Windows XP recovery malware

i believe my desktop computer is infected with the windows xp recovery malware. When I boot up, the recovery program automatically opens and starts scanning my hard drive and list about 11 critical errors. when i click on the fix errors button it wants me to purchase their super duper fix program. i cannot open any programs or connect to the internet. I had to boot in safe mode to run the OTL scan.

OTL logfile created on: 5/16/2011 12:49:23 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

(see attached txt file)

Hi there pointman!

I am Gabethebabe and I will be helping you with this issue. Before we start some general remarks/rules:

• Whilst I´m helping you, please follow my instructions carefully and do not experiment on your own or accept help from other persons.
  
• Feel free to ask questions! Especially if my instructions are not clear. I´m here to help, not confuse you.
  
• I will try and respond quickly, but please understand I do have a real life (job, wife, 3 kids, kinky hobbies).
  
• Stick with me till the end. If your computer starts running better, doesn´t mean it is clean yet!

====================

hmm... I see nothing attached. Can you just copy and paste the contents of the OTL.txt and the Extras.txt into one or more posts?

Sorry, i was afraid it did not attach! My scan did not produce an "extras" file. Should it have?

OTL logfile created on: 5/16/2011 12:49:23 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = I:\
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

3.00 Gb Total Physical Memory | 3.00 Gb Available Physical Memory | 89.00% Memory free
5.00 Gb Paging File | 5.00 Gb Available in Paging File | 96.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 298.08 Gb Total Space | 153.79 Gb Free Space | 51.59% Space Free | Partition Type: NTFS
Drive I: | 1.92 Gb Total Space | 1.39 Gb Free Space | 72.18% Space Free | Partition Type: FAT

Computer Name: QUADCORE | User Name: Owner | Logged in as Administrator.
Boot Mode: SafeMode | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/16 11:57:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\OTL.com
PRC - [2011/04/05 11:50:44 | 001,195,408 | -H-- | M] (McAfee, Inc.) -- c:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe


========== Modules (SafeList) ==========

MOD - [2011/05/16 11:57:40 | 000,580,608 | ---- | M] (OldTimer Tools) -- I:\OTL.com
MOD - [2010/08/23 12:12:02 | 001,054,208 | -H-- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | -H-- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | -H-- | M] () [Unknown | Stopped] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | -H-- | M] (McAfee, Inc.) [Unknown | Stopped] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2011/02/16 15:49:08 | 000,088,176 | -H-- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2010/10/07 21:34:28 | 000,364,216 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/08/23 20:21:40 | 000,013,672 | -H-- | M] (Intuit Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2010/06/30 03:31:50 | 000,315,392 | -H-- | M] (Alcatel-Lucent) [Auto | Stopped] -- C:\Program Files\Common Files\Motive\McciServiceHost.exe -- (McciServiceHost)
SRV - [2010/03/10 11:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | -H-- | M] (McAfee, Inc.) [Auto | Stopped] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2010/01/15 08:49:20 | 000,227,232 | -H-- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee Security Scan\2.0.181\McCHSvc.exe -- (McComponentHostService)
SRV - [2009/02/02 02:33:18 | 000,317,440 | -H-- | M] (Amazon.com) [Auto | Stopped] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/04/03 15:46:03 | 000,085,096 | -H-- | M] (Autodesk) [On_Demand | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2006/11/03 19:19:58 | 000,013,592 | -H-- | M] (Microsoft Corporation) [Auto | Running] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/09/30 19:22:50 | 000,096,341 | -H-- | M] (Canon Inc.) [Auto | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2003/04/30 11:04:00 | 000,331,776 | -H-- | M] (Cyber Power System Inc.) [Auto | Stopped] -- C:\PowerPanel\upssrv.exe -- (CyberPowerUPS)


========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | -H-- | M] (McAfee, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | -H-- | M] (McAfee, Inc.) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | -H-- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/06/30 03:32:04 | 000,020,096 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRESP50.sys -- (MRESP50)
DRV - [2010/06/30 03:31:44 | 000,021,248 | -H-- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMP50.sys -- (MREMP50)
DRV - [2008/04/22 14:24:07 | 000,076,416 | -H-- | M] (Windows (R) 2000 DDK provider) [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\NmPar.sys -- (NmPar)
DRV - [2008/04/13 14:36:41 | 000,063,744 | -H-- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mf.sys -- (mf)
DRV - [2008/03/27 19:31:44 | 000,008,413 | -H-- | M] (RealNetworks, Inc.) [Kernel | Auto | Stopped] -- C:\WINDOWS\System32\drivers\mcstrm.sys -- (MCSTRM)
DRV - [2007/05/10 13:33:58 | 000,048,640 | -H-- | M] (JMicron Technology Corp.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\jraid.sys -- (JRAID)
DRV - [2007/04/12 15:04:40 | 004,397,568 | RH-- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\RtkHDAud.sys -- (IntcAzAudAddService) Service for Realtek HD Audio (WDM)
DRV - [2007/03/15 18:12:04 | 000,038,656 | RH-- | M] (Attansic Technology corporation.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\atl01_xp.sys -- (AtcL001)
DRV - [2006/08/16 23:23:00 | 000,340,176 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctdvda2k.sys -- (ctdvda2k)
DRV - [2006/08/16 23:17:11 | 000,007,168 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctprxy2k.sys -- (ctprxy2k)
DRV - [2006/08/16 23:17:09 | 000,500,480 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctaud2k.sys -- (ctaud2k) Creative Audio Driver (WDM)
DRV - [2006/08/16 23:16:32 | 001,110,528 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ha20x2k.sys -- (ha20x2k)
DRV - [2006/08/16 23:15:00 | 000,116,224 | RH-- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctoss2k.sys -- (ossrv)
DRV - [2006/08/16 23:14:42 | 000,143,872 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctsfm2k.sys -- (ctsfm2k)
DRV - [2006/08/16 23:14:37 | 000,078,336 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\emupia2k.sys -- (emupia)
DRV - [2006/08/16 23:14:24 | 000,502,272 | RH-- | M] (Creative Technology Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ctac32k.sys -- (ctac32k)
DRV - [2004/11/22 18:36:39 | 000,018,003 | -H-- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2004/11/22 18:36:34 | 000,019,345 | -H-- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2004/08/14 04:00:00 | 000,005,810 | RH-- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ASACPI.sys -- (MTsensor)
DRV - [2001/01/16 15:46:08 | 000,050,576 | -H-- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppadt40.sys -- (dot4)
DRV - [2001/01/16 15:44:36 | 000,017,872 | -H-- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppausb0.sys -- (dot4usb)
DRV - [2001/01/16 14:43:34 | 000,015,792 | -H-- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\hppaprt0.sys -- (Dot4Print)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://red.clientapps.yahoo.com/customize/ie/defaults/cs/yme/*http://www.yahoo.com/ext/search/search.html

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,AlwaysUseDefaultPrinter = yes
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://www.att.net [binary data]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://rover.ebay.com/rover/1/711-43047-14818-0/4?mfe=home&mpre=http%3A%2F%2Fwww.ebay.com
IE - HKCU\..\URLSearchHook: {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========


FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Components: C:\Program Files\eMusic Download Manager\xulrunner\components [2010/12/18 08:24:26 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\eMusic Download Manager\Extensions\\Plugins: C:\Program Files\eMusic Download Manager\xulrunner\plugins [2010/12/18 08:24:25 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\paypalfirefoxplugin@orbiscom: C:\Program Files\PayPal\PayPal Plug-In [2009/07/20 13:41:08 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\smartwebprinting@hp.com: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2010/01/21 11:22:32 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\Program Files\Siber Systems\AI RoboForm\Firefox [2008/03/28 10:37:39 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2011/05/05 15:28:10 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/10 16:30:56 | 000,000,000 | -H-D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/03/31 16:08:49 | 000,000,000 | -H-D | M]

[2009/01/12 18:12:33 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Extensions
[2011/05/15 17:26:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions
[2009/08/11 13:21:43 | 000,000,000 | -H-D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/26 12:48:10 | 000,000,000 | -H-D | M] (Google Toolbar for Firefox) -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/01/12 18:13:16 | 000,000,000 | -H-D | M] ("AOL Toolbar") -- C:\Documents and Settings\Owner\Application Data\Mozilla\Firefox\Profiles\sbvr156n.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2011/05/15 17:26:54 | 000,000,000 | -H-D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/12/10 16:08:10 | 000,000,000 | -H-D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/01/06 10:34:58 | 000,000,000 | -H-D | M] (eMusic - Apple iTunes Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_ITUNES@EMUSIC.COM
[2010/01/06 10:34:58 | 000,000,000 | -H-D | M] (eMusic - Nullsoft Winamp Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WINAMP@EMUSIC.COM
[2010/01/06 10:34:59 | 000,000,000 | -H-D | M] (eMusic - Microsoft Media Player Support) -- C:\PROGRAM FILES\EMUSIC DOWNLOAD MANAGER\XULRUNNER\EXTENSIONS\DLM_WMP@EMUSIC.COM
[2011/04/14 14:01:38 | 000,024,376 | -H-- | M] (McAfee, Inc.) -- C:\Program Files\Mozilla Firefox\components\Scriptff.dll
[2010/09/15 05:50:38 | 000,472,808 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2007/02/04 23:02:56 | 001,642,496 | -H-- | M] (LizardTech) -- C:\Program Files\Mozilla Firefox\plugins\npdjvu.dll

