Click.GiftLoad--Cannot Delete

**fbfbfb** · 2011-04-04, 01:50

Hi Ken. Completed the following:
Removed BitComet
Enabled Windows to view hidden files
Ran VirusTool and attaching log
Ran malwarebytes and attaching log

Thank you so much for working with me through this--very much appreciated!

**ken545** · 2011-04-04, 01:59

Hey, thanks for the logs. I would like to ask you to just copy and paste the logs and reports we ask for into this thread, its easier on these old eyes to analyze.

OK that file was bad but before we remove it run this quick scan

OTL by OldTimer

Download OTL to your desktop.
Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, underneath Output at the top change it to Minimal Output.
Click the "Scan All Users" checkbox.
Check the boxes beside LOP Check and Purity Check.
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
- When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt.
  Note:These logs can be located in the OTL. folder on you C:\ drive if they fail to open automatically.
- Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them both in.

**fbfbfb** · 2011-04-04, 16:40

Good morning, Ken. OTL.txt enclosed. Could not generate the Extras.txt file despite running the program several times. Please advise. Have a great day.

OTL logfile created on: 4/4/2011 10:27:30 AM - Run 6
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 36.06 Gb Free Space | 32.28% Space Free | Partition Type: NTFS
Drive D: | 697.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 492.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: Owner| User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (LMIRescue) LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2) -- C:\WINDOWS\LMI1B.tmp\lmi_rescue.exe (LogMeIn, Inc.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (InterBaseServer) -- C:\Program Files\Borland\Interbase\Bin\IBServer.exe (Inprise Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (Inprise Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (Iomega Activity Disk2) -- C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSXpx86.sys (Symantec Corporation)
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows (R) 2000 DDK provider)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (busbcrw) -- C:\WINDOWS\system32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news"
FF - prefs.js..extensions.enabledItems:

:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {5C90D152-03C5-46F8-B353-58F544134553}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/08 05:42:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 23:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 22:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 21:24:51 | 000,000,000 | ---D | M]

[2009/06/02 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/05 22:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions
[2010/07/18 09:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 16:14:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\searchplugins\askcom.xml
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 22:06:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 23:02:00 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{5C90D152-03C5-46F8-B353-58F544134553}
[2010/03/18 20:44:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/18 10:34:04 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/04/02 23:50:38 | 000,000,027 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/softwareupda...31/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/C...ngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Cus...Downloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1206480799890 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (HpProductDetection Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h20264.www2.hp.com/ediags/hpf...qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 16:41:54 | 000,000,000 | ---D | M] - C:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/03/25 17:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 17:50:20 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000/07/23 15:53:52 | 000,060,416 | R--- | M] (AshzFall) - E:\autostart.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\System
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2011/04/03 21:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MY HOUSE PLANS
[2011/04/03 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/03 18:14:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/03 18:14:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/03 18:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 23:38:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 23:25:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:25:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:25:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:25:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 23:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 23:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SPYBOT FORUM
[2011/03/29 21:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HOUSE PLANS
[2011/03/29 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/29 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/26 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/25 07:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\KINGSTON FLASH
[2011/03/25 00:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2011/03/24 12:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\STRAIGHT FONTS
[2011/03/21 22:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/20 15:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/20 15:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Recover My Files v4
[2011/03/20 15:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/03/20 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Asoftech Data Recovery
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Asoftech
[2011/03/19 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/03/19 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/15 22:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ggdesigns_Ours&Guest
[2011/03/15 00:09:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/03/14 18:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SCRIPT FONTS
[2011/03/13 11:42:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/03/13 11:36:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/03/11 08:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GENEALOGY REFERENCES
[2011/03/10 23:36:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/03/10 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/10 12:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/03/10 12:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIEWERS
[2011/03/10 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield Shared
[2011/03/10 07:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/10 06:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/10 06:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/07 10:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB
[2010/02/07 22:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/03/25 17:21:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/04/04 10:29:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 10:26:26 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Owner\Cache.db
[2011/04/04 10:15:02 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 10:08:01 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 10:07:44 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/04 10:07:42 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/04/04 00:54:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 00:54:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/04 00:54:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/04 00:54:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 00:54:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 00:45:22 | 000,306,971 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 21:59:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:50:38 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/04/02 23:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/02 23:21:30 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/04/02 12:17:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 23:34:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 00:33:22 | 000,306,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/25 09:28:00 | 000,038,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/24 10:29:03 | 000,000,040 | ---- | M] () -- C:\WINDOWS\Embedit.INI
[2011/03/21 22:18:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:43 | 000,024,020 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/16 22:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/16 06:23:00 | 000,121,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:29:18 | 000,048,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/13 22:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/13 07:45:58 | 000,443,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 07:45:58 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:43:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ytatadu.bin
[4 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/04/04 00:45:21 | 000,306,971 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 18:14:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/02 23:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 23:25:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:25:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:25:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:25:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:25:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 23:21:21 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/31 23:26:19 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/03/31 00:33:21 | 000,306,004 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/29 23:25:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 09:28:00 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/21 22:18:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:42 | 000,024,020 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/14 19:29:18 | 000,048,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:24:30 | 000,121,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ytatadu.bin
[2010/09/11 12:10:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/14 16:09:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\PCTuneUp.INI
[2010/07/29 23:31:25 | 000,161,256 | ---- | C] () -- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
[2010/07/29 20:29:51 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/07/12 09:56:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/05 13:32:10 | 000,188,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 13:02:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/02/12 18:35:02 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/07 23:10:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/07 22:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/07 22:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/07 10:24:24 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/29 07:47:28 | 000,000,000 | ---- | C] () -- C:\Program Files\023432
[2009/08/01 17:57:24 | 000,000,314 | ---- | C] () -- C:\WINDOWS\System32\commong7.dat
[2009/08/01 17:54:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/06/02 14:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/30 10:26:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Embmake.INI
[2009/05/21 16:59:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/04/21 11:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/12/15 06:39:49 | 000,000,410 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/13 23:06:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/04 07:38:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/11/04 07:38:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/11/04 07:38:31 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/11/04 07:38:31 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/11/04 07:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/11/04 07:38:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/23 23:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/09/23 23:19:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/23 23:19:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/22 18:03:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 20:08:21 | 000,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/16 20:08:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/07/16 20:08:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/07/16 20:06:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/16 14:51:22 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/13 13:18:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/07/13 13:18:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2008/07/13 13:18:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/07/08 11:14:22 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2008/05/06 19:51:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2008/05/06 19:51:27 | 000,000,196 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2008/05/06 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2008/05/06 19:51:09 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2008/04/20 16:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Embedit.INI
[2008/04/12 13:54:57 | 000,010,758 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
[2008/04/09 19:30:07 | 000,034,818 | ---- | C] () -- C:\WINDOWS\System32\st32w2k.dll
[2008/03/27 19:50:10 | 000,001,005 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/27 19:49:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/03/27 19:49:29 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/03/27 19:49:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/03/27 19:47:55 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/03/27 19:47:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2008/03/27 15:26:07 | 000,032,769 | ---- | C] () -- C:\WINDOWS\System32\cpinpub.dll
[2008/03/26 12:58:09 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2008/03/26 12:23:47 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/26 11:58:42 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/03/26 11:41:28 | 000,002,969 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2008/03/26 11:40:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/03/26 09:42:22 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/25 19:36:37 | 000,036,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/03/25 18:12:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008/03/25 18:10:37 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/03/25 18:10:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/03/25 18:00:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/25 17:49:39 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:36:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 17:29:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/25 17:22:18 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/25 17:22:16 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/03/25 17:21:34 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/03/25 17:21:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/25 17:21:28 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/25 17:21:27 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/25 17:21:27 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/03/25 17:21:27 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/03/25 17:21:27 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/25 17:21:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/03/25 17:21:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/03/25 17:21:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/03/25 17:21:22 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/03/25 17:21:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/25 17:21:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/03/25 17:21:03 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/03/25 17:19:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/25 12:22:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2008/03/25 12:20:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/25 12:19:20 | 000,339,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/14 13:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 07:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/04/13 09:03:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUsbDrvXP.sys
[2003/11/20 17:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,443,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/13 18:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe

========== LOP Check ==========

[2010/03/11 23:14:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\A-PDF
[2009/12/12 21:56:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2008/07/13 12:14:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/05/13 21:34:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Downloaded Installations
[2010/07/29 20:29:43 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2009/08/29 07:49:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IconTweaker
[2008/06/08 18:55:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IM
[2008/06/08 18:53:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail
[2010/05/13 21:30:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Installations
[2009/02/26 23:34:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iolo
[2009/02/04 23:21:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2010/02/12 18:59:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NCH Swift Sound
[2009/06/04 19:09:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PC Suite
[2010/10/25 18:40:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ReviverSoft
[2010/07/19 15:15:31 | 000,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/09/22 20:48:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sony
[2008/03/27 18:30:54 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tanagra
[2011/04/04 10:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/07 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trusteer
[2010/02/07 22:55:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\vsosdk
[2011/03/19 18:26:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WinZip
[2008/11/11 18:05:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
[2011/03/15 01:13:29 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/10 12:34:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/20 14:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2010/10/02 16:22:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Blitware
[2008/10/20 01:46:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Buddi
[2009/03/24 10:56:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1
[2010/08/10 00:24:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\COWON
[2009/06/24 20:45:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Datalayer
[2010/07/01 18:16:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ElevatedDiagnostics
[2011/02/04 01:26:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FrostWire
[2008/03/26 13:17:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\FTW
[2009/12/11 17:16:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\iolo
[2008/03/26 15:45:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2008/09/19 07:51:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MP3 Sorter Pro
[2008/03/26 11:58:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MyFamily.com
[2010/02/12 18:59:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\NCH Swift Sound
[2010/05/13 21:43:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nokia
[2009/10/19 10:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OfficeRecovery
[2010/10/25 18:39:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\OpenCandy
[2008/09/16 09:29:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Opera
[2010/05/13 21:49:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PC Suite
[2008/10/14 11:56:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Progeny
[2008/07/08 11:14:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PTAssembler
[2008/09/22 21:21:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Publish Providers
[2011/04/03 23:13:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2008/09/22 21:20:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Sony
[2009/08/07 22:28:23 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Trusteer
[2011/01/09 17:32:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\VisionBoardBuilder
[2010/02/07 22:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Vso
[2010/03/01 20:42:00 | 000,000,260 | ---- | M] () -- C:\WINDOWS\Tasks\Disk Cleanup.job

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C28FF86E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A235FA9E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEBD9BCF
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B4123E9

< End of report >

**ken545** · 2011-04-04, 18:50

Hi,

Backup Your Registry with ERUNT:

Download erunt.zip to your Desktop from here:
http://aumha.org/downloads/erunt.zip
Right-click erunt.zip, select Extract All... and follow the prompts to extract ERUNT to a new folder on your Desktop
Inside the new folder, double-click ERUNT.exe to start the program
OK all the prompts to back up your registry to the default location.

Note: to restore your registry, go to the backup folder and start ERDNT.exe

Run OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:63238B95
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C28FF86E
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A235FA9E
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEBD9BCF
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2B4123E9

:Services

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-

:Files
ipconfig /flushdns /c
c:\windows\system32\null0.24477071685619223.exe
c:\windows\system32\null0.5133397128311065.exe





:Commands
[purity]
[emptytemp]
[RESETHOSTS]
[start explorer]
[Reboot]

Then click the Run Fix button at the top <--Not run scan
Let the program run unhindered, reboot when it is done
Then post the results of the log and a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**fbfbfb** · 2011-04-04, 22:56

Ken, enclosing ERUNDT log and OTL log. I'm a bit unsure of one thing--I restored my registry after I ran OTL for the final log--did I do this right? Thanks, Ken.

All processes killed
========== PROCESSES ==========
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:63238B95 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:C28FF86E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:A235FA9E deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:30FD0CBD deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:BEBD9BCF deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:2B4123E9 deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe not found.
========== FILES ==========
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Owner\Desktop\cmd.txt deleted successfully.
File\Folder c:\windows\system32\null0.24477071685619223.exe not found.
File\Folder c:\windows\system32\null0.5133397128311065.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Flash cache emptied: 41661 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
->Java cache emptied: 520980 bytes
->Flash cache emptied: 1081 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1553618 bytes
->Java cache emptied: 9856 bytes
->Flash cache emptied: 7363 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1310854 bytes
->Java cache emptied: 9829 bytes
->Flash cache emptied: 9533 bytes

User: Owner
->Temp folder emptied: 1295872 bytes
->Temporary Internet Files folder emptied: 1924454 bytes
->Java cache emptied: 59069 bytes
->FireFox cache emptied: 30944645 bytes
->Flash cache emptied: 2999161 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 6736314 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125554 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 96373 bytes
RecycleBin emptied: 233788 bytes

Total Files Cleaned = 46.00 mb

C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_162450

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q0QNNVPL\favicon[1].ico not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\Q0QNNVPL\showthread[1].htm not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\06IFM84G\favicon[1].ico not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\06IFM84G\favicon[2].ico not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\06IFM84G\favicon[3].ico not found!

Registry entries deleted on Reboot...

OTL logfile created on: 4/4/2011 4:42:24 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 72.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 35.76 Gb Free Space | 32.01% Space Free | Partition Type: NTFS
Drive D: | 697.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 492.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: Owner | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIRescue) LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (InterBaseServer) -- C:\Program Files\Borland\Interbase\Bin\IBServer.exe (Inprise Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (Inprise Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (Iomega Activity Disk2) -- C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110403.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSXpx86.sys (Symantec Corporation)
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (RapportIaso) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys (Trusteer Ltd.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows (R) 2000 DDK provider)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (busbcrw) -- C:\WINDOWS\system32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news"
FF - prefs.js..extensions.enabledItems:

:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {5C90D152-03C5-46F8-B353-58F544134553}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/08 05:42:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 23:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 22:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 21:24:51 | 000,000,000 | ---D | M]

