 000,000,000 | ---D | C] -- C:\Program Files\Safer Networking
[2010/09/01 23:53:23 | 000,000,000 | ---D | C] -- C:\WINDOWS\pss
[2010/09/01 14:55:38 | 000,000,000 | -HSD | C] -- C:\FOUND.024
[2010/08/31 23:58:24 | 000,000,000 | -HSD | C] -- C:\FOUND.023
[2010/08/31 19:41:40 | 000,000,000 | -HSD | C] -- C:\FOUND.022
[2010/08/31 18:26:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\My Documents\My eBooks
[2010/08/27 21:22:10 | 000,000,000 | -HSD | C] -- C:\FOUND.021
[2010/08/26 23:15:04 | 000,000,000 | -HSD | C] -- C:\FOUND.020
[2010/08/26 14:56:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Desktop\VPN
[2010/07/31 13:44:48 | 000,000,000 | -HSD | C] -- C:\FOUND.009
[2010/07/31 10:40:54 | 000,000,000 | -HSD | C] -- C:\FOUND.008
[2010/07/31 01:34:08 | 000,000,000 | -HSD | C] -- C:\FOUND.007
[2010/07/27 01:23:50 | 000,000,000 | -HSD | C] -- C:\FOUND.006
[2010/07/26 19:15:58 | 000,000,000 | -HSD | C] -- C:\FOUND.005
[2010/07/24 15:16:26 | 000,000,000 | -HSD | C] -- C:\FOUND.004
[2010/07/03 11:22:10 | 000,000,000 | -HSD | C] -- C:\FOUND.003
[2010/06/30 17:10:22 | 000,000,000 | ---D | C] -- C:\CyberFoot2007
[2010/06/30 16:48:13 | 000,000,000 | ---D | C] -- C:\Program Files\SuperSoccerManager 2005
[2010/06/29 23:56:04 | 000,000,000 | -HSD | C] -- C:\FOUND.002
[2010/06/29 23:19:22 | 000,000,000 | -HSD | C] -- C:\FOUND.001
[2010/06/21 16:04:02 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\Western_Digital
[2010/06/21 16:01:52 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Application Data\Western Digital
[2010/06/21 16:01:44 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2010/06/21 16:01:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\ServiceTest
[2010/06/21 16:01:31 | 000,011,520 | ---- | C] (Western Digital Technologies) -- C:\WINDOWS\System32\drivers\wdcsam.sys
[2010/06/21 16:01:13 | 000,000,000 | ---D | C] -- C:\Program Files\Western Digital
[2010/06/21 15:58:02 | 000,000,000 | R-SD | C] -- C:\WINDOWS\assembly
[2010/06/21 15:57:37 | 000,000,000 | ---D | C] -- C:\WINDOWS\Microsoft.NET
[2010/06/21 15:56:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\Western Digital
[2010/06/16 20:12:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\My Documents\Downloads
[2010/06/16 20:03:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\Temp
[2010/06/14 23:25:24 | 000,000,000 | -HSD | C] -- C:\FOUND.000
[2008/08/29 14:00:00 | 001,822,520 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2008/08/29 14:00:00 | 001,708,856 | ---- | C] (Microsoft Corporation) -- C:\Program Files\instmsi.exe

========== Files - Modified Within 90 Days ==========

[2010/09/09 15:37:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\willmonotti\Desktop\OTL.exe
[2010/09/09 15:00:40 | 000,002,155 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\iTunes.lnk
[2010/09/09 14:30:40 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/09/09 14:29:50 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\willmonotti\Desktop\commy.exe
[2010/09/09 14:24:22 | 000,002,447 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\VPN Client.lnk
[2010/09/09 14:23:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/09/09 14:23:20 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2010/09/09 10:29:50 | 000,000,012 | ---- | M] () -- C:\WINDOWS\bthservsdp.dat
[2010/09/09 10:24:02 | 007,340,032 | -H-- | M] () -- C:\Documents and Settings\willmonotti\NTUSER.DAT
[2010/09/09 10:24:02 | 000,000,178 | -HS- | M] () -- C:\Documents and Settings\willmonotti\ntuser.ini
[2010/09/09 00:47:02 | 000,000,950 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089067542-3450742136-2425182029-1004Core1cb4c3f70ac632c.job
[2010/09/08 22:11:22 | 000,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 22:10:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\willmonotti\Desktop\mbam-setup.exe
[2010/09/08 13:04:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\umsywfnu.exe
[2010/09/08 12:00:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\tasks\PerfectOptimizer_home.job
[2010/09/08 11:57:40 | 000,002,451 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\VPN Client.lnk
[2010/09/08 00:40:18 | 000,175,616 | ---- | M] () -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/09/05 12:25:04 | 000,000,675 | ---- | M] () -- C:\Documents and Settings\willmonotti\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/05 12:16:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\willmonotti\Desktop\erunt-setup.exe
[2010/09/05 12:15:44 | 000,525,824 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\dds.scr
[2010/09/02 22:28:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\tasks\Ad-Aware Update (Weekly).job
[2010/09/01 23:57:52 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2010/09/01 19:56:14 | 000,002,137 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/08/30 14:18:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/08/22 20:09:32 | 000,002,238 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\Google Chrome.lnk
[2010/08/22 20:09:32 | 000,002,216 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2010/08/03 17:15:28 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/06/30 17:10:24 | 000,000,490 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\CyberFoot 2007.lnk
[2010/06/21 16:01:38 | 000,001,026 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/06/21 16:01:38 | 000,000,965 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/06/21 16:01:00 | 000,411,674 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2010/06/21 16:01:00 | 000,397,110 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2010/06/21 16:01:00 | 000,060,514 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2010/06/16 19:58:30 | 000,002,205 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk

========== Files Created - No Company Name ==========

[2010/09/09 14:29:48 | 003,840,723 | R--- | C] () -- C:\Documents and Settings\willmonotti\Desktop\commy.exe
[2010/09/08 22:11:21 | 000,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2010/09/08 19:54:53 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2010/09/08 19:54:53 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2010/09/08 19:54:53 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2010/09/08 19:54:53 | 000,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2010/09/08 19:54:53 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2010/09/08 13:04:13 | 000,293,376 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\umsywfnu.exe
[2010/09/05 12:25:03 | 000,000,675 | ---- | C] () -- C:\Documents and Settings\willmonotti\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2010/09/05 12:15:46 | 000,525,824 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\dds.scr
[2010/09/05 00:42:46 | 000,000,950 | ---- | C] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-4089067542-3450742136-2425182029-1004Core1cb4c3f70ac632c.job
[2010/06/30 17:10:22 | 000,000,490 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\CyberFoot 2007.lnk
[2010/06/21 16:01:37 | 000,001,026 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDSmartWare.lnk
[2010/06/21 16:01:37 | 000,000,965 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WDDMStatus.lnk
[2010/06/16 20:04:19 | 000,002,238 | ---- | C] () -- C:\Documents and Settings\willmonotti\Desktop\Google Chrome.lnk
[2010/06/16 20:04:19 | 000,002,216 | ---- | C] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk
[2009/04/19 22:12:37 | 000,001,127 | ---- | C] () -- C:\WINDOWS\wincmd.ini
[2009/04/03 13:26:13 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2009/03/11 00:07:05 | 000,000,125 | ---- | C] () -- C:\WINDOWS\ds467.dll
[2009/02/14 22:30:45 | 000,175,616 | ---- | C] () -- C:\Documents and Settings\willmonotti\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/10/16 11:46:40 | 000,000,700 | ---- | C] () -- C:\Program Files\studentVPN.pcf
[2008/08/29 14:00:22 | 000,001,073 | ---- | C] () -- C:\Program Files\sig.dat
[2008/08/29 14:00:20 | 000,001,099 | ---- | C] () -- C:\Program Files\vpnclient_setup.ini
[2008/08/29 14:00:18 | 000,052,224 | ---- | C] () -- C:\Program Files\vpnclient_jp.mst
[2008/08/29 14:00:06 | 010,935,808 | ---- | C] () -- C:\Program Files\vpnclient_setup.msi
[2008/08/29 14:00:04 | 000,051,200 | ---- | C] () -- C:\Program Files\vpnclient_fc.mst
[2008/08/29 14:00:00 | 000,000,819 | ---- | C] () -- C:\Program Files\vpnclient_setup.sms
[2008/08/29 14:00:00 | 000,000,640 | ---- | C] () -- C:\Program Files\vpnclient_setup.pdf
[2008/08/29 13:59:58 | 000,056,832 | ---- | C] () -- C:\Program Files\vpnclient_setup.exe
[2008/08/29 13:58:26 | 000,197,408 | ---- | C] () -- C:\WINDOWS\System32\vpnapi.dll
[2008/08/29 13:58:16 | 000,193,312 | ---- | C] () -- C:\WINDOWS\System32\CSGina.dll
[2008/08/29 13:58:04 | 000,221,315 | ---- | C] () -- C:\Program Files\installservice.exe
[2008/08/29 13:57:32 | 000,016,505 | ---- | C] () -- C:\Program Files\DelayInst.exe
[2005/05/26 09:49:35 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/26 09:35:20 | 000,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/05/26 09:35:18 | 000,000,329 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/05/26 09:31:07 | 000,356,352 | ---- | C] () -- C:\WINDOWS\EMCRI.dll
[2005/05/24 15:16:04 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/05/24 15:15:12 | 000,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/05/24 15:02:43 | 000,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/05/24 15:02:39 | 000,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/05/24 14:58:31 | 000,037,776 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/05/24 14:50:20 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/05/24 14:35:43 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2005/05/24 14:35:29 | 000,160,603 | RHS- | C] () -- C:\WINDOWS\System32\gnhnveo.dll
[2005/05/24 14:35:27 | 000,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[2004/12/17 17:14:44 | 000,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 000,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 000,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 000,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1980/01/01 00:00:00 | 000,000,085 | ---- | C] () -- C:\WINDOWS\ALAUNCH.INI