O1 HOSTS File: ([2010/12/16 19:59:33 | 000,000,027 | -H-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110510163056.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.7.6406.1642\swg.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O2 - BHO: (OToolbarHelper Class) - {EAD3A971-6A23-4246-8691-C9244E858967} - C:\Program Files\PayPal\PayPal Plug-In\PayPalHelper.dll ()
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O3 - HKLM\..\Toolbar: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (PayPal Plug-In) - {DC0F2F93-27FA-4f84-ACAA-9416F90B9511} - C:\Program Files\PayPal\PayPal Plug-In\OToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (AT&&T Toolbar) - {4E7BD74F-2B8D-469E-94BE-FD60BB9AAE29} - C:\Program Files\ATTToolbar\ATTToolbar.dll (AT&T)
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [36X Raid Configurer] C:\WINDOWS\System32\xRaidSetup.exe (JMicron Technology Corp.)
O4 - HKLM..\Run: [Adobe Photo Downloader] C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [ATT-SST_McciTrayApp] C:\Program Files\ATT-SST\McciTrayApp.exe (Alcatel-Lucent)
O4 - HKLM..\Run: [AudioDrvEmulator] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [BellSouthWCC_McciTrayApp] C:\Program Files\BellSouthWCC\McciTrayApp.exe (Motive Communications, Inc.)
O4 - HKLM..\Run: [CTHelper] C:\WINDOWS\CTHELPER.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\CTXFIHLP.EXE (Creative Technology Ltd)
O4 - HKLM..\Run: [HP AutoIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppautoindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HP SchedIndexer] C:\Program Files\Hewlett-Packard\LaserJet All-in-one\hppschedindexer.exe (Hewlett-Packard)
O4 - HKLM..\Run: [JMB36X IDE Setup] C:\WINDOWS\RaidTool\xInsIDE.exe ()
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [MicroBrew] C:\Program Files\Common Files\Bluebeam Software\Brewery\V45\Printer Support\MicroBrew2.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PbAdminACAD] C:\Program Files\Bluebeam Software\Pushbutton PDF\PbMngr5.exe (Bluebeam Software, Inc.)
O4 - HKLM..\Run: [RCSystem] C:\Program Files\Creative\Shared Files\Module Loader\DLLML.exe (Creative Technology Ltd.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [VolPanel] C:\Program Files\Creative\Sound Blaster X-Fi\Volume Panel\VolPanlu.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [ymetray] C:\Program Files\Yahoo!\Yahoo! Music Engine\ymetray.exe ()
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [UpdateFlow.ATT-SST] C:\Program Files\ATT-SST\McciBrowser.exe (Alcatel-Lucent)
O4 - HKCU..\Run: [YgslssmSaaRn] C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exe (QNP)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoControlPanel = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: motive.com ([patttbc.att] https in Trusted sites)
O15 - HKCU\..Trusted Domains: mylabbill.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: remititonline.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} http://echat.bellsouth.net/sdccommon/download/tgctlcm.cab (Support.com Configuration Class)
O16 - DPF: {02BCC737-B171-4746-94C9-0D8A0B2C0089} http://office.microsoft.com/sites/production/ieawsdc32.cab (Microsoft Office Template and Media Control)
O16 - DPF: {03A89EFD-E023-8600-A22D-45F77558EB4C} https://content.ilinc.com/clientdownload/download/ilinci86.dll (ILINCInstall86 Class)
O16 - DPF: {10E0E75E-6701-4134-9D95-C0942ED1F1C8} http://www1.snapfish.com/SnapfishOutlookImport.cab (Snapfish Outlook Import ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish.com/SnapfishActivia.cab (Snapfish Activia)
O16 - DPF: {49232000-16E4-426C-A231-62846947304B} https://wimpro.cce.hp.com/ChatEntry/downloads/sysinfo.cab (SysData Class)
O16 - DPF: {493ACF15-5CD9-4474-82A6-91670C3DD66E} http://www.linkedin.com/cab/LinkedInContactFinderControl.cab (LinkedIn ContactFinderControl)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://www.evite.com/html/imageUpload/ImageUploader5.cab (Image Uploader Control)
O16 - DPF: {6D2EF4B4-CB62-4C0B-85F3-B79C236D702C} https://www.facebook.com/controls/contactx.dll (ContactExtractor Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos/OnlineScanner.cab (Reg Error: Key error.)
O16 - DPF: {8100D56A-5661-482C-BEE8-AFECE305D968} https://upload.facebook.com/controls/2009.07.28_v5.5.8.1/FacebookPhotoUploader55.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {A1662FB6-39BE-41BB-ACDC-0448FB1B5817} http://images3.pnimedia.com/ProductAssets/costcous/activex/v3_0_0_5/PhotoCenter_ActiveX_Control.cab (Photo Upload Plugin Class)
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab (HPSDDX Class)
O16 - DPF: {B9940246-4344-4D1B-BD82-DBAF7E657FF9} http://telluridemountainproperties-east.viewnetcam.com:50000/SysCamInst.cab (AudioClient Control)
O16 - DPF: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_22-windows-i586.cab (Java Plug-in 1.6.0_22)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4B68B83-8710-488B-A692-D74B50BA558E} http://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab (Creative Software AutoUpdate Support Package 2)
O16 - DPF: {E06E2E99-0AA1-11D4-ABA6-0060082AA75C} https://redvector.webex.com/client/T27LB/training/ieatgpc.cab (GpcContainer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} http://ccfiles.creative.com/Web/softwareupdate/ocx/15114/CTPID.cab (Creative Software AutoUpdate Support Package 1)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.3.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\dssrequest {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll (McAfee, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/03/24 18:04:19 | 000,000,000 | -H-- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2008/07/29 20:35:52 | 000,000,090 | ---- | M] () - I:\AUTORUN.INF -- [ FAT ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

MsConfig - State: "system.ini" - 0
MsConfig - State: "win.ini" - 0
MsConfig - State: "bootini" - 0
MsConfig - State: "services" - 0
MsConfig - State: "startup" - 0

SafeBootMin: Base - Driver Group
SafeBootMin: Boot Bus Extender - Driver Group
SafeBootMin: Boot file system - Driver Group
SafeBootMin: File system - Driver Group
SafeBootMin: Filter - Driver Group
SafeBootMin: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootMin: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootMin: PCI Configuration - Driver Group
SafeBootMin: PNP Filter - Driver Group
SafeBootMin: Primary disk - Driver Group
SafeBootMin: SCSI Class - Driver Group
SafeBootMin: sermouse.sys - Driver
SafeBootMin: System Bus Extender - Driver Group
SafeBootMin: vds - Service
SafeBootMin: vga.sys - Driver
SafeBootMin: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootMin: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootMin: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootMin: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootMin: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootMin: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootMin: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootMin: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootMin: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootMin: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootMin: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootMin: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootMin: {533C5B84-EC70-11D2-9505-00C04F79DEAF} - Volume shadow copy
SafeBootMin: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootMin: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

SafeBootNet: Base - Driver Group
SafeBootNet: Boot Bus Extender - Driver Group
SafeBootNet: Boot file system - Driver Group
SafeBootNet: File system - Driver Group
SafeBootNet: Filter - Driver Group
SafeBootNet: McMPFSvc - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: mcmscsvc - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe (McAfee, Inc.)
SafeBootNet: MCODS - C:\Program Files\McAfee\VirusScan\mcods.exe (McAfee, Inc.)
SafeBootNet: mfefire - C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe (McAfee, Inc.)
SafeBootNet: mfefirek - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfefirek.sys - C:\WINDOWS\system32\drivers\mfefirek.sys (McAfee, Inc.)
SafeBootNet: mfehidk - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfehidk.sys - C:\WINDOWS\system32\drivers\mfehidk.sys (McAfee, Inc.)
SafeBootNet: mfevtp - C:\WINDOWS\system32\mfevtps.exe (McAfee, Inc.)
SafeBootNet: NDIS Wrapper - Driver Group
SafeBootNet: NetBIOSGroup - Driver Group
SafeBootNet: NetDDEGroup - Driver Group
SafeBootNet: Network - Driver Group
SafeBootNet: NetworkProvider - Driver Group
SafeBootNet: PCI Configuration - Driver Group
SafeBootNet: PNP Filter - Driver Group
SafeBootNet: PNP_TDI - Driver Group
SafeBootNet: Primary disk - Driver Group
SafeBootNet: SCSI Class - Driver Group
SafeBootNet: sermouse.sys - Driver
SafeBootNet: Streams Drivers - Driver Group
SafeBootNet: System Bus Extender - Driver Group
SafeBootNet: TDI - Driver Group
SafeBootNet: vga.sys - Driver
SafeBootNet: WinDefend - C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation)
SafeBootNet: {36FC9E60-C465-11CF-8056-444553540000} - Universal Serial Bus controllers
SafeBootNet: {4D36E965-E325-11CE-BFC1-08002BE10318} - CD-ROM Drive
SafeBootNet: {4D36E967-E325-11CE-BFC1-08002BE10318} - DiskDrive
SafeBootNet: {4D36E969-E325-11CE-BFC1-08002BE10318} - Standard floppy disk controller
SafeBootNet: {4D36E96A-E325-11CE-BFC1-08002BE10318} - Hdc
SafeBootNet: {4D36E96B-E325-11CE-BFC1-08002BE10318} - Keyboard
SafeBootNet: {4D36E96F-E325-11CE-BFC1-08002BE10318} - Mouse
SafeBootNet: {4D36E972-E325-11CE-BFC1-08002BE10318} - Net
SafeBootNet: {4D36E973-E325-11CE-BFC1-08002BE10318} - NetClient
SafeBootNet: {4D36E974-E325-11CE-BFC1-08002BE10318} - NetService
SafeBootNet: {4D36E975-E325-11CE-BFC1-08002BE10318} - NetTrans
SafeBootNet: {4D36E977-E325-11CE-BFC1-08002BE10318} - PCMCIA Adapters
SafeBootNet: {4D36E97B-E325-11CE-BFC1-08002BE10318} - SCSIAdapter
SafeBootNet: {4D36E97D-E325-11CE-BFC1-08002BE10318} - System
SafeBootNet: {4D36E980-E325-11CE-BFC1-08002BE10318} - Floppy disk drive
SafeBootNet: {71A27CDD-812A-11D0-BEC7-08002BE2092F} - Volume
SafeBootNet: {745A17A0-74D3-11D0-B6FE-00A0C90F57DA} - Human Interface Devices