[2009/06/02 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/05 22:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions
[2010/07/18 09:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 16:14:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\searchplugins\askcom.xml
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 22:06:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 23:02:00 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{5C90D152-03C5-46F8-B353-58F544134553}
[2010/03/18 20:44:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/18 10:34:04 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/04/04 16:25:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/softwareupda...31/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/C...ngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Cus...Downloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1206480799890 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (HpProductDetection Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h20264.www2.hp.com/ediags/hpf...qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 16:41:54 | 000,000,000 | ---D | M] - C:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/03/25 17:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 17:50:20 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000/07/23 15:53:52 | 000,060,416 | R--- | M] (AshzFall) - E:\autostart.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 16:24:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/04 16:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ERUNT
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\System
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2011/04/03 21:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MY HOUSE PLANS
[2011/04/03 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/03 18:14:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/03 18:14:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/03 18:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 23:38:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 23:25:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:25:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:25:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:25:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 23:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 23:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SPYBOT FORUM
[2011/03/29 21:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HOUSE PLANS
[2011/03/29 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/29 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/26 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/25 07:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\KINGSTON FLASH
[2011/03/25 00:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2011/03/24 12:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\STRAIGHT FONTS
[2011/03/21 22:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/20 15:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/20 15:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Recover My Files v4
[2011/03/20 15:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/03/20 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Asoftech Data Recovery
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Asoftech
[2011/03/19 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/03/19 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/15 22:56:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ggdesigns_Ours&Guest
[2011/03/15 00:09:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/03/14 18:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SCRIPT FONTS
[2011/03/13 11:42:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/03/13 11:36:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/03/11 08:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GENEALOGY REFERENCES
[2011/03/10 23:36:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/03/10 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/10 12:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/03/10 12:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIEWERS
[2011/03/10 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield Shared
[2011/03/10 07:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/10 06:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/10 06:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/07 10:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB
[2010/02/07 22:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/03/25 17:21:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/04/04 16:32:35 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Owner\Cache.db
[2011/04/04 16:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 16:26:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 16:26:32 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 16:26:21 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/04 16:26:19 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/04/04 16:25:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 16:25:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/04 16:25:36 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/04 16:25:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 16:25:36 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 16:25:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/04 16:01:42 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Embmake.INI
[2011/04/04 16:00:47 | 000,513,320 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/04/04 00:45:22 | 000,306,971 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 21:59:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/02 23:21:30 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/04/02 12:17:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 23:34:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 00:33:22 | 000,306,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/25 09:28:00 | 000,038,481 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/24 10:29:03 | 000,000,040 | ---- | M] () -- C:\WINDOWS\Embedit.INI
[2011/03/21 22:18:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:43 | 000,024,020 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/16 22:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/16 06:23:00 | 000,121,580 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:29:18 | 000,048,258 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/13 22:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/13 07:45:58 | 000,443,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 07:45:58 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:43:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ytatadu.bin

========== Files Created - No Company Name ==========

[2011/04/04 16:00:47 | 000,513,320 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\erunt.zip
[2011/04/04 00:45:21 | 000,306,971 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 18:14:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/02 23:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 23:25:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:25:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:25:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:25:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:25:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 23:21:21 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/31 23:26:19 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/03/31 00:33:21 | 000,306,004 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/29 23:25:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/25 09:28:00 | 000,038,481 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 2.pes
[2011/03/25 08:54:07 | 000,034,022 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido 1.pes
[2011/03/24 23:46:11 | 000,051,717 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Guido Lamborghini.pes
[2011/03/21 22:18:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/18 00:00:42 | 000,024,020 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\40-205mf-1300.gif
[2011/03/14 19:29:18 | 000,048,258 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ROPEOVALguest.PES
[2011/03/14 19:24:39 | 000,101,613 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrropeoval.pes
[2011/03/14 19:24:30 | 000,121,580 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\blrheartoval.pes
[2011/03/14 19:23:23 | 000,012,675 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\guest for 4x4 ovals.pes
[2011/03/13 23:12:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ytatadu.bin
[2010/09/11 12:10:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/14 16:09:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\PCTuneUp.INI
[2010/07/29 23:31:25 | 000,161,256 | ---- | C] () -- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
[2010/07/29 20:29:51 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/07/12 09:56:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/05 13:32:10 | 000,188,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 13:02:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/02/12 18:35:02 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/07 23:10:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/07 22:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/07 22:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/07 10:24:24 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/29 07:47:28 | 000,000,000 | ---- | C] () -- C:\Program Files\023432
[2009/08/01 17:57:24 | 000,000,314 | ---- | C] () -- C:\WINDOWS\System32\commong7.dat
[2009/08/01 17:54:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/06/02 14:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/30 10:26:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Embmake.INI
[2009/05/21 16:59:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/04/21 11:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/12/15 06:39:49 | 000,000,410 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/13 23:06:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/04 07:38:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/11/04 07:38:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/11/04 07:38:31 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/11/04 07:38:31 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/11/04 07:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/11/04 07:38:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/23 23:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/09/23 23:19:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/23 23:19:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/22 18:03:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 20:08:21 | 000,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/16 20:08:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/07/16 20:08:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/07/16 20:06:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/16 14:51:22 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/13 13:18:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/07/13 13:18:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2008/07/13 13:18:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/07/08 11:14:22 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2008/05/06 19:51:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2008/05/06 19:51:27 | 000,000,196 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2008/05/06 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2008/05/06 19:51:09 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2008/04/20 16:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Embedit.INI
[2008/04/12 13:54:57 | 000,010,758 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
[2008/04/09 19:30:07 | 000,034,818 | ---- | C] () -- C:\WINDOWS\System32\st32w2k.dll
[2008/03/27 19:50:10 | 000,001,005 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/27 19:49:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/03/27 19:49:29 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/03/27 19:49:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/03/27 19:47:55 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/03/27 19:47:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2008/03/27 15:26:07 | 000,032,769 | ---- | C] () -- C:\WINDOWS\System32\cpinpub.dll
[2008/03/26 12:58:09 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2008/03/26 12:23:47 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/26 11:58:42 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/03/26 11:41:28 | 000,002,969 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2008/03/26 11:40:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/03/26 09:42:22 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/25 19:36:37 | 000,036,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/03/25 18:12:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008/03/25 18:10:37 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/03/25 18:10:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/03/25 18:00:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/25 17:49:39 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:36:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 17:29:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/25 17:22:18 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/25 17:22:16 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/03/25 17:21:34 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/03/25 17:21:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/25 17:21:28 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/25 17:21:27 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/25 17:21:27 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/03/25 17:21:27 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/03/25 17:21:27 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/25 17:21:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/03/25 17:21:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/03/25 17:21:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/03/25 17:21:22 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/03/25 17:21:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/25 17:21:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/03/25 17:21:03 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/03/25 17:19:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/25 12:22:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2008/03/25 12:20:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/25 12:19:20 | 000,339,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/14 13:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 07:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/04/13 09:03:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUsbDrvXP.sys
[2003/11/20 17:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,443,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/13 18:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF

< End of report >

**ken545** · 2011-04-04, 23:27

We have you run ERUNT to back up your registry in case after running the OTL fix there is a problem than you can restore it, so no you should not have restored the registry, it may have put back the reg entry for click.giftload

Let run this again and make sure its not back

First do another back up with ERUNT

Open OTL.exe

Copy/paste the following text written inside of the code box into the Custom Scans/Fixes box located at the bottom of OTL

Code:

:processes
killallprocesses

:OTL
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF

:Services

:Reg
[HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION]
"svchost.exe"=-

:Files



:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]

Then click the Run Fix button at the top. <--Not run Scan
Let the program run unhindered, reboot when it is done
Then post the results of the log it produces.
Then run a new scan and post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

**fbfbfb** · 2011-04-05, 02:56

Ok, Ken. Here are the new logs. Thank you very much.

