Computer massive infection

This is Itachi21 here. This is another computer I am working on and there is so many problems its not even funny. Some applications can't even execute.

I downloaded HijackThis but I can't get it to execute without a window popping up saying "Application cannot be executed. The file winlogon.scr is infected. Do you want to activate your antivirus software now?"

Please download exeHelper from one of the two links.
Link 1
Link 2

• Double-click on exeHelper.com or exeHelper.scr to run the fix.
  
• A black window should pop up, press any key to close once the fix is completed.
  
• Post the contents of log.txt (Will be created in the directory where you ran exeHelper.com)
  

Note: If the window shows a message that says "Error deleting file", please re-run the program before posting a log - and post the two logs together (they will both be in the one file).

i cant get any program to execute. including that one. should i press yes instead of no or will that activate whatever the problem is?

Press no.
Hmm, can you get into msconfig? Go to Start > Run. In the run box, type in:

msconfig

Hit enter.
Does the msconfig window open?

no unfortunatley. and i cant even load task manager. nothing will allow me to open. i got firefox to open before all of this hit.

what do i do?

Now I have lost all internet access on the computer I was working on.

This isn't a good thing. I'm working off my computer now. The computer we we're trying to get to work is still on but like i said it just disconnected from the internet and now I can't find any wireless points when I was connected to mine all day.

You'll need to copy tools over via USB then, lets try Combofix.

Hello.

• Download combofix from here
  Link 1
  Link 2
  
  1. If you are using Firefox, make sure that your download settings are as follows:
  
  * Tools->Options->Main tab
  * Set to "Always ask me where to Save the files".
  
  2. During the download, rename Combofix to Combo-Fix as follows:
  
  
  
  
  
  3. It is important you rename Combofix during the download, but not after.
  4. Please do not rename Combofix to other names, but only to the one indicated.
  5. Close any open browsers.
  6. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  
  
• We need to disable your local AV (Anti-virus) before running Combofix.
  
• See HERE for how to disable your AV.
  
• Double click on ComboFix.exe.
  
• Follow the prompts. NOTE:
  
• ComboFix will check to see if the Microsoft Windows Recovery Console is installed.
  ***It's strongly recommended to have the Recovery Console installed before doing any malware removal.***
  
  **Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will automatically proceed with its scan.
  
  
  
• The Recovery Console provides a recovery/repair mode should a problem occur during a Combofix run.
  
  
  
  
• Allow ComboFix to download the Recovery Console.
  
• Accept the End-User License Agreement.
  
• The Recovery Console will be installed.
  
• You will then get this next prompt that asks if you want to continue the malware scan, select yes
  
  
  
  
• Allow combofix to run
  
• Post C:\combofix.txt back here.
  
  Note:
  Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
  

Ok I downloaded combo fix then transfered it onto my flash drive then went to open it on the infected computer and it still wont let me open it. I think its the BankerFox.A Trojan and another one.

Hmm, I wonder if we can manually edit the registry.

Go to Start > Run. In the run box, type in:

regedt32

Does the registry editor open?

No. Anything that tries to run just says that that particular executable wont open and it says its infected.

I'll keep going till I find something that works.

Please download Ice Sword from HERE

1. Download the zip to your desktop and extract it.
   
2. Open the Ice Sword folder and then launch IceSword.exe.
   
3. IceSword will randomly rename itself on open; does IceSword work?
   

No it wont work. I transfered Ice Sword onto my flash drive then onto the other computer and it still wont work. I cannot get any program to open. What happens if i click yes instead of no?

Ok IceSword is working now what do I do?

Hehe, I actually just tested some malware like this and found something odd.

Do you still have Combofix on your Desktop? rename it to utorrent.exe and see if it runs.

Sounds weird I know, but the malware I'm playing with here blocks out explorer.exe, but lets me run utorrent.exe

Just saw your next post.

Try my above method first, then if not, we'll go with IceSword.

no luck with utorrent.exe from executing it from my flash drive

i did however get icesword back up

I love IceSword, always helped me in a tight spot.

Hit the Startup button, and it shows you a list of startup items.
Now look up in the top left corner, for a little button that says "log" hit that and save the log file.