ActiveX: {0291E591-EA41-4c82-8106-3DC6CE7F7664} - Reg Error: Value error.
ActiveX: {10072CEC-8CC1-11D1-986E-00A0C955B42F} - Vector Graphics Rendering (VML)
ActiveX: {2179C5D3-EBFF-11CF-B6FD-00AA00B4E220} - NetShow
ActiveX: {22d6f312-b0f6-11d0-94ab-0080c74c7e95} - Microsoft Windows Media Player 6.4
ActiveX: {283807B5-2C60-11D0-A31D-00AA00B92C03} - DirectAnimation
ActiveX: {2A3320D6-C805-4280-B423-B665BDE33D8F} - Microsoft .NET Framework 1.1 Security Update (KB979906)
ActiveX: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - %SystemRoot%\system32\regsvr32.exe /s /n /i:/UserInstall %SystemRoot%\system32\themeui.dll
ActiveX: {2F6EFCE6-10DF-49F9-9E64-9AE3775B2588} - Microsoft .NET Framework 1.1 Security Update (KB2416447)
ActiveX: {30528230-99F7-4BB4-88D8-FA1D4F56A2AB} - Reg Error: Value error.
ActiveX: {347B0667-C7ED-429B-BDE3-CC8D3BACAA31} - Reg Error: Value error.
ActiveX: {35CB31D6-C496-F1F5-D9EC-11F57DF7BE5F} - Internet Explorer
ActiveX: {36f8ec70-c29a-11d1-b5c7-0000f8051515} - Dynamic HTML Data Binding for Java
ActiveX: {38539595-3E29-410d-ABBD-3D6A75BC9A73} - Reg Error: Value error.
ActiveX: {3af36230-a269-11d1-b5bf-0000f8051515} - Offline Browsing Pack
ActiveX: {3bf42070-b3b1-11d1-b5c5-0000f8051515} - Uniscribe
ActiveX: {411EDCF7-755D-414E-A74B-3DCD6583F589} - Microsoft .NET Framework 1.1 Service Pack 1 (KB867460)
ActiveX: {4278c270-a269-11d1-b5bf-0000f8051515} - Advanced Authoring
ActiveX: {44BBA840-CC51-11CF-AAFA-00AA00B6015C} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:OE /CALLER:WINNT /user /install
ActiveX: {44BBA842-CC51-11CF-AAFA-00AA00B6015B} - rundll32.exe advpack.dll,LaunchINFSection

C:\WINDOWS\INF\msnetmtg.inf,NetMtg.Install.PerUser.NT
ActiveX: {44BBA848-CC51-11CF-AAFA-00AA00B6015C} - DirectShow
ActiveX: {44BBA855-CC51-11CF-AAFA-00AA00B6015F} - DirectDrawEx
ActiveX: {45ea75a0-a269-11d1-b5bf-0000f8051515} - Internet Explorer Help
ActiveX: {4f216970-c90c-11d1-b5c7-0000f8051515} - DirectAnimation Java Classes
ActiveX: {4f645220-306d-11d2-995d-00c04f98bbc9} - Microsoft Windows Script 5.8
ActiveX: {5945c046-1e7d-11d1-bc44-00c04fd912be} - rundll32.exe advpack.dll,LaunchINFSection C:\WINDOWS\INF\msmsgs.inf,BLC.QuietInstall.PerUser
ActiveX: {5A8D6EE0-3E18-11D0-821E-444553540000} - ICW
ActiveX: {5fd399c0-a70a-11d1-9948-00c04f98bbc9} - Internet Explorer Setup Tools
ActiveX: {61F684C7-B71D-C06D-8637-87A1C70CAFF6} - Internet Explorer
ActiveX: {630b1da0-b465-11d1-9948-00c04f98bbc9} - Browsing Enhancements
ActiveX: {6BF52A52-394A-11d3-B153-00C04F79FAA6} - Microsoft Windows Media Player
ActiveX: {6fab99d0-bab8-11d1-994a-00c04f98bbc9} - MSN Site Access
ActiveX: {7131646D-CD3C-40F4-97B9-CD9E4E6262EF} - .NET Framework
ActiveX: {73fa19d0-2d75-11d2-995d-00c04f98bbc9} - Web Folders
ActiveX: {7790769C-0471-11d2-AF11-00C04FA35D02} - "%ProgramFiles%\Outlook Express\setup50.exe" /APP:WAB /CALLER:WINNT /user /install
ActiveX: {851FDFAC-B3F9-435A-A49C-B4F18A1737E7} - Microsoft Silverlight 3.0
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4340} - regsvr32.exe /s /n /i:U shell32.dll
ActiveX: {89820200-ECBD-11cf-8B85-00AA005B4383} - C:\WINDOWS\system32\ie4uinit.exe -BaseSettings
ActiveX: {89B4C1CD-B018-4511-B0A1-5476DBF70820} - c:\WINDOWS\system32\Rundll32.exe c:\WINDOWS\system32\mscories.dll,Install
ActiveX: {9381D8F2-0288-11D0-9501-00AA00B911A5} - Dynamic HTML Data Binding
ActiveX: {A17E30C4-A9BA-11D4-8673-60DB54C10000} - Reg Error: Value error.
ActiveX: {AA218328-0EA8-4D70-8972-E987A9190FF4} - Reg Error: Value error.
ActiveX: {B508B3F1-A24A-32C0-B310-85786919EF28} - .NET Framework
ActiveX: {C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F} - .NET Framework
ActiveX: {C9E9A340-D1F1-11D0-821E-444553540600} - Internet Explorer Core Fonts
ActiveX: {CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1} - .NET Framework
ActiveX: {CC2A9BA0-3BDD-11D0-821E-444553540000} - Task Scheduler
ActiveX: {CDD7975E-60F8-41d5-8149-19E51D6F71D0} - Windows Movie Maker v2.1
ActiveX: {D27CDB6E-AE6D-11CF-96B8-444553540000} - Adobe Flash Player
ActiveX: {de5aed00-a4bf-11d1-9948-00c04f98bbc9} - HTML Help
ActiveX: {E92B03AB-B707-11d2-9CBD-0000F87A369E} - Active Directory Service Interface
ActiveX: {EF289A85-8E57-408d-BE47-73B55609861A} - RootsUpdate
ActiveX: <{12d0ed0d-0ee0-4f90-8827-78cefb8f4988} - C:\WINDOWS\system32\ieudinit.exe
ActiveX: >{22d6f312-b0f6-11d0-94ab-0080c74c7e95} - C:\WINDOWS\inf\unregmp2.exe /ShowWMP
ActiveX: >{26923b43-4d38-484f-9b9e-de460746276c} - C:\WINDOWS\system32\ie4uinit.exe -UserIconConfig
ActiveX: >{881dd1c5-3dcf-431b-b061-f3f88e8be88a} - %systemroot%\system32\shmgrate.exe OCInstallUserConfigOE
ActiveX: >{C92EB41C-D4C5-4CCA-A444-318AE7FB6FC2} - RunDLL32 IEDKCS32.DLL,BrandIE4 SIGNUP

Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Error starting restore point: System Restore is disabled.
Error closing restore point: System Restore is disabled.