All processes killed
========== PROCESSES ==========
========== OTL ==========
ADS C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
Registry value HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\featurecontrol\FEATURE_BROWSER_EMULATION\\svchost.exe not found.
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Guest
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Java cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: Owner
->Temp folder emptied: 1312256 bytes
->Temporary Internet Files folder emptied: 2008725 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Flash cache emptied: 0 bytes

User: TEMP

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 125464 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 3.00 mb

OTL by OldTimer - Version 3.2.22.3 log created on 04042011_201908

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8C86.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8CF1.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8ED6.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF8EEB.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF938C.tmp not found!
File\Folder C:\Documents and Settings\Owner\Local Settings\Temp\~DF9497.tmp not found!
C:\Documents and Settings\Owner\Local Settings\Temp\~DFAE84.tmp moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\ZVJKAME9\favicon[1].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GN4DQKUU\favicon[1].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\GN4DQKUU\favicon[2].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B9X6WU4O\favicon[1].ico moved successfully.
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\Content.IE5\B9X6WU4O\showthread[2].htm moved successfully.
File\Folder C:\WINDOWS\temp\Perflib_Perfdata_188.dat not found!

Registry entries deleted on Reboot...

OTL logfile created on: 4/4/2011 8:49:21 PM - Run 7
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: | Country: | Language: | Date Format:

3.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 74.00% Memory free
5.00 Gb Paging File | 4.00 Gb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.71 Gb Total Space | 35.35 Gb Free Space | 31.64% Space Free | Partition Type: NTFS
Drive D: | 697.94 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive E: | 492.75 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: Owner | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
PRC - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccsvchst.exe (Symantec Corporation)
PRC - C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
PRC - C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
PRC - C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
PRC - C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)

========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\Owner\Desktop\OTL.exe (OldTimer Tools)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\asoehook.dll (Symantec Corporation)
MOD - C:\Program Files\Trusteer\Rapport\bin\rooksbas.dll (Trusteer Ltd.)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcr90.dll (Microsoft Corporation)
MOD - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\microsoft.vc90.crt\msvcp90.dll (Microsoft Corporation)

========== Win32 Services (SafeList) ==========

SRV - (LMIRescue) LogMeIn Rescue (11520163-0ed2-4c3a-9f26-eef0e51c86c2) -- File not found
SRV - (AppMgmt) -- File not found
SRV - (NIS) -- C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ccSvcHst.exe (Symantec Corporation)
SRV - (RapportMgmtService) -- C:\Program Files\Trusteer\Rapport\bin\RapportMgmtService.exe (Trusteer Ltd.)
SRV - (ServiceLayer) -- C:\Program Files\PC Connectivity Solution\ServiceLayer.exe (Nokia)
SRV - (LVPrcSrv) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (ioloSystemService) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (ioloFileInfoList) -- C:\Program Files\iolo\Common\Lib\ioloServiceManager.exe ()
SRV - (Nero BackItUp Scheduler 4.0) -- C:\Program Files\Common Files\Nero\Nero BackItUp 4\NBService.exe (Nero AG)
SRV - (FreeAgentGoNext Service) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe (Seagate Technology LLC)
SRV - (TabletServiceWacom) -- C:\WINDOWS\system32\Wacom_Tablet.exe (Wacom Technology, Corp.)
SRV - (GoToAssist) -- C:\Program Files\Citrix\GoToAssist\514\g2aservice.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (Crypkey License) -- C:\WINDOWS\System32\Crypserv.exe (CrypKey (Canada) Ltd.)
SRV - (Symantec RemoteAssist) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
SRV - (EPSONStatusAgent2) -- C:\Program Files\Common Files\EPSON\EBAPI\SAgent2.exe (SEIKO EPSON CORPORATION)
SRV - (InterBaseServer) -- C:\Program Files\Borland\Interbase\Bin\IBServer.exe (Inprise Corporation)
SRV - (InterBaseGuardian) -- C:\Program Files\Borland\Interbase\Bin\IBGuard.exe (Inprise Corporation)
SRV - (EpsonBidirectionalService) -- C:\Program Files\Common Files\EPSON\EBAPI\eEBSvc.exe ()
SRV - (Iomega Activity Disk2) -- C:\Program Files\Iomega\System32\ActivityDisk.exe (Iomega Corporation)