Copy and paste that log back here.

Edited my post a little, don't go for processes if you saw that before I edited.

Startup:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
HostManager
C:\Program Files\Common Files\AOL\1259973095\ee\AOLSoftware.exe

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
QuickTime Task
"C:\Program Files\QuickTime\qttask.exe" -atboottime

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
bywifi
C:\Program Files\Bywifi\bywifi.exe "-silent"

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run
uevapijk
C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv\jfrusysguard.exe

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
MSMSGS
"C:\Program Files\Messenger\msmsgs.exe" /background

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
Aim
"C:\Program Files\AIM\aim.exe" /d locale=en-US

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
bywifi
C:\Program Files\Bywifi\bywifi.exe "-silent"

HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
uevapijk
C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv\jfrusysguard.exe

C:\Documents and Settings\All Users\Start Menu\Programs\Startup
desktop.ini


C:\Documents and Settings\All Users\Start Menu\Programs\Startup
Utility Tray.lnk
C:\WINDOWS\system32\sistray.exe (Remark£º)

C:\Documents and Settings\Carl\Start Menu\Programs\Startup
desktop.ini

Thanks, we can disable this now and get MBAM going.

• Look in the bottom left hand corner of Icesword and press "Registry"
  
• When the registry list opens, drag the line between the two windows so you can see which registry hive you need.
  
• Next, open the HKEY_LOCAL_MACHINE, and navigate to the following key:
  
  HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run
  
  
• In the right side pane, find and delete this value: uevapijk
  
• Okay any prompts.
  
• Now go to the other hive and find the next Run key below.
  
  HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run
  
  
• In the right side pane, find and delete this value: uevapijk
  
• Okay any prompts.
  
• Can you run MBAM now?
  

If not, we may need to get a process list and kill anything still running.

u mean malware anti bites removal?

Once you've deleted two two run values I pointed out under each hive, yes, see if you can run MalwareBytes.

can i rehave the link to download please

Please download and run this tool.

Download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

• Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  
• If an update is found, it will download and install the latest version.
  
• Once the program has loaded, select "Perform Quick Scan", then click Scan.
  
• The scan may take some time to finish,so please be patient.
  
• When the scan is complete, click OK, then Show Results to view the results.
  
• Make sure that everything is checked, and click Remove Selected.
  
• When disinfection is completed, a log will open in Notepad and you may be prompted to Restart. (See Note)
  
• The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  

Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts.
Click OK to either and let MBAM proceed with the disinfection process.
If asked to restart the computer, please do so immediately.

Post the contents of the MBAM Log.

No luck. I got it to download but I cant open it up.

Did you delete those two run values in IceSword? under both HKLM and HKCU?

If so, reboot normally, then try MBAM again.

Malwarebytes' Anti-Malware 1.42
Database version: 3289
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/20/2009 8:28:34 PM
mbam-log-2009-12-20 (20-28-34).txt

Scan type: Quick Scan
Objects scanned: 111811
Time elapsed: 4 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper

Objects\{8ab483e3-3d67-4f1f-be43-64c61f936f4a} (Trojan.Vundo.H) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\geedb

(Trojan.Vundo.H) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ab483e3-3d67-4f1f-be43-64c61f936f4a} (Trojan.Vundo.H) ->

Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\AvScan (Trojan.FakeAlert) -> Quarantined and deleted

successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Juan (Trojan.Vundo) -> Quarantined and deleted

successfully.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\{320d180

e-0708-1033-0824-050330050001} (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\WINDOWS\system32\f02WtR (Malware.Trace) -> Quarantined and deleted successfully.

Files Infected:
C:\WINDOWS\system32\geedb.dll (Trojan.Vundo.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\jkkll.exe (Malware.Packer) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\pac.txt (Malware.Trace) -> Quarantined and deleted successfully.
C:\Documents and Settings\Carl\Desktop\winlogon.scr (Heuristics.Reserved.Word.Exploit) ->

Quarantined and deleted successfully.

That worked.
I need you to update the database first though, cause it's more than 100 def updates behind.

Press the "Check for updates" in the Update tab, then run another quick scan.