========== LOP Check ==========

[2009/02/12 21:49:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2009/02/14 21:58:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/07/01 00:19:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/12/07 21:45:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/03/30 01:38:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Last.fm
[2010/06/21 16:01:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Western Digital
[2009/02/14 22:08:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\USM2
[2009/02/18 22:44:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\uTorrent
[2009/07/02 23:01:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\gtk-2.0
[2009/10/19 19:29:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Audacity
[2009/11/22 17:22:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\foobar2000
[2009/12/07 21:45:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\acccore
[2010/03/07 01:14:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Windows Search
[2010/06/21 16:01:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\willmonotti\Application Data\Western Digital
[2010/09/02 22:28:02 | 000,000,472 | ---- | M] () -- C:\WINDOWS\Tasks\Ad-Aware Update (Weekly).job
[2010/09/08 12:00:02 | 000,000,374 | ---- | M] () -- C:\WINDOWS\Tasks\PerfectOptimizer_home.job
[2010/03/25 00:07:32 | 000,000,516 | ---- | M] () -- C:\WINDOWS\Tasks\Install_NSS.job

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2005/05/26 11:33:48 | 000,000,076 | RHS- | M] () -- C:\PRELOAD.AAA
[2004/08/04 05:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2004/08/04 05:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2010/09/01 23:57:52 | 000,000,245 | RHS- | M] () -- C:\boot.ini
[2005/05/24 14:53:22 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2005/05/24 15:15:44 | 000,000,050 | ---- | M] () -- C:\AUTOEXEC.BAT
[2005/05/24 14:53:22 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2005/05/24 14:53:22 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2005/05/26 11:34:00 | 000,000,003 | ---- | M] () -- C:\PRELOAD.TAG
[2010/09/09 14:23:20 | 1064,812,544 | -HS- | M] () -- C:\hiberfil.sys
[2009/11/30 00:48:10 | 000,012,540 | ---- | M] () -- C:\aaw7boot.log
[2009/07/12 00:02:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/07/12 00:02:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/07/17 11:34:36 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/07/17 11:34:36 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/08/03 12:34:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/08/03 12:34:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/08/19 13:58:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/08/19 13:58:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/08/21 15:15:00 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/08/21 15:15:00 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/08/23 15:08:18 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/08/23 15:08:18 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/10/19 19:18:16 | 000,009,312 | ---- | M] () -- C:\Ask & Record Toolbar Setup Log.txt
[2009/12/07 21:45:34 | 000,000,397 | -H-- | M] () -- C:\IPH.PH
[2010/09/09 14:23:18 | 1598,029,824 | -HS- | M] () -- C:\pagefile.sys

< %systemroot%\Fonts\*.com >

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2005/05/24 14:52:46 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >
[2004/06/14 11:25:16 | 000,187,392 | ---- | M] () -- C:\WINDOWS\Acer.scr