========== Driver Services (SafeList) ==========

DRV - (NAVEX15) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.002\NAVEX15.SYS (Symantec Corporation)
DRV - (NAVENG) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\VirusDefs\20110404.002\NAVENG.SYS (Symantec Corporation)
DRV - (IDSxpx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\IPSDefs\20110330.001\IDSXpx86.sys (Symantec Corporation)
DRV - (RapportCerberus_23945) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportCerberus\23945\RapportCerberus_23945.sys (Trusteer Ltd.)
DRV - (BHDrvx86) -- C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\Definitions\BASHDefs\20110309.001\BHDrvx86.sys (Symantec Corporation)
DRV - (RapportIaso) -- C:\Documents and Settings\All Users\Application Data\Trusteer\Rapport\store\exts\RapportMS\23645\RapportIaso.sys (Trusteer Ltd.)
DRV - (eeCtrl) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (SymEvent) -- C:\WINDOWS\system32\drivers\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMTDI) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SYMTDI.SYS (Symantec Corporation)
DRV - (SRTSP) -- C:\WINDOWS\System32\Drivers\NIS\1205000.07D\SRTSP.SYS (Symantec Corporation)
DRV - (SRTSPX) Symantec Real Time Storage Protection (PEL) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SRTSPX.SYS (Symantec Corporation)
DRV - (SymEFA) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMEFA.SYS (Symantec Corporation)
DRV - (SymIRON) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\Ironx86.SYS (Symantec Corporation)
DRV - (SymDS) -- C:\WINDOWS\system32\drivers\NIS\1205000.07D\SYMDS.SYS (Symantec Corporation)
DRV - (RapportPG) -- C:\Program Files\Trusteer\Rapport\bin\RapportPG.sys (Trusteer Ltd.)
DRV - (RapportKELL) -- C:\WINDOWS\System32\Drivers\RapportKELL.sys (Trusteer Ltd.)
DRV - (FilterService) -- C:\WINDOWS\system32\drivers\lvuvcflt.sys (Logitech Inc.)
DRV - (LVUVC) Logitech Webcam 300(UVC) -- C:\WINDOWS\system32\drivers\lvuvc.sys (Logitech Inc.)
DRV - (LVRS) -- C:\WINDOWS\system32\drivers\lvrs.sys (Logitech Inc.)
DRV - (lvpopflt) -- C:\WINDOWS\system32\drivers\lvpopflt.sys (Logitech Inc.)
DRV - (LVPr2Mon) -- C:\WINDOWS\system32\drivers\LVPr2Mon.sys ()
DRV - (UsbserFilt) -- C:\WINDOWS\system32\drivers\usbser_lowerfltj.sys (Nokia)
DRV - (nmwcdc) -- C:\WINDOWS\system32\drivers\ccdcmbo.sys (Nokia)
DRV - (nmwcd) -- C:\WINDOWS\system32\drivers\ccdcmb.sys (Nokia)
DRV - (upperdev) -- C:\WINDOWS\system32\drivers\usbser_lowerflt.sys (Nokia)
DRV - (SydexFDD) -- C:\WINDOWS\system32\drivers\SYDEXFDD.SYS (Windows (R) 2000 DDK provider)
DRV - (MxlW2k) -- C:\WINDOWS\System32\drivers\MxlW2k.sys (MusicMatch, Inc.)
DRV - (wacmoumonitor) -- C:\WINDOWS\system32\drivers\wacmoumonitor.sys (Wacom Technology)
DRV - (pccsmcfd) -- C:\WINDOWS\system32\drivers\pccsmcfd.sys (Nokia)
DRV - (NetworkX) -- C:\WINDOWS\system32\ckldrv.sys ()
DRV - (wacomvhid) -- C:\WINDOWS\system32\drivers\wacomvhid.sys (Wacom Technology)
DRV - (BANTExt) -- C:\WINDOWS\System32\Drivers\BANTExt.sys ()
DRV - (wacommousefilter) -- C:\WINDOWS\system32\drivers\wacommousefilter.sys (Wacom Technology)
DRV - (WacomVKHid) -- C:\WINDOWS\system32\drivers\WacomVKHid.sys (Wacom Technology)
DRV - (DLAUDFAM) -- C:\WINDOWS\system32\dla\DLAUDFAM.SYS (Sonic Solutions)
DRV - (DLAUDF_M) -- C:\WINDOWS\system32\dla\DLAUDF_M.SYS (Sonic Solutions)
DRV - (DLAIFS_M) -- C:\WINDOWS\system32\dla\DLAIFS_M.SYS (Sonic Solutions)
DRV - (DLABOIOM) -- C:\WINDOWS\system32\dla\DLABOIOM.SYS (Sonic Solutions)
DRV - (DLAOPIOM) -- C:\WINDOWS\system32\dla\DLAOPIOM.SYS (Sonic Solutions)
DRV - (DLAPoolM) -- C:\WINDOWS\system32\dla\DLAPoolM.SYS (Sonic Solutions)
DRV - (DLADResN) -- C:\WINDOWS\system32\dla\DLADResN.SYS (Sonic Solutions)
DRV - (DLACDBHM) -- C:\WINDOWS\system32\drivers\DLACDBHM.SYS (Sonic Solutions)
DRV - (DLARTL_N) -- C:\WINDOWS\system32\drivers\DLARTL_N.SYS (Sonic Solutions)
DRV - (Jukebox3) -- C:\WINDOWS\system32\drivers\ctpdusb.sys (Creative Technology Ltd.)
DRV - (IntelC52) -- C:\WINDOWS\system32\drivers\IntelC52.sys (Intel Corporation)
DRV - (IntelC51) -- C:\WINDOWS\system32\drivers\IntelC51.sys (Intel Corporation)
DRV - (IntelC53) -- C:\WINDOWS\system32\drivers\IntelC53.sys (Intel Corporation)
DRV - (mohfilt) -- C:\WINDOWS\system32\drivers\mohfilt.sys (Intel Corporation)
DRV - (bvrp_pci) -- C:\WINDOWS\system32\drivers\bvrp_pci.sys ()
DRV - (ati2mtag) -- C:\WINDOWS\system32\drivers\ati2mtag.sys (ATI Technologies Inc.)
DRV - (busbcrw) -- C:\WINDOWS\system32\drivers\busbcrw.sys (Brother Industries, Ltd.)
DRV - (ctdvda2k) -- C:\WINDOWS\system32\drivers\ctdvda2k.sys (Creative Technology Ltd)
DRV - (ctaud2k) Creative Audio Driver (WDM) -- C:\WINDOWS\system32\drivers\ctaud2k.sys (Creative Technology Ltd)
DRV - (ossrv) -- C:\WINDOWS\system32\drivers\ctoss2k.sys (Creative Technology Ltd.)
DRV - (hap16v2k) -- C:\WINDOWS\system32\drivers\hap16v2k.sys (Creative Technology Ltd)
DRV - (ha10kx2k) -- C:\WINDOWS\system32\drivers\ha10kx2k.sys (Creative Technology Ltd)
DRV - (emupia) -- C:\WINDOWS\system32\drivers\emupia2k.sys (Creative Technology Ltd)
DRV - (ctsfm2k) -- C:\WINDOWS\system32\drivers\ctsfm2k.sys (Creative Technology Ltd)
DRV - (ctprxy2k) -- C:\WINDOWS\system32\drivers\ctprxy2k.sys (Creative Technology Ltd)
DRV - (ctac32k) -- C:\WINDOWS\system32\drivers\ctac32k.sys (Creative Technology Ltd)
DRV - (ASPI32) -- C:\WINDOWS\System32\drivers\Aspi32.sys (Adaptec)
DRV - (iomdisk) -- C:\WINDOWS\System32\DRIVERS\iomdisk.sys (Iomega Corporation)
DRV - (OMCI) -- C:\WINDOWS\SYSTEM32\DRIVERS\OMCI.SYS (Dell Computer Corporation)
DRV - (Eplpdx02) -- C:\WINDOWS\system32\drivers\EPLPDX02.SYS (MK Systems CO., LTD.)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://news.google.ca/nwshp?hl=en&tab=wn
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Search the web (Babylon)"
FF - prefs.js..browser.search.defaulturl: "http://search.babylon.com/web/{searchTerms}?babsrc=browsersearch"
FF - prefs.js..browser.search.order.1: "Search the web (Babylon)"
FF - prefs.js..browser.search.selectedEngine: "Search the web (Babylon)"
FF - prefs.js..browser.startup.homepage: "http://news.google.com/news"
FF - prefs.js..extensions.enabledItems:

:1.0
FF - prefs.js..extensions.enabledItems: {BBDA0591-3099-440a-AA10-41764D9DB4DB}:2.0
FF - prefs.js..extensions.enabledItems: {2D3F3651-74B9-4795-BDEC-6DA2F431CB62}:5.5
FF - prefs.js..extensions.enabledItems: {5C90D152-03C5-46F8-B353-58F544134553}:1.9.1
FF - prefs.js..keyword.URL: "http://search.babylon.com/?babsrc=adbartrp&q="

FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2009/04/08 05:42:58 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{BBDA0591-3099-440a-AA10-41764D9DB4DB}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPlgn\ [2011/01/13 23:02:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{2D3F3651-74B9-4795-BDEC-6DA2F431CB62}: C:\Documents and Settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\coFFPlgn\ [2011/01/06 22:06:19 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/02 12:44:06 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.15\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/21 21:24:51 | 000,000,000 | ---D | M]

[2009/06/02 14:19:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2009/02/05 22:18:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions\mozswing@mozswing.org
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions
[2010/07/18 09:04:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/02/02 16:14:03 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2010/09/28 23:39:14 | 000,002,333 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\pw3jjnfs.default\searchplugins\askcom.xml
[2011/03/19 17:15:55 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/01/06 22:06:19 | 000,000,000 | ---D | M] (Norton Toolbar) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\COFFPLGN
[2011/01/13 23:02:00 | 000,000,000 | ---D | M] (Norton IPS) -- C:\DOCUMENTS AND SETTINGS\ALL USERS\APPLICATION DATA\NORTON\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NIS_18.1.0.37\IPSFFPLGN
File not found (No name found) -- C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\APPLICATION DATA\{5C90D152-03C5-46F8-B353-58F544134553}
[2010/03/18 20:44:17 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/07/18 10:34:04 | 000,002,191 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\babylon.xml