Malwarebytes' Anti-Malware 1.42
Database version: 3407
Windows 5.1.2600 Service Pack 2
Internet Explorer 6.0.2900.2180

12/21/2009 11:13:13 PM
mbam-log-2009-12-21 (23-13-13).txt

Scan type: Quick Scan
Objects scanned: 114660
Time elapsed: 5 minute(s), 56 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

OTL logfile created on: 12/22/2009 10:55:02 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 14.00% Memory free
1,017.00 Mb Paging File | 772.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 1.92 Gb Free Space | 11.25% Space Free | Partition Type: FAT32
Drive D: | 17.24 Gb Total Space | 12.20 Gb Free Space | 70.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-2E68C49B20
Current User Name: Carl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/12/22 22:48:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
PRC - [2009/12/18 14:12:00 | 00,307,672 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2009/12/08 10:09:28 | 01,187,840 | ---- | M] (bywifi.com) -- C:\Program Files\Bywifi\bywifi.exe
PRC - [2009/12/01 12:38:48 | 03,951,976 | ---- | M] (AOL LLC) -- C:\Program Files\AIM\aim.exe
PRC - [2009/07/20 14:52:24 | 00,041,264 | ---- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\1259973095\ee\aolsoftware.exe
PRC - [2007/01/23 12:33:32 | 00,262,144 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\sistray.exe
PRC - [2007/01/04 16:38:10 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe
PRC - [2004/08/16 15:17:20 | 01,287,168 | ---- | M] (OSA Technologies Inc.) -- C:\Acer\eManager\anbmServ.exe
PRC - [2004/08/04 05:00:00 | 01,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2009/12/22 22:48:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
MOD - [2004/08/04 05:00:00 | 01,050,624 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2180_x-ww_a84f1ff9\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- -- (Bonjour Service)
SRV - [2007/01/04 16:38:10 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/10/23 07:50:36 | 00,046,640 | R--- | M] (AOL LLC) [On_Demand | Stopped] -- C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe -- (AOL ACS)
SRV - [2005/11/23 07:58:04 | 00,765,952 | ---- | M] (Diskeeper Corporation) [Auto | Running] -- C:\Program Files\Diskeeper Corporation\Diskeeper\DkService.exe -- (Diskeeper)
SRV - [2004/08/16 15:17:20 | 01,287,168 | ---- | M] (OSA Technologies Inc.) [Auto | Running] -- C:\Acer\eManager\anbmServ.exe -- (anbmService)
SRV - [2001/04/06 13:57:46 | 00,238,080 | ---- | M] (O&O Software GmbH) [Auto | Stopped] -- C:\WINDOWS\System32\OOD2000.exe -- (OOD2000)