========== Files/Folders - Created Within 30 Days ==========

[2011/05/16 12:45:47 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/05/16 12:40:51 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner\Recent
[2011/05/15 18:44:59 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\Windows XP Recovery
[2011/05/15 18:19:26 | 000,434,176 | -H-- | C] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exe
[2011/05/07 11:36:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Yahoo
[2011/04/29 12:29:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/04/29 12:28:00 | 000,000,000 | -H-D | C] -- C:\Program Files\iPod
[2011/04/29 12:22:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Bonjour
[2008/03/24 18:45:45 | 000,033,792 | RH-- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/08/16 23:11:02 | 000,009,216 | -H-- | C] ( ) -- C:\WINDOWS\System32\KILLAPPS.EXE
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/05/16 12:48:59 | 000,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/05/16 12:45:55 | 000,013,646 | -H-- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/16 12:45:24 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/16 12:41:11 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/16 12:40:47 | 000,000,880 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/05/16 12:36:46 | 000,378,368 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\17424164.exe
[2011/05/16 11:42:04 | 000,000,422 | -H-- | M] () -- C:\WINDOWS\tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job
[2011/05/16 11:38:02 | 000,000,344 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\17424164
[2011/05/15 19:06:08 | 000,064,900 | -H-- | M] () -- C:\WINDOWS\System32\DVCState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011/05/15 19:06:08 | 000,054,800 | -H-- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011/05/15 19:06:08 | 000,054,800 | -H-- | M] () -- C:\WINDOWS\System32\BMXState-{00000005-00000000-00000001-00001102-00000005-002C1102}.rfx
[2011/05/15 19:06:08 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2011/05/15 19:06:08 | 000,001,080 | -H-- | M] () -- C:\WINDOWS\System32\settings.sfm
[2011/05/15 18:59:10 | 000,000,884 | -H-- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/05/15 18:56:53 | 000,000,040 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17424164
[2011/05/15 18:45:05 | 000,000,819 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\Windows XP Recovery.lnk
[2011/05/15 18:19:23 | 000,434,176 | -H-- | M] (QNP) -- C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exe
[2011/05/15 14:41:39 | 000,000,116 | -H-- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/05/13 22:04:01 | 000,000,284 | -H-- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/05/11 22:37:05 | 000,000,187 | -H-- | M] () -- C:\WINDOWS\hpbafd.ini
[2011/04/20 12:53:49 | 000,309,992 | -H-- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/19 12:52:52 | 000,870,128 | -H-- | M] () -- C:\WINDOWS\System32\mcs.rma
[2011/04/19 12:52:52 | 000,000,004 | -H-- | M] () -- C:\WINDOWS\System32\A18EBC
[2011/04/19 06:43:40 | 000,494,076 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\15mrp.pdf
[6 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/16 12:36:44 | 000,378,368 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\17424164.exe
[2011/05/16 11:38:02 | 000,000,344 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\17424164
[2011/05/15 18:49:02 | 000,000,040 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17424164
[2011/05/15 18:45:05 | 000,000,819 | -H-- | C] () -- C:\Documents and Settings\Owner\Desktop\Windows XP Recovery.lnk
[2011/04/19 06:43:33 | 000,494,076 | -H-- | C] () -- C:\Documents and Settings\Owner\My Documents\15mrp.pdf
[2011/04/04 23:28:39 | 004,149,312 | -H-- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/04/02 12:37:32 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2010/12/15 20:30:33 | 000,256,512 | -H-- | C] () -- C:\WINDOWS\PEV.exe
[2010/12/15 20:30:33 | 000,089,088 | -H-- | C] () -- C:\WINDOWS\MBR.exe
[2010/12/15 20:30:32 | 000,098,816 | -H-- | C] () -- C:\WINDOWS\sed.exe
[2010/12/15 20:30:32 | 000,080,412 | -H-- | C] () -- C:\WINDOWS\grep.exe
[2010/12/15 20:30:32 | 000,068,096 | -H-- | C] () -- C:\WINDOWS\zip.exe
[2010/12/09 08:38:52 | 000,000,664 | -H-- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/09/28 22:52:32 | 000,070,556 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/01/21 11:21:25 | 000,023,110 | -H-- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/03 00:39:57 | 000,077,349 | -H-- | C] () -- C:\WINDOWS\hpqins05.dat
[2009/06/12 21:38:11 | 000,116,840 | -H-- | C] () -- C:\WINDOWS\hpqins00.dat
[2009/05/06 19:05:25 | 000,023,040 | -H-- | C] () -- C:\WINDOWS\System32\irisco32.dll
[2008/12/14 18:12:22 | 000,012,054 | RH-- | C] () -- C:\WINDOWS\hpwscr20.dat
[2008/12/14 18:10:25 | 000,178,692 | -H-- | C] () -- C:\WINDOWS\hpwins20.dat
[2008/12/14 18:10:24 | 000,002,428 | RH-- | C] () -- C:\WINDOWS\hpwmdl20.dat
[2008/12/03 11:48:28 | 000,032,768 | -H-- | C] () -- C:\WINDOWS\delexe.exe
[2008/12/02 17:09:02 | 000,000,659 | -H-- | C] () -- C:\WINDOWS\FMTMSAM.INI
[2008/12/02 17:08:42 | 000,000,187 | -H-- | C] () -- C:\WINDOWS\hpbafd.ini
[2008/12/02 17:08:07 | 000,000,019 | -H-- | C] () -- C:\WINDOWS\hppsi_indexbase.dat
[2008/11/13 04:03:11 | 000,000,118 | -H-- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/07/29 22:42:01 | 000,006,048 | -H-- | C] () -- C:\WINDOWS\System32\MCC16.dll
[2008/06/07 18:49:09 | 000,010,939 | -H-- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/05/14 15:15:02 | 000,000,068 | -H-- | C] () -- C:\WINDOWS\ccolwiz.ini
[2008/05/01 13:16:36 | 000,002,751 | -H-- | C] () -- C:\WINDOWS\DevMgr.ini
[2008/05/01 13:15:53 | 000,000,020 | -H-- | C] () -- C:\WINDOWS\Hposcv07.INI
[2008/04/25 19:55:17 | 000,343,040 | -H-- | C] () -- C:\WINDOWS\System32\lffpx7.dll
[2008/04/25 19:55:17 | 000,116,736 | -H-- | C] () -- C:\WINDOWS\System32\lfkodak.dll
[2008/04/25 19:55:17 | 000,088,576 | -H-- | C] () -- C:\WINDOWS\System32\LFFPX90N.DLL
[2008/04/25 19:55:16 | 000,906,784 | -H-- | C] () -- C:\WINDOWS\System32\OWL52F.DLL
[2008/04/25 19:55:16 | 000,096,768 | -H-- | C] () -- C:\WINDOWS\System32\PWJPEG32.DLL
[2008/03/31 11:30:51 | 000,000,102 | -H-- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/03/27 16:04:48 | 000,000,165 | -H-- | C] () -- C:\WINDOWS\QUICKEN.INI
[2008/03/27 12:12:15 | 000,033,280 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/03/26 16:02:06 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\System32\epsnodlm.dll
[2008/03/26 15:01:19 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2008/03/26 12:49:49 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\epadmin.INI
[2008/03/26 10:26:00 | 000,000,035 | -H-- | C] () -- C:\WINDOWS\A5W.INI
[2008/03/25 19:06:06 | 000,000,116 | -H-- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/03/24 22:18:55 | 000,000,376 | -H-- | C] () -- C:\WINDOWS\ODBC.INI
[2008/03/24 18:45:45 | 000,323,640 | RH-- | C] () -- C:\WINDOWS\System32\ctdlang.dat
[2008/03/24 18:45:45 | 000,313,207 | RH-- | C] () -- C:\WINDOWS\System32\ctstatic.dat
[2008/03/24 18:45:45 | 000,053,932 | RH-- | C] () -- C:\WINDOWS\System32\ctdaught.dat
[2008/03/24 18:45:45 | 000,044,567 | RH-- | C] () -- C:\WINDOWS\System32\ctdnlstr.dat
[2008/03/24 18:31:30 | 000,003,072 | -H-- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/03/24 18:25:35 | 000,049,152 | RH-- | C] () -- C:\WINDOWS\System32\ChCfg.exe
[2008/03/24 18:14:22 | 000,011,127 | -H-- | C] () -- C:\WINDOWS\Ascd_log.ini
[2008/03/24 18:13:14 | 000,005,810 | RH-- | C] () -- C:\WINDOWS\System32\drivers\ASACPI.sys
[2008/03/24 18:13:12 | 000,010,802 | -H-- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/03/24 18:12:58 | 000,010,288 | -H-- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/03/24 18:07:07 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/03/24 18:01:23 | 000,021,640 | -H-- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/03/24 17:59:09 | 000,001,158 | -H-- | C] () -- C:\WINDOWS\mozver.dat
[2008/03/24 17:55:57 | 000,000,000 | -H-- | C] () -- C:\WINDOWS\nsreg.dat
[2008/03/24 12:57:10 | 000,004,161 | -H-- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/03/24 12:55:47 | 000,309,992 | -H-- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2007/12/05 02:41:00 | 001,703,936 | -H-- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2007/12/05 02:41:00 | 001,626,112 | -H-- | C] () -- C:\WINDOWS\System32\nwiz.exe
[2007/12/05 02:41:00 | 001,474,560 | -H-- | C] () -- C:\WINDOWS\System32\nview.dll
[2007/12/05 02:41:00 | 001,339,392 | -H-- | C] () -- C:\WINDOWS\System32\nvdspsch.exe
[2007/12/05 02:41:00 | 001,019,904 | -H-- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2007/12/05 02:41:00 | 000,466,944 | -H-- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2007/12/05 02:41:00 | 000,442,368 | -H-- | C] () -- C:\WINDOWS\System32\nvappbar.exe
[2007/12/05 02:41:00 | 000,425,984 | -H-- | C] () -- C:\WINDOWS\System32\keystone.exe
[2007/12/05 02:41:00 | 000,286,720 | -H-- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/12/12 12:12:00 | 000,006,656 | -H-- | C] () -- C:\WINDOWS\System32\NmCoInst.dll
[2006/08/16 23:59:15 | 000,087,403 | -H-- | C] () -- C:\WINDOWS\System32\instwdm.ini
[2006/08/16 23:59:14 | 000,000,054 | -H-- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2006/08/16 23:33:53 | 000,037,888 | -H-- | C] () -- C:\WINDOWS\System32\CTBURST.DLL
[2006/08/16 23:32:07 | 000,034,304 | -H-- | C] () -- C:\WINDOWS\PSCONV.EXE
[2006/08/16 23:14:32 | 000,033,792 | -H-- | C] () -- C:\WINDOWS\System32\REGPLIB.EXE
[2006/08/16 23:14:06 | 000,140,643 | -H-- | C] () -- C:\WINDOWS\System32\CTBAS2W.DAT
[2006/08/16 23:11:52 | 000,264,526 | -H-- | C] () -- C:\WINDOWS\System32\CTSBAS2W.DAT
[2006/08/16 23:11:38 | 000,231,281 | -H-- | C] () -- C:\WINDOWS\System32\CTSBASW.DAT
[2006/08/16 23:11:38 | 000,113,221 | -H-- | C] () -- C:\WINDOWS\System32\CTBASICW.DAT
[2006/08/16 23:11:07 | 000,004,096 | -H-- | C] () -- C:\WINDOWS\System32\ENLOCSTR.EXE
[2006/08/03 14:48:26 | 000,098,304 | -H-- | C] () -- C:\WINDOWS\System32\InstallPrinter6.dll
[2006/02/28 08:00:00 | 013,107,200 | -H-- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/02/28 08:00:00 | 000,673,088 | -H-- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/02/28 08:00:00 | 000,441,682 | -H-- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/02/28 08:00:00 | 000,272,128 | -H-- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/02/28 08:00:00 | 000,218,003 | -H-- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/02/28 08:00:00 | 000,071,492 | -H-- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/02/28 08:00:00 | 000,046,258 | -H-- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/02/28 08:00:00 | 000,028,626 | -H-- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/02/28 08:00:00 | 000,004,569 | -H-- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/02/28 08:00:00 | 000,004,461 | -H-- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/02/28 08:00:00 | 000,001,804 | -H-- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/02/28 08:00:00 | 000,000,741 | -H-- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/11/02 10:54:48 | 002,945,024 | RH-- | C] () -- C:\WINDOWS\System32\BGP851c.dll
[2005/07/26 17:13:12 | 000,000,214 | -H-- | C] () -- C:\WINDOWS\System32\KILL.INI
[2005/06/07 09:10:50 | 000,070,656 | -H-- | C] () -- C:\WINDOWS\System32\CTMMACTL.DLL
[2002/11/20 18:51:34 | 000,159,744 | -H-- | C] () -- C:\WINDOWS\System32\win2000.dll
[2000/05/07 01:30:44 | 000,184,320 | -H-- | C] () -- C:\WINDOWS\System32\NmUninst.exe