O1 HOSTS File: ([2011/04/04 16:25:18 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer)
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (Symantec NCO BHO) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\ips\ipsbho.dll (Symantec Corporation)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {C4069E3A-68F1-403E-B40E-20066696354B} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Norton Internet Security\Engine\18.5.0.125\coieplg.dll (Symantec Corporation)
O4 - HKCU..\Run: [Logitech Vid] C:\Program Files\Logitech\Vid HD\Vid.exe (Logitech Inc.)
O4 - HKCU..\Run: [NortonUtilities] C:\Program Files\Norton Utilities 14\nu.exe (Symantec Corporation)
O4 - HKCU..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe (Safer-Networking Ltd.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, S.L.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLinkedConnections = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Google Sidewiki... - C:\Program Files\Google\Google Toolbar\Component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll (Google Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/pr.../ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/downlo...OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} http://www.creative.com/softwareupda...31/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.microsoft.com/downlo...eckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} https://www-secure.symantec.com/tech...bs/tgctlsr.cab (Reg Error: Key error.)
O16 - DPF: {6218F7B5-0D3A-48BA-AE4C-49DCFA63D400} http://www.myheritage.com/Genoogle/C...ngineQuery.dll (CSEQueryObject Object)
O16 - DPF: {63F5866B-A7C5-40B4-9A89-0CCA99726C8D} https://secure.logmeinrescue.com/Cus...Downloader.cab (Reg Error: Key error.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/wind...?1206480799890 (WUWebControl Class)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.hp.com/ediags/gmn...tDetection.cab (HpProductDetection Class)
O16 - DPF: {6C269571-C6D7-4818-BCA4-32A035E8C884} http://ccfiles.creative.com/Web/soft...01/CTSUEng.cab (Creative Software AutoUpdate)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get.../ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jin...ndows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/ge...sh/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {E77F23EB-E7AB-4502-8F37-247DBAF1A147} http://gfx2.hotmail.com/mail/w4/pr01...l/MSNPUpld.cab (Windows Live Hotmail Photo Upload Tool)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h20264.www2.hp.com/ediags/hpf...qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/soft...5112/CTPID.cab (Creative Software AutoUpdate Support Package)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1 192.168.2.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\Advisor\System\BAVoilaX.dll (Belarc, Inc.)
O18 - Protocol\Handler\intu-qt2007 {026BF40D-BA05-467b-9F1F-AD0D7A3F5F11} - C:\Program Files\QuickTax 2007\ic2007pp.dll (Intuit Canada, a general partnership/une société en nom collectif.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\GoToAssist: DllName - C:\Program Files\Citrix\GoToAssist\514\G2AWinLogon.dll - C:\Program Files\Citrix\GoToAssist\514\g2awinlogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/27 16:41:54 | 000,000,000 | ---D | M] - C:\AutoBackup -- [ NTFS ]
O32 - AutoRun File - [2008/03/25 17:31:19 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2007/12/09 17:50:20 | 000,000,053 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2000/07/23 15:53:52 | 000,060,416 | R--- | M] (AshzFall) - E:\autostart.exe -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/04 16:24:50 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/04 16:00:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\ERUNT
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\System
[2011/04/03 22:59:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\SmartDraw
[2011/04/03 21:59:49 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:48:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\MY HOUSE PLANS
[2011/04/03 18:14:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2011/04/03 18:14:27 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/03 18:14:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/03 18:14:10 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/04/03 18:14:10 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/02 23:38:13 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/02 23:25:31 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/02 23:25:31 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/02 23:25:31 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/02 23:25:31 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/02 23:24:56 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/02 23:24:23 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/04/02 23:06:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SPYBOT FORUM
[2011/03/29 21:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\HOUSE PLANS
[2011/03/29 18:58:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/03/29 18:58:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/03/26 22:44:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Real
[2011/03/25 07:58:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\KINGSTON FLASH
[2011/03/25 00:14:00 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IECompatCache
[2011/03/24 12:22:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\STRAIGHT FONTS
[2011/03/21 22:01:02 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/03/20 15:44:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/03/20 15:31:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Recover My Files v4
[2011/03/20 15:31:45 | 000,000,000 | ---D | C] -- C:\Program Files\GetData
[2011/03/20 14:56:08 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\asoftech
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Asoftech Data Recovery
[2011/03/20 14:56:06 | 000,000,000 | ---D | C] -- C:\Program Files\Asoftech
[2011/03/19 18:25:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinZip
[2011/03/19 18:25:30 | 000,000,000 | ---D | C] -- C:\Program Files\WinZip
[2011/03/15 00:09:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\~0
[2011/03/15 00:07:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Local Settings\Application Data\PackageAware
[2011/03/14 18:34:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\SCRIPT FONTS
[2011/03/13 11:42:25 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\PrivacIE
[2011/03/13 11:36:18 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Owner\IETldCache
[2011/03/11 08:08:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\GENEALOGY REFERENCES
[2011/03/10 23:36:49 | 000,135,168 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\shsvcs.dll
[2011/03/10 12:31:54 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\.oit
[2011/03/10 12:31:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/03/10 12:31:43 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\VIEWERS
[2011/03/10 12:31:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\InstallShield Shared
[2011/03/10 07:57:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/03/10 06:06:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/03/10 06:06:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/03/07 10:21:24 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\USB
[2010/02/07 22:20:38 | 000,047,360 | ---- | C] (VSO Software) -- C:\Documents and Settings\Owner\Application Data\pcouffin.sys
[2008/03/25 17:21:16 | 000,065,536 | ---- | C] ( ) -- C:\WINDOWS\System32\a3d.dll

========== Files - Modified Within 30 Days ==========

[2011/04/04 20:48:57 | 000,003,072 | ---- | M] () -- C:\Documents and Settings\Owner\Cache.db
[2011/04/04 20:29:00 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/04 20:21:28 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/04 20:20:30 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/04/04 20:20:20 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2011/04/04 20:20:16 | 000,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2011/04/04 20:19:34 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,030,036 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,029,760 | ---- | M] () -- C:\WINDOWS\System32\BMXBkpCtrlState-{00000002-00000000-00000002-00001102-00000004-10031102}.rfx
[2011/04/04 20:19:34 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/04/04 20:19:34 | 000,001,072 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/04/04 20:19:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 20:19:34 | 000,000,288 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2011/04/04 16:57:21 | 017,825,792 | ---- | M] () -- C:\Documents and Settings\Owner\NTUSER.bak
[2011/04/04 16:25:18 | 000,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2011/04/04 16:01:42 | 000,000,039 | ---- | M] () -- C:\WINDOWS\Embmake.INI
[2011/04/04 00:45:22 | 000,306,971 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 21:59:51 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/04/03 18:14:30 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/04/02 23:21:30 | 004,312,600 | R--- | M] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.CDF
[2011/04/02 19:31:14 | 004,481,358 | ---- | M] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/04/02 13:00:38 | 000,011,432 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Backup of COMPUTER DEFINITIONS.wbk
[2011/04/02 12:17:00 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/03/31 23:34:33 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/31 00:33:22 | 000,306,004 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/24 10:29:03 | 000,000,040 | ---- | M] () -- C:\WINDOWS\Embedit.INI
[2011/03/21 22:18:51 | 000,000,803 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:13 | 000,000,815 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/16 22:26:14 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/03/13 23:12:58 | 000,000,933 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/13 22:59:17 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/03/13 07:45:58 | 000,443,148 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/03/13 07:45:58 | 000,071,510 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/03/10 12:43:22 | 000,000,792 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\Internet Explorer\Quick Launch\Launch Microsoft Office Outlook.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | M] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | M] () -- C:\WINDOWS\Ytatadu.bin