========== Driver Services (SafeList) ==========

DRV - [2009/11/13 19:49:00 | 00,043,528 | ---- | M] (Sonic Solutions) [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20)
DRV - [2007/01/23 12:56:00 | 00,016,896 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2007/01/23 12:35:00 | 00,317,952 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2006/03/06 23:15:50 | 00,223,128 | ---- | M] () [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\Drivers\dtscsi.sys -- (dtscsi)
DRV - [2006/03/06 23:12:06 | 00,642,560 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2006/01/14 20:16:50 | 00,008,552 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2005/12/20 04:22:32 | 00,006,144 | ---- | M] (NewTech Infosystems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NTIDrvr.sys -- (NTIDrvr)
DRV - [2005/06/28 11:32:14 | 00,113,664 | ---- | M] (Mars Semiconductor Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mr7910.sys -- (mr7910)
DRV - [2005/02/24 14:20:22 | 02,311,680 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2005/01/13 14:46:16 | 00,069,632 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\Program Files\acer\eRecovery\int15.sys -- (int15.sys)
DRV - [2004/12/21 10:32:12 | 00,369,024 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2004/12/17 17:14:44 | 00,013,952 | ---- | M] () [Kernel | System | Stopped] -- C:\WINDOWS\system32\drivers\UBHelper.sys -- (UBHelper)
DRV - [2004/12/08 14:10:00 | 00,016,896 | ---- | M] (Dritek System Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\DKbFltr.SYS -- (DKbFltr)
DRV - [2004/11/05 01:43:58 | 00,032,768 | ---- | M] (SiS Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sisnicxp.sys -- (SISNICXP)
DRV - [2004/10/07 23:33:46 | 00,185,824 | ---- | M] (Synaptics, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2004/10/07 19:51:08 | 01,270,540 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2004/08/11 01:30:00 | 00,039,424 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2004/08/04 05:00:00 | 00,088,448 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2004/08/04 05:00:00 | 00,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/04 05:00:00 | 00,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2004/08/04 05:00:00 | 00,027,440 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\secdrv.sys -- (Secdrv)
DRV - [2004/08/04 05:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ptilink.sys -- (Ptilink)
DRV - [2003/12/05 18:46:36 | 00,010,368 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/07/18 09:58:20 | 00,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/01/10 16:13:04 | 00,033,588 | R--- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)
DRV - [2002/05/07 09:44:04 | 00,081,700 | ---- | M] (FUJI PHOTO FILM CO.,LTD.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\V4CB011D.SYS -- (FINEPIX_PCC)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://www.mrfindalot.com/search.asp?si=
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr9/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.mrfindalot.com/search.asp?si=
IE - HKLM\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKLM\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL =
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://us.rd.yahoo.com/customize/ie/defaults/sp/msgr9/*http://www.yahoo.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com/?src=aim&ncid=snsusaimc00000001
IE - HKCU\..\URLSearchHook: {03402f96-3dc7-4285-bc50-9e81fefafe43} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
IE - HKCU\..\URLSearchHook: {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
IE - HKCU\..\URLSearchHook: {f0e98552-8e47-4c6c-9b3a-11ab0549f94d} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://aim.search.aol.com/search/search?query={searchTerms}&invocationType=tb50-ff-aim-chromesbox-en-us"
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..browser.startup.homepage: "http://www.aol.com"
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.96.5.1
FF - prefs.js..extensions.enabledItems: {7affbfae-c4e2-4915-8c0f-00fa3ec610a1}:5.74.1.3
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.07076007
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.5.1.20080205
FF - prefs.js..extensions.enabledItems: {38ef78a0-1f01-11de-8c30-0800200c9a66}:1.03
FF - prefs.js..extensions.enabledItems: {333b42b0-9c75-11db-b606-0800200c9a66}:2.090208
FF - prefs.js..extensions.enabledItems: {3ffb7be0-8bde-11de-8a39-0800200c9a66}:3.5.2.06.09.09b1
FF - prefs.js..keyword.URL: "http://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50-ff-aim-ab-en-us&query="
FF - prefs.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac"
FF - prefs.js..network.proxy.type: 2

FF - user.js..network.proxy.type: 2
FF - user.js..network.proxy.autoconfig_url: "http://localhost:9000/proxy.pac"

FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2005/12/24 16:09:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2005/12/24 16:09:48 | 00,000,000 | ---D | M]