========== Custom Scans ==========


< %APPDATA%\Microsoft\*.* >
[2009/04/25 12:21:54 | 000,001,754 | -H-- | M] () -- C:\Documents and Settings\Owner\Application Data\Microsoft\LastFlashConfig.WFC

< %systemroot%\system32\config\systemprofile\*.dat /x >
[2008/03/24 18:05:02 | 000,163,884 | -H-- | M] () -- C:\WINDOWS\system32\config\systemprofile\avg7inst.log

< %USERPROFILE%\Desktop\*.exe >
[2008/10/24 18:34:31 | 041,427,024 | -H-- | M] (Hewlett-Packard Company ) -- C:\Documents and Settings\Owner\Desktop\A140609_ENU_XP.exe
[2009/08/20 13:09:04 | 024,791,728 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\ATT_SST_Installer_UVerse.exe
[2009/08/11 13:19:50 | 008,050,536 | -H-- | M] (Mozilla) -- C:\Documents and Settings\Owner\Desktop\Firefox Setup 3.5.2.exe
[2009/09/15 12:02:42 | 001,925,024 | -H-- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Owner\Desktop\install_flash_player.exe
[2008/12/03 16:51:24 | 001,877,269 | -H-- | M] () -- C:\Documents and Settings\Owner\Desktop\lj564en.exe
[2009/04/01 11:07:51 | 000,359,656 | -H-- | M] (Microsoft Corporation) -- C:\Documents and Settings\Owner\Desktop\msicuu2.exe
[2009/01/21 14:23:32 | 006,990,944 | -H-- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\Desktop\PayPal Plug-In.exe
[2010/01/02 14:17:56 | 016,409,960 | -H-- | M] (Safer Networking Limited ) -- C:\Documents and Settings\Owner\Desktop\spybotsd162.exe
[2010/12/16 20:29:03 | 001,344,600 | -H-- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Owner\Desktop\tdsskiller.exe
[2009/05/14 23:41:52 | 000,274,224 | -H-- | M] (BitTorrent, Inc.) -- C:\Documents and Settings\Owner\Desktop\utorrent.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\winn32\*.* >

< %USERPROFILE%\My Documents\*.exe >
[2008/03/24 18:00:35 | 045,942,912 | -H-- | M] (NVIDIA Corporation ) -- C:\Documents and Settings\Owner\My Documents\169.21_forceware_winxp_32bit_english_whql.exe
[2009/01/12 18:10:29 | 007,518,240 | -H-- | M] (Mozilla) -- C:\Documents and Settings\Owner\My Documents\Firefox Setup 3.0.5.exe
[2004/06/07 09:09:24 | 002,348,528 | -H-- | M] (Indigo Rose Corporation http://www.indigorose.com) -- C:\Documents and Settings\Owner\My Documents\HistoryKill2003.exe
[2009/07/20 13:40:15 | 006,535,960 | -H-- | M] (Macrovision Corporation) -- C:\Documents and Settings\Owner\My Documents\PayPal Plug-In.exe
[2008/04/23 19:06:19 | 001,375,232 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\pl532en.exe
[2010/06/23 16:50:05 | 003,545,360 | -H-- | M] () -- C:\Documents and Settings\Owner\My Documents\R98291.EXE
[2008/03/30 00:19:35 | 000,382,352 | -H-- | M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\Owner\My Documents\xpiinstall.exe
[1 C:\Documents and Settings\Owner\My Documents\*.tmp files -> C:\Documents and Settings\Owner\My Documents\*.tmp -> ]

< %USERPROFILE%\*.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.exe >
[2011/03/31 13:41:13 | 000,107,480 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\crashreporter.exe
[2011/03/31 13:41:14 | 000,912,344 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
[2011/03/31 13:41:19 | 000,016,856 | -H-- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\plugin-container.exe
[2011/03/31 13:41:23 | 000,245,208 | -H-- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\updater.exe

< %ProgramFiles%\TinyProxy. >

< %systemroot%\system32\*.* /lockedfiles >
[2009/03/08 05:31:44 | 000,348,160 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtmsft.dll
[2009/03/08 05:31:38 | 000,216,064 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\dxtrans.dll
[2008/04/13 11:42:06 | 000,016,896 | -H-- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\stdole2.tlb
[1 C:\WINDOWS\system32\*.tmp files -> C:\WINDOWS\system32\*.tmp -> ]

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\system32\drivers\*.* /lockedfiles >