========== Files Created - No Company Name ==========

[2011/04/04 00:45:21 | 000,306,971 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\European House Plans - Home Design PDI584.mht
[2011/04/03 18:14:29 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/02 23:38:26 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/04/02 23:38:17 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/02 23:25:31 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/02 23:25:31 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/02 23:25:31 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/02 23:25:31 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/02 23:25:31 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/02 23:21:21 | 004,312,600 | R--- | C] () -- C:\Documents and Settings\Owner\Desktop\ComboFix.exe
[2011/03/31 23:26:19 | 004,481,358 | ---- | C] () -- C:\WINDOWS\{00000002-00000000-00000002-00001102-00000004-10031102}.BAK
[2011/03/31 00:33:21 | 000,306,004 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mediterranean house plans with 3 bedrooms and with 2 bathrooms and with 2 garage bays and Single Story and with 4.mht
[2011/03/30 17:46:44 | 000,011,432 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Backup of COMPUTER DEFINITIONS.wbk
[2011/03/29 23:25:27 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/03/21 22:18:51 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Internet Explorer.lnk
[2011/03/21 22:12:12 | 000,000,803 | ---- | C] () -- C:\Documents and Settings\Owner\Start Menu\Programs\Internet Explorer.lnk
[2011/03/19 18:25:55 | 000,001,660 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk
[2011/03/13 23:12:58 | 000,000,933 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Spybot - Search & Destroy.lnk
[2011/03/10 05:58:29 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Smolalega.dat
[2011/03/10 05:58:29 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Ytatadu.bin
[2010/09/11 12:10:29 | 000,082,289 | R--- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2010/08/14 16:09:55 | 000,000,271 | ---- | C] () -- C:\WINDOWS\PCTuneUp.INI
[2010/07/29 23:31:25 | 000,161,256 | ---- | C] () -- C:\WINDOWS\Expstudio Audio Editor FREE Uninstaller.exe
[2010/07/29 20:29:51 | 000,001,264 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\ss.ini
[2010/07/12 09:56:34 | 000,003,840 | ---- | C] () -- C:\WINDOWS\System32\drivers\BANTExt.sys
[2010/07/05 13:32:10 | 000,188,504 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/07/05 13:02:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\downloads.m3u
[2010/02/12 18:35:02 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\default.rss
[2010/02/07 23:10:29 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2010/02/07 22:20:38 | 000,007,887 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.cat
[2010/02/07 22:20:38 | 000,001,144 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\pcouffin.inf
[2010/02/07 10:24:24 | 000,004,767 | ---- | C] () -- C:\WINDOWS\Irremote.ini
[2009/10/07 01:46:36 | 000,025,752 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2009/10/07 01:23:08 | 000,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLFT2.dll
[2009/08/29 07:47:28 | 000,000,000 | ---- | C] () -- C:\Program Files\023432
[2009/08/01 17:57:24 | 000,000,314 | ---- | C] () -- C:\WINDOWS\System32\commong7.dat
[2009/08/01 17:54:01 | 000,000,032 | ---- | C] () -- C:\WINDOWS\CD_Start.INI
[2009/06/02 14:19:58 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2009/05/30 10:26:24 | 000,000,039 | ---- | C] () -- C:\WINDOWS\Embmake.INI
[2009/05/21 16:59:08 | 000,061,440 | ---- | C] () -- C:\WINDOWS\System32\cdTextCtl.dll
[2009/04/21 11:54:19 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\PdeSrvps.dll
[2008/12/15 06:39:49 | 000,000,410 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/11/13 23:06:17 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/11/04 07:38:58 | 000,000,004 | ---- | C] () -- C:\WINDOWS\vx86036.dat
[2008/11/04 07:38:34 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Crypkey.ini
[2008/11/04 07:38:31 | 000,027,648 | R--- | C] () -- C:\WINDOWS\Setup_ck.exe
[2008/11/04 07:38:31 | 000,021,638 | ---- | C] () -- C:\WINDOWS\System32\Ckldrv.sys
[2008/11/04 07:38:31 | 000,018,432 | ---- | C] () -- C:\WINDOWS\Setup_ck.dll
[2008/11/04 07:38:31 | 000,011,776 | ---- | C] () -- C:\WINDOWS\Ckrfresh.exe
[2008/09/23 23:20:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\AoADVDRipper.INI
[2008/09/23 23:19:57 | 000,765,952 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2008/09/23 23:19:57 | 000,180,224 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2008/09/22 18:03:20 | 000,003,654 | ---- | C] () -- C:\WINDOWS\System32\drivers\Sonyhcp.dll
[2008/07/16 20:08:21 | 000,938,328 | ---- | C] () -- C:\WINDOWS\System32\Incinerator.dll
[2008/07/16 20:08:21 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\iolobtdfg.exe
[2008/07/16 20:08:21 | 000,008,192 | ---- | C] () -- C:\WINDOWS\System32\smrgdf.exe
[2008/07/16 20:06:28 | 000,074,703 | ---- | C] () -- C:\WINDOWS\System32\mfc45.dll
[2008/07/16 14:51:22 | 000,004,272 | R--- | C] () -- C:\WINDOWS\System32\drivers\bvrp_pci.sys
[2008/07/13 13:18:03 | 000,338,944 | ---- | C] () -- C:\WINDOWS\System32\Lffpx7.dll
[2008/07/13 13:18:03 | 000,147,456 | R--- | C] () -- C:\WINDOWS\System32\prntfix.exe
[2008/07/13 13:18:03 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Lfkodak.dll
[2008/07/08 11:14:22 | 000,905,728 | ---- | C] () -- C:\WINDOWS\System32\Pano12.dll
[2008/05/06 19:51:30 | 000,000,067 | ---- | C] () -- C:\WINDOWS\dreammN.INI
[2008/05/06 19:51:27 | 000,000,196 | ---- | C] () -- C:\WINDOWS\DMCBIDSN.ini
[2008/05/06 19:51:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DreammT.ini
[2008/05/06 19:51:09 | 000,354,056 | ---- | C] () -- C:\WINDOWS\System32\RIVET200.DLL
[2008/04/20 16:32:11 | 000,000,040 | ---- | C] () -- C:\WINDOWS\Embedit.INI
[2008/04/12 13:54:57 | 000,010,758 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\NMM-MetaData.db
[2008/04/09 19:30:07 | 000,034,818 | ---- | C] () -- C:\WINDOWS\System32\st32w2k.dll
[2008/03/27 19:50:10 | 000,001,005 | ---- | C] () -- C:\WINDOWS\PowerReg.dat
[2008/03/27 19:49:29 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\EEBAPI.dll
[2008/03/27 19:49:29 | 000,102,400 | ---- | C] () -- C:\WINDOWS\System32\EEBDSCVR.dll
[2008/03/27 19:49:29 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\EBAPI.dll
[2008/03/27 19:47:55 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT.DAT
[2008/03/27 19:47:17 | 000,000,023 | ---- | C] () -- C:\WINDOWS\EPS2200.ini
[2008/03/27 15:26:07 | 000,032,769 | ---- | C] () -- C:\WINDOWS\System32\cpinpub.dll
[2008/03/26 12:58:09 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2008/03/26 12:23:47 | 000,000,636 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/26 11:58:42 | 000,000,074 | ---- | C] () -- C:\WINDOWS\MPLAYER.INI
[2008/03/26 11:41:28 | 000,002,969 | ---- | C] () -- C:\WINDOWS\photoimpression.ini
[2008/03/26 11:40:39 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2008/03/26 09:42:22 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2008/03/25 19:36:37 | 000,036,704 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LuInstall.LiveUpdate
[2008/03/25 18:12:14 | 000,126,976 | ---- | C] () -- C:\WINDOWS\System32\e1000msg.dll
[2008/03/25 18:10:37 | 000,319,488 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[2008/03/25 18:10:37 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll
[2008/03/25 18:00:16 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/03/25 17:49:39 | 000,000,470 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCStateBkp-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:43:46 | 000,000,288 | ---- | C] () -- C:\WINDOWS\System32\DVCState-{00000002-00000000-00000002-00001102-00000004-10031102}.dat
[2008/03/25 17:36:51 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/25 17:29:03 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/25 17:22:18 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2008/03/25 17:22:16 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2008/03/25 17:21:34 | 000,066,807 | ---- | C] () -- C:\WINDOWS\System32\Aud2_Del.ini
[2008/03/25 17:21:34 | 000,000,030 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2008/03/25 17:21:28 | 000,232,723 | ---- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/25 17:21:27 | 000,190,842 | ---- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/25 17:21:27 | 000,138,716 | ---- | C] () -- C:\WINDOWS\System32\ctbas2w.dat
[2008/03/25 17:21:27 | 000,110,720 | ---- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2008/03/25 17:21:27 | 000,053,674 | ---- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/25 17:21:23 | 000,184,320 | ---- | C] () -- C:\WINDOWS\PSCONV.EXE
[2008/03/25 17:21:23 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2008/03/25 17:21:22 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\KILLAPPS.EXE
[2008/03/25 17:21:22 | 000,005,515 | ---- | C] () -- C:\WINDOWS\System32\ENSDEF.INI
[2008/03/25 17:21:22 | 000,000,180 | ---- | C] () -- C:\WINDOWS\System32\KILL.INI
[2008/03/25 17:21:14 | 000,000,184 | ---- | C] () -- C:\WINDOWS\System32\e000001.dat
[2008/03/25 17:21:03 | 000,831,600 | ---- | C] () -- C:\WINDOWS\System32\Ctaa1.dat
[2008/03/25 17:19:56 | 000,000,136 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2008/03/25 12:22:18 | 000,165,888 | ---- | C] () -- C:\WINDOWS\System32\hpgt53.dll
[2008/03/25 12:20:24 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/25 12:19:20 | 000,339,128 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2008/02/04 18:23:10 | 000,693,792 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/11/14 13:42:27 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2007/11/09 07:01:59 | 000,000,164 | ---- | C] () -- C:\WINDOWS\System32\psyswin32.dll
[2006/04/13 09:03:08 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\drivers\AsUsbDrvXP.sys
[2003/11/20 17:18:40 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/07/16 16:54:55 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/07/16 16:54:54 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/07/16 16:41:25 | 000,443,148 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/07/16 16:41:25 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/07/16 16:41:23 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/07/16 16:41:21 | 000,071,510 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/07/16 16:39:07 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/07/16 16:33:50 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/07/16 16:33:39 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/07/16 16:27:41 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/07/16 16:26:37 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/01/07 15:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2000/12/13 18:22:24 | 000,100,432 | ---- | C] () -- C:\Program Files\Win2000PPAHotfix.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 173 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D287FACF