[2009/01/19 22:41:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Mozilla\Extensions
[2005/12/24 16:10:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions
[2009/12/20 21:52:32 | 00,000,000 | ---D | M] (PinkHope) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{333b42b0-9c75-11db-b606-0800200c9a66}
[2009/12/20 21:45:28 | 00,000,000 | ---D | M] (IDS-DDI-PINKY) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{38ef78a0-1f01-11de-8c30-0800200c9a66}
[2009/12/20 21:39:18 | 00,000,000 | ---D | M] (Purple Fox) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{3ffb7be0-8bde-11de-8a39-0800200c9a66}
[2006/08/26 20:45:26 | 00,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/12/04 19:32:50 | 00,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{7affbfae-c4e2-4915-8c0f-00fa3ec610a1}
[2009/12/06 21:25:08 | 00,000,000 | ---D | M] (AIM Toolbar) -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2008/05/01 00:02:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\extensions\moveplayer@movenetworks.com
[2009/12/04 20:51:50 | 00,001,737 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\searchplugins\aol-search.xml
[2009/12/06 21:24:44 | 00,001,490 | ---- | M] () -- C:\Documents and Settings\Carl\Application Data\Mozilla\Firefox\Profiles\t4d4tksr.default\searchplugins\AIM Search.xml
[2005/12/24 16:09:52 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2006/02/27 10:32:22 | 00,039,424 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npclntax.dll
[2007/04/16 13:07:14 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (303126 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: 127.0.0.1 www.007guard.com
O1 - Hosts: 127.0.0.1 007guard.com
O1 - Hosts: 127.0.0.1 008i.com
O1 - Hosts: 127.0.0.1 www.008k.com
O1 - Hosts: 127.0.0.1 008k.com
O1 - Hosts: 127.0.0.1 www.00hq.com
O1 - Hosts: 127.0.0.1 00hq.com
O1 - Hosts: 127.0.0.1 010402.com
O1 - Hosts: 127.0.0.1 www.032439.com
O1 - Hosts: 127.0.0.1 032439.com
O1 - Hosts: 127.0.0.1 www.100888290cs.com
O1 - Hosts: 127.0.0.1 100888290cs.com
O1 - Hosts: 127.0.0.1 www.100sexlinks.com
O1 - Hosts: 127.0.0.1 100sexlinks.com
O1 - Hosts: 127.0.0.1 www.10sek.com
O1 - Hosts: 127.0.0.1 10sek.com
O1 - Hosts: 127.0.0.1 www.123topsearch.com
O1 - Hosts: 127.0.0.1 123topsearch.com
O1 - Hosts: 127.0.0.1 www.132.com
O1 - Hosts: 127.0.0.1 132.com
O1 - Hosts: 127.0.0.1 www.136136.net
O1 - Hosts: 127.0.0.1 136136.net
O1 - Hosts: 127.0.0.1 www.163ns.com
O1 - Hosts: 127.0.0.1 163ns.com
O1 - Hosts: 10449 more lines...
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AOL Toolbar Loader) - {3ef64538-8b54-4573-b48f-4d34b0238ab2} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (AOLSearchHook Class) - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - C:\Program Files\AIM Search\AOLSearch.dll (America Online, Inc.)
O2 - BHO: (Yahoo! IE Services Button) - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (BywifiBHO Class) - {C4743D3E-20D7-4B52-84F2-5E4E277B2D82} - C:\Program Files\Bywifi\bywifiie.dll (bywifi.com)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {ba00b7b1-0351-477a-b948-23e3ee5a73d4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O3 - HKCU\..\Toolbar\WebBrowser: (AIM Toolbar) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {BA00B7B1-0351-477A-B948-23E3EE5A73D4} - C:\Program Files\AOL Toolbar\aoltb.dll (AOL L.L.C.)
O4 - HKLM..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe (bywifi.com)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1259973095\ee\aolsoftware.exe (AOL LLC)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [Aim] C:\Program Files\AIM\aim.exe (AOL LLC)
O4 - HKCU..\Run: [bywifi] C:\Program Files\Bywifi\bywifi.exe (bywifi.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Utility Tray.lnk = C:\WINDOWS\system32\sistray.exe (Silicon Integrated Systems Corporation)
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: &Yahoo! Search - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Dictionary - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &Maps - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O8 - Extra context menu item: Yahoo! &SMS - C:\Program Files\Yahoo!\Common [2006/03/18 22:23:22 | 00,000,000 | ---D | M]
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\NPJPI150_06.dll (Sun Microsystems, Inc.)
O9 - Extra Button: Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (TODO: )
O9 - Extra 'Tools' menuitem : Bywifi: Video Downloader - {09E90109-A9AA-4980-BCEF-76F8D924E902} - C:\Program Files\Bywifi\bywifici.exe (TODO: )
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll File not found