< %PROGRAMFILES%\*. >
[2010/07/12 16:08:23 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe
[2008/04/15 09:52:59 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe Media Player
[2010/04/08 13:31:31 | 000,000,000 | -H-D | M] -- C:\Program Files\Adobe Photoshop.com Uploader
[2008/03/24 18:25:19 | 000,000,000 | -H-D | M] -- C:\Program Files\Ahead
[2011/02/18 18:26:56 | 000,000,000 | -H-D | M] -- C:\Program Files\AIM
[2009/03/04 12:21:44 | 000,000,000 | -H-D | M] -- C:\Program Files\Alwil Software
[2009/02/19 15:03:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Amazon
[2008/03/25 17:24:35 | 000,000,000 | -H-D | M] -- C:\Program Files\AnswerWorks 4.0
[2008/08/09 18:56:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Apple Software Update
[2009/04/25 11:50:22 | 000,000,000 | -H-D | M] -- C:\Program Files\ATT-HSI
[2010/07/05 20:10:30 | 000,000,000 | -H-D | M] -- C:\Program Files\ATT-SST
[2008/03/24 18:27:14 | 000,000,000 | -H-D | M] -- C:\Program Files\Attansic
[2009/04/25 12:12:19 | 000,000,000 | -H-D | M] -- C:\Program Files\ATTToolbar
[2011/02/23 17:44:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Audacity
[2008/04/12 13:37:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Audit Support Center
[2008/03/25 17:24:55 | 000,000,000 | -H-D | M] -- C:\Program Files\AutoCAD 2006
[2008/11/04 12:29:08 | 000,000,000 | -H-D | M] -- C:\Program Files\AutoCAD Civil 3D 2008
[2008/05/02 09:11:21 | 000,000,000 | -H-D | M] -- C:\Program Files\Autodesk
[2009/04/25 12:34:57 | 000,000,000 | -H-D | M] -- C:\Program Files\BellSouthWCC
[2008/03/31 13:33:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Bluebeam Software
[2011/04/29 12:22:05 | 000,000,000 | -H-D | M] -- C:\Program Files\Bonjour
[2008/04/12 13:46:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Canon
[2010/12/12 13:16:27 | 000,000,000 | -H-D | M] -- C:\Program Files\Carbonite
[2011/02/18 18:26:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Common Files
[2008/03/24 18:01:17 | 000,000,000 | -H-D | M] -- C:\Program Files\ComPlus Applications
[2008/05/08 19:19:11 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative
[2008/03/24 18:38:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Creative Installation Information
[2008/03/24 18:26:36 | 000,000,000 | -H-D | M] -- C:\Program Files\CyberLink
[2009/10/02 18:46:11 | 000,000,000 | -H-D | M] -- C:\Program Files\DIFX
[2008/04/03 15:47:35 | 000,000,000 | -H-D | M] -- C:\Program Files\DWG TrueView 2007
[2008/03/26 16:00:43 | 000,000,000 | -H-D | M] -- C:\Program Files\Eagle Point Software
[2010/01/06 10:35:01 | 000,000,000 | -H-D | M] -- C:\Program Files\eMusic Download Manager
[2009/10/02 18:46:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Garmin
[2009/10/02 18:46:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Garmin GPS Plugin
[2010/09/24 13:51:12 | 000,000,000 | -H-D | M] -- C:\Program Files\Google
[2008/03/24 18:04:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Grisoft
[2008/12/02 17:05:51 | 000,000,000 | -H-D | M] -- C:\Program Files\Hewlett-Packard
[2010/05/01 17:38:21 | 000,000,000 | -H-D | M] -- C:\Program Files\HP
[2008/05/02 12:02:56 | 000,000,000 | -H-D | M] -- C:\Program Files\Hydraflow
[2009/01/20 14:50:18 | 000,000,000 | -H-D | M] -- C:\Program Files\iLinc
[2008/05/08 21:37:37 | 000,000,000 | -H-D | M] -- C:\Program Files\illiminable
[2010/02/19 16:45:23 | 000,000,000 | -H-D | M] -- C:\Program Files\InstallShield Installation Information
[2008/03/24 18:21:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Intel
[2011/04/13 03:22:41 | 000,000,000 | -H-D | M] -- C:\Program Files\Internet Explorer
[2008/03/27 15:45:01 | 000,000,000 | -H-D | M] -- C:\Program Files\Intuit
[2011/04/29 12:28:00 | 000,000,000 | -H-D | M] -- C:\Program Files\iPod
[2011/04/29 12:29:02 | 000,000,000 | -H-D | M] -- C:\Program Files\iTunes
[2010/12/10 16:07:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Java
[2008/04/25 19:55:16 | 000,000,000 | -H-D | M] -- C:\Program Files\Kodak
[2008/07/22 17:47:13 | 000,000,000 | -H-D | M] -- C:\Program Files\LizardTech
[2010/01/02 17:15:52 | 000,000,000 | -H-D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/24 11:41:27 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee
[2011/04/03 22:49:23 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee Security Scan
[2011/02/24 17:51:51 | 000,000,000 | -H-D | M] -- C:\Program Files\McAfee.com
[2008/08/18 12:22:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Messenger
[2008/03/24 22:18:36 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft ActiveSync
[2008/03/24 18:05:11 | 000,000,000 | -H-D | M] -- C:\Program Files\microsoft frontpage
[2009/04/16 11:51:39 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Office
[2011/04/27 21:31:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft Silverlight
[2008/04/03 15:46:40 | 000,000,000 | -H-D | M] -- C:\Program Files\Microsoft WSE
[2010/08/12 03:01:03 | 000,000,000 | -H-D | M] -- C:\Program Files\Movie Maker
[2011/05/15 17:16:54 | 000,000,000 | -H-D | M] -- C:\Program Files\Mozilla Firefox
[2009/08/07 03:03:41 | 000,000,000 | -H-D | M] -- C:\Program Files\MSBuild
[2009/04/16 11:51:29 | 000,000,000 | -H-D | M] -- C:\Program Files\MSECache
[2008/03/24 18:00:11 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN
[2008/03/24 18:00:50 | 000,000,000 | -H-D | M] -- C:\Program Files\MSN Gaming Zone
[2008/11/13 04:00:50 | 000,000,000 | -H-D | M] -- C:\Program Files\MSXML 4.0
[2009/05/01 11:20:39 | 000,000,000 | -H-D | M] -- C:\Program Files\MyPublisher
[2008/08/18 12:14:18 | 000,000,000 | -H-D | M] -- C:\Program Files\NetMeeting
[2008/03/24 18:01:08 | 000,000,000 | -H-D | M] -- C:\Program Files\Online Services
[2010/12/17 04:00:46 | 000,000,000 | -H-D | M] -- C:\Program Files\Outlook Express
[2008/06/18 15:01:12 | 000,000,000 | -H-D | M] -- C:\Program Files\PayPal
[2011/01/14 18:25:10 | 000,000,000 | -H-D | M] -- C:\Program Files\Quicken
[2010/12/18 08:24:24 | 000,000,000 | -H-D | M] -- C:\Program Files\QuickTime
[2008/03/27 19:24:35 | 000,000,000 | -H-D | M] -- C:\Program Files\Real
[2008/03/24 18:24:49 | 000,000,000 | -H-D | M] -- C:\Program Files\Realtek
[2009/08/07 03:03:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Reference Assemblies
[2010/07/28 14:11:13 | 000,000,000 | -H-D | M] -- C:\Program Files\Rhapsody
[2008/07/12 17:46:42 | 000,000,000 | -H-D | M] -- C:\Program Files\Safari
[2008/03/28 11:57:45 | 000,000,000 | -H-D | M] -- C:\Program Files\Siber Systems
[2010/01/02 15:58:23 | 000,000,000 | -H-D | M] -- C:\Program Files\TrendMicro
[2011/04/13 13:41:43 | 000,000,000 | -H-D | M] -- C:\Program Files\TurboTax
[2008/03/24 18:08:37 | 000,000,000 | -H-D | M] -- C:\Program Files\Uninstall Information
[2008/03/31 11:33:14 | 000,000,000 | -H-D | M] -- C:\Program Files\viewsonic
[2008/03/24 18:08:33 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Defender
[2008/03/24 18:00:57 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Connect 2
[2008/08/18 12:14:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows Media Player
[2008/08/18 12:14:15 | 000,000,000 | -H-D | M] -- C:\Program Files\Windows NT
[2008/03/24 18:03:19 | 000,000,000 | -H-D | M] -- C:\Program Files\WindowsUpdate
[2008/03/24 18:05:11 | 000,000,000 | -H-D | M] -- C:\Program Files\xerox
[2009/12/06 18:16:38 | 000,000,000 | -H-D | M] -- C:\Program Files\Yahoo!


< MD5 for: AGP440.SYS >
[2007/09/11 16:20:13 | 016,774,755 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:AGP440.sys
[2008/08/18 12:07:34 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:AGP440.sys
[2008/08/18 12:07:34 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:AGP440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ERDNT\cache\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys
[2008/04/13 14:36:38 | 000,042,368 | -H-- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2007/09/11 16:20:13 | 016,774,755 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:atapi.sys
[2008/08/18 12:07:34 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:atapi.sys
[2008/08/18 12:07:34 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ERDNT\cache\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys
[2008/04/13 14:40:30 | 000,096,512 | -H-- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel#1\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Primary IDE Channel\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel#1\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Secondary IDE Channel\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys
[2006/02/28 08:00:00 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0006\DriverFiles\i386\atapi.sys
[2004/08/03 23:59:44 | 000,095,360 | -H-- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0007\DriverFiles\i386\atapi.sys

< MD5 for: DISK.SYS >
[2007/09/11 16:20:13 | 016,774,755 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp2.cab:disk.sys
[2008/08/18 12:07:34 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\Driver Cache\i386\sp3.cab:disk.sys
[2008/08/18 12:07:34 | 023,852,652 | -H-- | M] () .cab file -- C:\WINDOWS\ServicePackFiles\i386\sp3.cab:disk.sys
[2006/02/28 08:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#1\disk.sys
[2006/02/28 08:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#2\disk.sys
[2006/02/28 08:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#3\disk.sys
[2006/02/28 08:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive#4\disk.sys
[2006/02/28 08:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\Documents and Settings\Owner\My Documents\My Drivers Back Up\Disk drive\disk.sys
[2006/02/28 08:00:00 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=00CA44E4534865F8A3B64F7C0984BFF0 -- C:\WINDOWS\$NtServicePackUninstall$\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\ServicePackFiles\i386\disk.sys
[2008/04/13 14:40:47 | 000,036,352 | -H-- | M] (Microsoft Corporation) MD5=044452051F3E02E7963599FC8F4F3E25 -- C:\WINDOWS\system32\drivers\disk.sys

< MD5 for: NETLOGON.DLL >
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ERDNT\cache\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll
[2008/04/13 20:12:01 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\system32\netlogon.dll
[2007/09/11 16:11:35 | 000,407,040 | -H-- | M] (Microsoft Corporation) MD5=5FD8684F1C5DD26509383F6CCDAEE3A3 -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 14:55:05