< End of report >

**ken545** · 2011-04-05, 10:18

Good Morning,

Delete these, leave them in the Recycle Bin for a day or two and if needed you can restore them
C:\WINDOWS\Smolalega.dat
C:\WINDOWS\Ytatadu.bin

ESET Online Scanner
I'd like us to scan your machine with ESET OnlineScan

*Note
It is recommended to disable onboard antivirus program and antispyware programs while performing scans so there are no conflicts and it will speed up scan time.
Please don't go surfing while your resident protection is disabled!
Once the scan is finished remember to re-enable your antivirus along with your antispyware programs.

Hold down Control and click on the following link to open ESET OnlineScan in a new window.
ESET OnlineScan
Click the button.
For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
1. Click on to download the ESET Smart Installer. Save it to your desktop.
2. Double click on the icon on your desktop.
Check
Click the button.
Accept any security warnings from your browser.
Check
Make sure that the option "Remove found threats" is Unchecked
Push the Start button.
ESET will then download updates for itself, install itself, and begin
scanning your computer. Please be patient as this can take some time.
When the scan completes, push
Push , and save the file to your desktop using a unique name, such as
ESETScan. Include the contents of this report in your next reply.
Push the button.
Push

Please make sure you include the following items in your next post:
The log that was produced after running ESET Online Scanner.

**fbfbfb** · 2011-04-05, 19:42

Hello Ken. Results of my ESET Scan. . .Thank you very much.

C:\Documents and Settings\All Users\Application Data\ReviverSoft\Registry Reviver\InstallCache\{05B64610-ED45-40AC-89A3-507F6B6A25B9}\Registry Reviver.msi a variant of Win32/SlowPCfighter application
C:\Documents and Settings\Owner\Application Data\Dell\Installers\PCTuneUp2.exe probably unknown NewHeur_PE virus
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_E46504FBC18F44E8AF8E3B7F9336AC1A\p1v1_PPIRegistryReviver_w.exe a variant of Win32/SlowPCfighter application
C:\Documents and Settings\Owner\Application Data\OpenCandy\OpenCandy_E46504FBC18F44E8AF8E3B7F9336AC1A\PPIRegistryReviverSetup.exe a variant of Win32/SlowPCfighter application
C:\Qoobox\Quarantine\C\WINDOWS\_rr_kscidp3.dll.vir a variant of Win32/Cimag.GA trojan
C:\System Volume Information\_restore{2F08FB2F-4FA4-4518-96B2-D72059EA7679}\RP1708\A0256505.dll a variant of Win32/Cimag.GA trojan

**ken545** · 2011-04-05, 19:54

You had a bad entry in System Restore, there may be more

System Restore is a component of Microsoft's Windows Me, Windows XP, Windows Vista and Windows 7 operating systems that allows for the rolling back of system files, registry keys, installed programs, etc., to a previous state in the event of malfunctioning or failure. Old restore points can be a source of re-infection.

Please follow the steps below to create a clean restore point:

Click Start > Run > copy and paste the following into the run box:

%SystemRoot%\System32\restore\rstrui.exe
Press OK. Choose Create a Restore Point then click Next.
Name it (something you'll remember) and click Create.
When the confirmation screen shows the restore point has been created click Close.

Then remove all previous Restore Points

Click Start > Run > copy and paste the following into the run box:

cleanmgr
Choose to scan drive C:\ (if C:\ is your main drive).
At the top, click on More Options tab. Click the Clean up... button in the System Restore box.
Click on the Yes button.
When finished, click on Cancel button to exit.

Let me know how things are running now ?

Thread: Click.GiftLoad--Cannot Delete

Thread Tools

Display