O15 - HKLM\..Trusted Domains: 49 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 51 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://pcpitstop.com/pcpitstop/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {266B9238-31A5-4B53-9039-272FE846DF9D} http://www.sis.com/download/SISTransfer.cab (DiameterTransfer Control)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace.com/upload/MySpaceUploader1005.cab (MySpace Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1203289114109 (WUWebControl Class)
O16 - DPF: {67DABFBF-D0AB-41FA-9C46-CC0F21721616} http://go.divx.com/plugin/DivXBrowserPlugin.cab (DivXBrowserPlugin Object)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.5.0/jinstall-1_5_0_06-windows-i586.cab (Java Plug-in 1.5.0_06)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\CSCSettings: DllName - C:\WINDOWS\system32\hpj0231mg.dll - C:\WINDOWS\System32\hpj0231mg.dll File not found
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/03/09 09:51:26 | 00,000,100 | ---- | M] () - C:\AUTOEXEC.BAT -- [ FAT32 ]
O33 - MountPoints2\{8c90e63c-cd8b-11dd-81fc-00c09fca4ca7}\Shell - "" = AutoRun
O33 - MountPoints2\{8c90e63c-cd8b-11dd-81fc-00c09fca4ca7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8c90e63c-cd8b-11dd-81fc-00c09fca4ca7}\Shell\AutoRun\command - "" = G:\DPFMate.exe -- File not found
O33 - MountPoints2\{8d2cfd64-d246-11dd-81ff-00c09fca4ca7}\Shell - "" = AutoRun
O33 - MountPoints2\{8d2cfd64-d246-11dd-81ff-00c09fca4ca7}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8d2cfd64-d246-11dd-81ff-00c09fca4ca7}\Shell\AutoRun\command - "" = H:\DPFMate.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2009/12/22 22:49:28 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2009/12/20 19:55:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Application Data\Malwarebytes
[2009/12/20 19:55:19 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/20 19:55:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/12/20 19:55:16 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/20 19:55:16 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/12/20 19:55:00 | 04,844,296 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Carl\Desktop\mbam-setup.exe
[2009/12/20 18:59:36 | 00,000,000 | ---D | C] -- C:\32788R22FWJFW
[2009/12/19 15:02:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv
[2009/12/16 13:42:42 | 00,000,000 | -HSD | C] -- C:\FOUND.004
[2009/12/13 15:16:29 | 01,924,200 | ---- | C] (Adobe Systems Incorporated) -- C:\Documents and Settings\Carl\Desktop\install_flash_player(2).exe
[2009/12/13 14:20:31 | 00,980,768 | ---- | C] (Inbox.com, Inc. ) -- C:\Documents and Settings\Carl\Desktop\VideosSetup.exe
[2009/12/09 13:44:55 | 01,628,920 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxsfs.dll
[2009/12/09 13:44:55 | 00,551,672 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\px.dll
[2009/12/09 13:44:55 | 00,518,904 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxdrv.dll
[2009/12/09 13:44:55 | 00,379,640 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxwave.dll
[2009/12/09 13:44:55 | 00,187,128 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxmas.dll
[2009/12/09 13:44:55 | 00,129,784 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxafs.dll
[2009/12/09 13:44:55 | 00,120,056 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpyi64.exe
[2009/12/09 13:44:55 | 00,118,520 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsi64.exe
[2009/12/09 13:44:55 | 00,088,824 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\vxblock.dll
[2009/12/09 13:44:55 | 00,072,440 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxhpinst.exe
[2009/12/09 13:44:55 | 00,066,296 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxcpya64.exe
[2009/12/09 13:44:55 | 00,064,760 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\pxinsa64.exe
[2009/12/09 13:44:55 | 00,043,528 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\PxHelp20.sys
[2009/12/09 13:44:55 | 00,009,464 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdralw2k.sys
[2009/12/09 13:44:55 | 00,009,336 | ---- | C] (Sonic Solutions) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys
[2009/12/09 13:44:22 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\DivX Shared
[2009/12/09 13:44:21 | 00,000,000 | ---D | C] -- C:\Program Files\DivX
[2009/12/09 13:20:12 | 00,000,000 | ---D | C] -- C:\Program Files\Bywifi
[2009/12/08 11:10:58 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\AIM Toolbar
[2009/12/08 11:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\AOL Toolbar
[2009/12/06 21:25:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Application Data\acccore