< hklm\software\clients\startmenuinternet|command /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/31 13:41:23 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/31 13:41:23 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/31 13:41:23 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/31 13:41:14 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/31 13:41:14 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/31 13:41:14 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)

< hklm\software\clients\startmenuinternet|command /64 /rs >
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\HideIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /HideShortcuts [2011/03/31 13:41:23 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ShowIconsCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /ShowShortcuts [2011/03/31 13:41:23 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\InstallInfo\\ReinstallCommand: "C:\Program Files\Mozilla Firefox\uninstall\helper.exe" /SetAsDefaultAppGlobal [2011/03/31 13:41:23 | 000,552,376 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\open\command\\: C:\Program Files\Mozilla Firefox\firefox.exe [2011/03/31 13:41:14 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\properties\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -preferences [2011/03/31 13:41:14 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\FIREFOX.EXE\shell\safemode\command\\: "C:\Program Files\Mozilla Firefox\firefox.exe" -safe-mode [2011/03/31 13:41:14 | 000,912,344 | -H-- | M] (Mozilla Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ReinstallCommand: "C:\WINDOWS\system32\ie4uinit.exe" -reinstall [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\HideIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -hide [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\InstallInfo\\ShowIconsCommand: "C:\WINDOWS\system32\ie4uinit.exe" -show [2011/02/18 07:49:53 | 000,173,568 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\naom\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" -extoff [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\IEXPLORE.EXE\shell\open\command\\: "C:\Program Files\Internet Explorer\iexplore.exe" [2009/03/08 15:09:26 | 000,638,816 | -H-- | M] (Microsoft Corporation)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ReinstallCommand: "C:\Program Files\Safari\Safari.exe" /reinstall [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\HideIconsCommand: "C:\Program Files\Safari\Safari.exe" /hideicons [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\InstallInfo\\ShowIconsCommand: "C:\Program Files\Safari\Safari.exe" /showicons [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)
HKEY_LOCAL_MACHINE\software\clients\startmenuinternet\Safari.exe\shell\open\command\\: "C:\Program Files\Safari\Safari.exe" [2008/06/17 16:16:14 | 003,463,976 | -H-- | M] (Apple Inc.)

========== Alternate Data Streams ==========

@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• Then click the Run Fix button at the top.
  
• Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  
• If it asks to reboot the computer, allow it to reboot.
  
• If the program freezes, and the computer fails to reboot - let me know.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

Please download aswMBR by Alwil Software from here and save it to your desktop.

• Double click aswMBR.exe to run the tool
  
• Click the Scan button to start the scan
  
• Don´t panic if you see any **Rootkit** entries. The tool sometimes produces false alarms
  
• Once the scan finishes click Save log to save the log to your desktop
  
• Copy and paste the contents of this log (aswMBR.txt) into your next reply.

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-17 11:05:16
-----------------------------
11:05:16.546 OS Version: Windows 5.1.2600 Service Pack 3
11:05:16.546 Number of processors: 4 586 0xF0B
11:05:16.546 ComputerName: QUADCORE UserName: Owner
11:05:19.625 Initialize success
11:08:05.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
11:08:05.218 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
11:08:05.250 Disk 0 MBR read successfully
11:08:05.265 Disk 0 MBR scan
11:08:05.281 Disk 0 Windows XP default MBR code
11:08:05.296 Disk 0 scanning sectors +625121280
11:08:05.359 Disk 0 scanning C:\WINDOWS\system32\drivers
11:08:11.093 Service scanning
11:08:18.546 Disk 0 trace - called modules:
11:08:18.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:08:18.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3cb030]
11:08:18.609 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8b43d9e8]
11:08:18.625 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-9[0x8b43dd98]
11:08:18.640 Scan finished successfully
11:09:35.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
11:09:35.953 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"

Sorry...disregard my last reply. I got in a hurry before leaving this am and only did the aswmbr scan. So stupid!! hope this is correct!

All processes killed
========== FILES ==========
C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exe moved successfully.
C:\WINDOWS\tasks\User_Feed_Synchronization-{3DB9A020-3481-434C-BCEC-AC02BC5A62CB}.job moved successfully.
C:\Documents and Settings\All Users\Application Data\17424164 moved successfully.
C:\Documents and Settings\Owner\Desktop\Windows XP Recovery.lnk moved successfully.
C:\Documents and Settings\All Users\Application Data\~17424164 moved successfully.
C:\Documents and Settings\All Users\Application Data\17424164.exe moved successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2 deleted successfully.
========== OTL ==========
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\YgslssmSaaRn deleted successfully.
File C:\Documents and Settings\All Users\Application Data\YgslssmSaaRn.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\intuit.com\ttlc\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\motive.com\patttbc.att\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\mylabbill.com\www\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\remititonline.com\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\turbotax.com\ deleted successfully.
I:\AUTORUN.INF moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
->Flash cache emptied: 56545 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 47342543 bytes
->Java cache emptied: 1092193 bytes
->Flash cache emptied: 110411 bytes

User: NetworkService
->Temp folder emptied: 201056 bytes
->Temporary Internet Files folder emptied: 47100879 bytes
->Flash cache emptied: 20950 bytes

User: Owner
->Temp folder emptied: 219409610 bytes
->Temporary Internet Files folder emptied: 1057184877 bytes
->Java cache emptied: 73800085 bytes
->FireFox cache emptied: 108859626 bytes
->Google Chrome cache emptied: 6312851 bytes
->Apple Safari cache emptied: 3796992 bytes
->Flash cache emptied: 259866 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 2176856 bytes
%systemroot%\System32 .tmp files removed: 2577 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 4593681 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 12920834 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 2211752520 bytes

Total Files Cleaned = 3,621.00 mb


OTL by OldTimer - Version 3.2.22.3 log created on 05172011_235434

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...

aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-17 11:05:16
-----------------------------
11:05:16.546 OS Version: Windows 5.1.2600 Service Pack 3
11:05:16.546 Number of processors: 4 586 0xF0B
11:05:16.546 ComputerName: QUADCORE UserName: Owner
11:05:19.625 Initialize success
11:08:05.203 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
11:08:05.218 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
11:08:05.250 Disk 0 MBR read successfully
11:08:05.265 Disk 0 MBR scan
11:08:05.281 Disk 0 Windows XP default MBR code
11:08:05.296 Disk 0 scanning sectors +625121280
11:08:05.359 Disk 0 scanning C:\WINDOWS\system32\drivers
11:08:11.093 Service scanning
11:08:18.546 Disk 0 trace - called modules:
11:08:18.578 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys
11:08:18.593 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b3cb030]
11:08:18.609 3 CLASSPNP.SYS[f7647fd7] -> nt!IofCallDriver -> \Device\0000007c[0x8b43d9e8]
11:08:18.625 5 ACPI.sys[f75ae620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP3T0L0-9[0x8b43dd98]
11:08:18.640 Scan finished successfully
11:09:35.921 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner\Desktop\MBR.dat"
11:09:35.953 The log file has been saved successfully to "C:\Documents and Settings\Owner\Desktop\aswMBR.txt"


aswMBR version 0.9.5.256 Copyright(c) 2011 AVAST Software
Run date: 2011-05-18 00:06:30
-----------------------------
00:06:30.234 OS Version: Windows 5.1.2600 Service Pack 3
00:06:30.234 Number of processors: 4 586 0xF0B
00:06:30.234 ComputerName: QUADCORE UserName: Owner
00:06:34.953 Initialize success
00:06:45.734 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP3T0L0-9
00:06:45.734 Disk 0 Vendor: MAXTOR_STM3320620AS 3.AAE Size: 305245MB BusType: 3
00:06:47.734 Disk 0 MBR read successfully
00:06:47.734 Disk 0 MBR scan
00:06:47.734 Disk 0 Windows XP default MBR code
00:06:49.734 Disk 0 scanning sectors +625121280
00:06:49.750 Disk 0 scanning C:\WINDOWS\system32\drivers
00:06:58.812 Service scanning
00:07:00.140 Disk 0 trace - called modules:
00:07:00.156 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll atapi.sys pciide.sys PCIIDEX.SYS
00:07:00.156 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8b087ab8]

That log looks clean

Your computer is running OK now?

Please download Malwarebytes' Anti-Malware from here.

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select Perform Quick Scan, then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.

Note:

• If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
  
• Click OK to either and let MBAM proceed with the disinfection process.
  
• If asked to restart the computer, please do so immediately.

Post the contents of the MBAM log in your next reply, please.

no, the computer is not running ok now. The only programs that work are my AIM and the McAfee Security Suite. No other programs show up in my programs folder. I could not get mbam-setup to install. It may still be on my computer from a previous installation. the error message i get is program_error_missing_file(2,0,mbancore.dll) access is denied. I rebooted and tried to install setup 2 or 3 times and got the same result. Should I try to do it in safe mode? I stll have to access the internet from my notebook computer...my browser program does not show up.

note: i tried it in safe mode also with no success.

We try and fix the missing stuff.

• Please download Unhide by Grinler from here and save it to your desktop.
  
• Double click unhide.exe to run the tool.
  
• It will take some time to go through all your files, so please be patient.
  
• If this tool doesn´t fix the problem, please let me know.