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >
[2008/08/29 14:00:06 | 010,935,808 | ---- | M] () -- C:\Program Files\vpnclient_setup.msi
[2008/08/29 14:00:00 | 000,000,640 | ---- | M] () -- C:\Program Files\vpnclient_setup.pdf
[2008/08/29 14:00:00 | 000,000,819 | ---- | M] () -- C:\Program Files\vpnclient_setup.sms
[2008/08/29 13:57:32 | 000,016,505 | ---- | M] () -- C:\Program Files\DelayInst.exe
[2008/08/29 13:58:04 | 000,221,315 | ---- | M] () -- C:\Program Files\installservice.exe
[2008/08/29 14:00:00 | 001,708,856 | ---- | M] (Microsoft Corporation) -- C:\Program Files\instmsi.exe
[2008/08/29 14:00:00 | 001,822,520 | ---- | M] (Microsoft Corporation) -- C:\Program Files\instmsiw.exe
[2008/08/29 14:00:22 | 000,001,073 | ---- | M] () -- C:\Program Files\sig.dat
[2008/08/29 14:00:04 | 000,051,200 | ---- | M] () -- C:\Program Files\vpnclient_fc.mst
[2008/08/29 14:00:18 | 000,052,224 | ---- | M] () -- C:\Program Files\vpnclient_jp.mst
[2008/08/29 13:59:58 | 000,056,832 | ---- | M] () -- C:\Program Files\vpnclient_setup.exe
[2008/08/29 14:00:20 | 000,001,099 | ---- | M] () -- C:\Program Files\vpnclient_setup.ini
[2008/10/16 11:46:40 | 000,000,700 | ---- | M] () -- C:\Program Files\studentVPN.pcf

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2005/05/24 14:42:34 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav
[2005/05/24 14:42:34 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/05/24 14:42:34 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2005/05/24 14:53:24 | 000,000,294 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2009/02/08 06:41:04 | 000,000,119 | -HS- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2005/05/24 14:59:42 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\willmonotti\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/09/08 13:04:16 | 000,293,376 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\umsywfnu.exe
[2010/09/05 12:16:24 | 000,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\willmonotti\Desktop\erunt-setup.exe
[2010/09/09 14:29:50 | 003,840,723 | R--- | M] () -- C:\Documents and Settings\willmonotti\Desktop\commy.exe
[2010/09/09 15:37:44 | 000,574,976 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\willmonotti\Desktop\OTL.exe
[2010/09/08 22:10:24 | 006,153,352 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\willmonotti\Desktop\mbam-setup.exe
[2010/03/07 01:12:46 | 005,520,400 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\willmonotti\Desktop\WindowsSearch-KB940157-XP-x86-enu.exe
[1997/10/06 21:15:48 | 000,045,056 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\Join32.exe
[2010/03/01 22:12:12 | 016,492,320 | ---- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\willmonotti\Desktop\jre-6u18-windows-i586-s.exe
[1997/10/06 21:22:28 | 000,033,024 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\JOIN16.EXE
[2009/11/30 01:25:04 | 016,409,960 | ---- | M] (Safer Networking Limited ) -- C:\Documents and Settings\willmonotti\Desktop\spybotsd162.exe
[2009/11/30 00:55:20 | 000,308,160 | ---- | M] (ALWIL Software) -- C:\Documents and Settings\willmonotti\Desktop\avast_home_setup.exe
[2009/04/04 18:03:12 | 526,428,264 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\willmonotti\Desktop\X12-30307.exe
[2009/04/11 17:26:22 | 001,234,120 | ---- | M] () -- C:\Documents and Settings\willmonotti\Desktop\wrar380.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2004/08/04 05:00:00 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2009/02/08 06:41:04 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\willmonotti\Favorites\Desktop.ini
[2009/03/11 00:06:58 | 000,000,579 | ---- | M] () -- C:\Documents and Settings\willmonotti\Favorites\First Principles of Business Law.lnk

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2010/09/09 15:00:42 | 000,049,152 | ---- | M] () -- C:\Documents and Settings\willmonotti\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2004/08/04 05:00:00 | 000,208,896 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.exe >
[2004/08/04 01:06:34 | 001,667,584 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >
[1998/12/25 08:15:38 | 000,345,983 | ---- | M] () -- C:\WINDOWS\system\RCDsetup.exe

< %USERPROFILE%\Templates\*.tmp >

< %SYSTEMDRIVE%\explorexxx.exe\*.* >

< %Windir%\Installer\*.tmp >
[2 C:\WINDOWS\Installer\*.tmp files -> C:\WINDOWS\Installer\*.tmp -> ]

< %systemroot%\System32\*.xco >

< %ProgramFiles%\system32\*.* >

< %systemroot%\System32\windos\*.* >

< %SystemRoot%\system32\sandbox\*.* >

< %SystemRoot%\system32\*.amo >

< %SystemRoot%\system32\Windows Live\*.* >

< %ProgramFiles%\logs\*.* >

< %ProgramFiles%\Bifrost\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
< End of report >

Thread: Can't remove Win32.Autorun.tmp

Thread Tools

Display

Threaded View

Posting Permissions