[2009/12/06 21:25:01 | 00,000,000 | ---D | C] -- C:\Program Files\AIM Toolbar
[2009/12/06 21:25:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM Toolbar
[2009/12/06 21:24:59 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Software Update Utility
[2009/12/06 21:24:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Carl\Local Settings\Application Data\AIM
[2009/12/06 21:24:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AIM
[2009/12/06 21:24:36 | 00,000,000 | ---D | C] -- C:\Program Files\AIM
[2009/12/06 16:15:08 | 00,000,000 | -HSD | C] -- C:\FOUND.003
[2009/12/04 19:33:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2009/12/04 19:32:43 | 00,000,000 | ---D | C] -- C:\Program Files\AOL Toolbar
[2009/12/04 19:32:43 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AOL Toolbar
[2009/12/04 19:31:28 | 00,000,000 | ---D | C] -- C:\Program Files\AOL
[2009/12/04 19:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\aolshare
[2009/12/04 19:31:14 | 00,000,000 | ---D | C] -- C:\Program Files\AOL 9.5
[2009/12/04 19:22:06 | 00,209,784 | ---- | C] (AOL LLC.) -- C:\Documents and Settings\Carl\Desktop\AOLDNLD.exe
[2008/08/07 10:16:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\AOL
[2007/12/13 12:45:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/11/13 11:06:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Yahoo!
[2005/12/20 05:05:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\AVG7
[2005/03/07 11:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2005/03/07 11:54:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2005/03/07 11:41:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2005/03/07 11:41:08 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2009/12/22 22:56:20 | 08,126,464 | -H-- | M] () -- C:\Documents and Settings\Carl\NTUSER.DAT
[2009/12/22 22:48:46 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Carl\Desktop\OTL.exe
[2009/12/22 22:26:30 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/22 22:26:28 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/22 01:04:14 | 00,000,178 | -HS- | M] () -- C:\Documents and Settings\Carl\ntuser.ini
[2009/12/21 22:54:04 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/20 19:55:24 | 00,000,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 19:51:18 | 04,844,296 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Carl\Desktop\mbam-setup.exe
[2009/12/20 17:36:38 | 03,858,925 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\utorrent.exe
[2009/12/20 17:36:38 | 03,858,925 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Combo-Fix.exe
[2009/12/20 13:03:18 | 00,290,816 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\exeHelper.com
[2009/12/20 10:02:00 | 00,045,360 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2009/12/18 16:55:18 | 00,000,600 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/12/13 15:16:32 | 01,924,200 | ---- | M] (Adobe Systems Incorporated) -- C:\Documents and Settings\Carl\Desktop\install_flash_player(2).exe
[2009/12/13 14:20:02 | 00,980,768 | ---- | M] (Inbox.com, Inc. ) -- C:\Documents and Settings\Carl\Desktop\VideosSetup.exe
[2009/12/11 18:05:22 | 00,140,473 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0321091704.jpg
[2009/12/11 18:04:10 | 00,106,914 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0917091841.jpg
[2009/12/11 17:24:34 | 00,077,647 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\1119092043.jpg
[2009/12/10 14:56:00 | 00,109,610 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\1031092022.jpg
[2009/12/10 14:54:48 | 00,290,811 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0725091420.jpg
[2009/12/10 14:53:52 | 00,113,348 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0811091730.jpg
[2009/12/10 14:53:00 | 00,180,308 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0501091255.jpg
[2009/12/10 14:52:24 | 00,097,195 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0808091411.jpg
[2009/12/10 14:51:40 | 00,107,800 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0928092115b.jpg
[2009/12/10 14:50:24 | 00,083,100 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\0521091455.jpg
[2009/12/10 14:48:54 | 00,093,372 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\1204091959.jpg
[2009/12/09 20:57:34 | 00,000,362 | ---- | M] () -- C:\WINDOWS\tasks\Install_NSS.job
[2009/12/09 20:51:58 | 06,389,398 | -H-- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\IconCache.db
[2009/12/09 20:06:14 | 00,001,594 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Install_NSS.lnk
[2009/12/09 20:06:12 | 00,001,427 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\DivX Movies.lnk