====================

We´re going to run a scan with ESET Online Scanner. Please make sure you are logged in as a user with administrator rights and proceed with the following steps:

• Use Internet Explorer to browse to the ESET Online Scanner webpage
  
• Click the green ESET Online Scanner button
  
• A popup window will open
  
• Accept the terms of use and click Start
  
• Internet Explorer probably informs you that ESET tries to install an add-on. Allow that.
  
• UNSELECT the Remove all threats option.
  
• Click Start
  
• When the scan has finished and threats were found, click List of found threats
  
• Click Export to text file and save it as e.g. eset.txt on your desktop
  
• Click Back
  
• Select Uninstall application on close
  
• Click Finish. ESET Online Scanner will now uninstall itself
  
• Please post the contents of the eset.txt in your next reply.

C:\WINDOWS\system32\12543.js JS/TrojanDownloader.Agent.NWG trojan

Note: the unhide program worked on all my folders except my start-up folder. There is nothing in my start-up folder.

Just to clarify, my previous post #12 was the results of my eset scan (one threat still remains).

Please download SystemLook by jpshortstuff from one of the locations below and save it to your desktop.
Download Mirror #1
Download Mirror #2

• Double-click SystemLook.exe to run it.
  
• Copy the following text into the main textfield:

:filefind
regsvr32.exe

• Click the Look button to start the scan.
  
• When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.

Note: The log can also be found on your Desktop (SystemLook.txt.)
====================

• Please run OTL.exe again
  
• Under the Custom Scans/Fixes box at the bottom, copy and paste in the following:

• Then click the Run Fix button at the top.
  
• Allow it to run. It may take some time and you may see some things happen to your desktop - this is normal.
  
• If it asks to reboot the computer, allow it to reboot.
  
• If the program freezes, and the computer fails to reboot - let me know.
  
• Finally, post the contents of the log. (Located at C:\_OTL\Moved Files)

====================

About your missing programs, can you browse to the folder
C:\Documents and Settings\YOUR_USERNAME\Start Menu\Programs
and tell me what you see in there?

========== FILES ==========
C:\WINDOWS\system32\12543.js moved successfully.

OTL by OldTimer - Version 3.2.22.3 log created on 05192011_122930

SystemLook 04.09.10 by jpshortstuff
Log created at 12:14 on 19/05/2011 by Owner
Administrator - Elevation successful

========== filefind ==========

Searching for "regsvr32.exe"
C:\WINDOWS\$NtServicePackUninstall$\regsvr32.exe -----c- 11776 bytes [16:07 18/08/2008] [12:00 28/02/2006] 9709EAD856A690333138AC40804F914E
C:\WINDOWS\ServicePackFiles\i386\regsvr32.exe ------- 11776 bytes [00:36 05/08/2008] [00:12 14/04/2008] FBDB9D0935B9907B809B381FDDF1627F
C:\WINDOWS\system32\regsvr32.exe ------- 11776 bytes [12:00 28/02/2006] [00:12 14/04/2008] FBDB9D0935B9907B809B381FDDF1627F

-= EOF =-

Contents of start menu:
startup
programs
accessories
att wireless connection tool
att yahoo!
audit support center
dell, inc
startup
windows xp recovery

In addition, in my start menu, all programs list, all of my program startups are empty. Explorer is pretty much the only program I have in my start button.

pointman wrote:

Contents of start menu:
startup
programs
accessories
att wireless connection tool
att yahoo!
audit support center
dell, inc
startup
windows xp recovery

Ok these are the folders you see in C:\Documents and Settings\YOUR_USERNAME\Start Menu\Programs. These will also be the folders that you see in your startup menu (they are the same thing). If the folders in your startup menu are all empty it is because the folders in C:\Documents and Settings\YOUR_USERNAME\Start Menu\Programs are empty as well.

There is nothing you can do but slowly rebuild your start menu with the programs you need. You organize your C:\Documents and Settings\YOUR_USERNAME\Start Menu\Programs folder in the ways you want (with folders and shortcuts). E.g. if you want to add Notepad under accessories, what you need to do is browse to c:\windows, find notepad.exe, rightclick it ==> Copy ==> Browse to C:\Documents and Settings\YOUR_USERNAME\Start Menu\Programs\accessories folder ==> rightclick ==> Paste as shortcut.

This will be some work, but the good thing is that you will end up with exactly the programs you need. What you can do as well is uninstall a program and reinstall it, that will re-establish its start menu items.

A trick I recommend is go to the control panel ==> User accounts and create a new user, for example "dummy". Log in as that user. That new user will have the standard Windows startup menu, with folders like accessories correctly configured.

After that go back to your usual account, browse to the C:\Documents and Settings\dummy\Start Menu\Programs folder, copy everything that is in there and paste it (this time paste normally, NOT as shortcut) into the C:\Documents and Settings\YOUR_USERNAME\Start Menu\Programs folder. If that went well, you can remove the dummy account again.

About the malwarebytes program. I recommend you uninstall MBAM using Revo uninstaller.

Download and install Revo Uninstaller from here.

• Run Revo Uninstaller
  
• Find the program you want to uninstall (MBAM), click it and click the Uninstall button
  
• When prompted for an uninstall mode choose Advanced
  
• Follow the prompts to uninstall the program and related registry entries

After that try to reinstall Malwarebytes. Let me know if that went well.

The reinstall of Malwarebytes went well. Should I leave it installed and run a scan periodically?

If I have to manually reload my start up folder then so be it. I have lots of programs but may not need to load them all. Should I be concerned about my security being compromised?

Thanks for all your help! You guys are real troopers. I will definately leave a contribution.

MBAM is a very good program for periodic scans (1-2 times/month for example), so yes, keep it.

Your logs look clean,so if you have no further problems, we can proceed to wrap up.

====================

You need to install the latest version of Java. Having the latest version is important to take advantage of fixes that have eliminated security vulnerabilities.

• Go to Start > Control Panel
  
• Double-click on Add or Remove Programs
  
• Look for entries that say Java, Java RunTime Environment or J2SE.
  
• Uninstall all of them that are not named Java (TM) 6 Update 25

After doing this, you can go to java.com, click on Free Java Download and proceed from there to install the latest version of Java (currently Version 6 Update 25).

After installing Java, go to Start > Control Panel > Java to open the Java Control Panel.
Under the General tab, Temporary Internet Files click Settings, then click Delete Files.
Select both options and click OK to delete the Java cache.

====================

Time to uninstall used tools.

• Double click OTL.exe to run it again and click the CleanUp button.
  
• If we used any other tools and they still remain on your desktop, please delete them manually.

====================

Allright! Now that we have you cleaned, we´ve got to make sure you stay clean.
Let me provide you with some recommendations:

1) Keep your Windows up-to-date. Windows Autoupdate should be ON (see Start >> Control Panel >> Security Center). An alternative way (but more time-consuming) is to periodically visit http://windowsupdate.microsoft.com. Hackers are looking every day for new security holes. Microsoft keeps patching them. You cannot fall behind in this race, it will make your system vulnerable.

2) For your average daily computer activities, use a limited/standard user account. If you use Vista/WIN7 do not disable User Account Control (UAC). You would be amazed to know how much malware can´t touch you if you deny it admin rights. Create a separate password-protected administrator account that you use for admin activities, like (un)installing software.

3) Use a good antivirus. There are various free ones, you cannot go wrong with either of the following three:

• Panda Cloud Antivirus. If you want your antivirus to be light on resources, I recommend Panda. Install without the toolbar.
  
• Avira. 100 million users can´t be wrong. If you want high detection rates, this is your best free bet.
  
• Avast! is a very complete antivirus, with modules like mailscanner and webshield.

4) If your computer has 1GB system memory or more, you should install a third party firewall, to replace the weak Windows Firewall. I recommend:

• Comodo Firewall. Install the internet security suite, but without the antivirus and without the Hopsurf toolbar.
  
• Online Armor. A very smart and user friendly firewall.
  
• Outpost Firewall is another rocksolid choice.

Note: you should run only ONE antivirus and ONE firewall. Running multiples of either is bad, it will cause slowdowns and/or conflicts.

5) Miscellaneous advice:

• Stay away from cracks and keygens (look here for the why). Get free software instead. Gizmo is an excellent source of freeware reviews.
  
• Navigate safely. Google Chrome is the safest browser available. However, Mozilla Firefox can be made extremely safe with the NoScript addon. Internet Explorer (always use version 8) can be made a lot safer with Spywareblaster (manual here).
  
• The WOT (Webs Of Trust) addon will help you to stay on reliable webpages.
  
• WinPatrol alerts you when changes are made in vital system areas. Especially good on light systems not running a third party firewall.
  
• Make sure you have ways to recuperate your operating system and vital other data if its gets frustrated by malware and/or other problems. A Windows setup CD and recent backups/disk images will be priceless, if you find yourself in an unexpected tight spot.

Finally: did we help you? Help us back!

Just to check I ran another scan from Malwarebytes and found 2 malicious files...log file attached. Do you tnink this is related to my previous infection or something unrelated?? Should I be okay now you think?

Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6788

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/6/2011 12:24:57 PM
mbam-log-2011-06-06 (12-24-57).txt

Scan type: Quick scan
Objects scanned: 185141
Time elapsed: 6 minute(s), 46 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 2
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDesktop (PUM.Hidden.Desktop) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableTaskMgr (PUM.Hijack.TaskManager) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)