[2009/12/09 13:45:02 | 00,000,703 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/12/09 13:44:54 | 00,000,739 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/12/09 13:20:16 | 00,000,600 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Media Transcoder.lnk
[2009/12/09 13:20:16 | 00,000,562 | ---- | M] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Video Accelerator.lnk
[2009/12/08 14:35:28 | 00,036,143 | ---- | M] () -- C:\Documents and Settings\Carl\My Documents\Mittens.jpg
[2009/12/06 21:24:42 | 00,001,482 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/12/04 19:33:30 | 00,000,623 | ---- | M] () -- C:\WINDOWS\aolback.exe.lnk
[2009/12/04 19:33:30 | 00,000,520 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2009/12/04 19:22:02 | 00,209,784 | ---- | M] (AOL LLC.) -- C:\Documents and Settings\Carl\Desktop\AOLDNLD.exe
[2009/12/04 18:31:50 | 00,000,128 | R--- | M] () -- C:\Documents and Settings\Carl\Valid.Ext
[2009/12/03 16:14:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/12/03 16:13:56 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/12/02 00:42:06 | 00,009,216 | ---- | M] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/20 19:55:22 | 00,000,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/20 18:59:13 | 03,858,925 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Combo-Fix.exe
[2009/12/20 18:59:10 | 03,858,925 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\utorrent.exe
[2009/12/20 18:59:05 | 00,744,960 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\IceSword.exe
[2009/12/20 13:03:17 | 00,290,816 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\exeHelper.com
[2009/12/11 18:05:18 | 00,140,473 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0321091704.jpg
[2009/12/11 18:04:07 | 00,106,914 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0917091841.jpg
[2009/12/11 17:24:31 | 00,077,647 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\1119092043.jpg
[2009/12/10 14:55:58 | 00,109,610 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\1031092022.jpg
[2009/12/10 14:54:44 | 00,290,811 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0725091420.jpg
[2009/12/10 14:53:49 | 00,113,348 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0811091730.jpg
[2009/12/10 14:52:57 | 00,180,308 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0501091255.jpg
[2009/12/10 14:52:21 | 00,097,195 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0808091411.jpg
[2009/12/10 14:51:37 | 00,107,800 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0928092115b.jpg
[2009/12/10 14:50:19 | 00,083,100 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\0521091455.jpg
[2009/12/10 14:48:50 | 00,093,372 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\1204091959.jpg
[2009/12/09 20:06:14 | 00,000,362 | ---- | C] () -- C:\WINDOWS\tasks\Install_NSS.job
[2009/12/09 20:06:12 | 00,001,594 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Install_NSS.lnk
[2009/12/09 13:45:00 | 00,000,703 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Player.lnk
[2009/12/09 13:44:52 | 00,000,739 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DivX Converter.lnk
[2009/12/09 13:44:21 | 00,001,427 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\DivX Movies.lnk
[2009/12/09 13:20:14 | 00,000,600 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Media Transcoder.lnk
[2009/12/09 13:20:14 | 00,000,562 | ---- | C] () -- C:\Documents and Settings\Carl\Desktop\Bywifi Video Accelerator.lnk
[2009/12/08 14:35:24 | 00,036,143 | ---- | C] () -- C:\Documents and Settings\Carl\My Documents\Mittens.jpg
[2009/12/06 21:24:41 | 00,001,482 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AIM.lnk
[2009/12/04 19:33:28 | 00,000,520 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\AOL 9.5.lnk
[2009/12/04 18:31:49 | 00,000,128 | R--- | C] () -- C:\Documents and Settings\Carl\Valid.Ext
[2008/11/14 22:02:06 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/03/28 20:55:54 | 00,000,340 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2008/01/29 19:17:21 | 00,000,036 | ---- | C] () -- C:\WINDOWS\marscam.ini
[2007/12/02 15:56:19 | 00,000,168 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2007/07/05 20:04:58 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/11/18 18:13:24 | 00,732,462 | -HS- | C] () -- C:\WINDOWS\System32\bdeeg.ini
[2006/11/18 18:13:23 | 00,000,354 | -HS- | C] () -- C:\WINDOWS\System32\accdd.ini
[2006/08/04 22:18:16 | 00,001,167 | ---- | C] () -- C:\WINDOWS\System32\rid97e17.sys
[2006/08/04 22:17:18 | 00,000,211 | ---- | C] () -- C:\WINDOWS\mm06y.ini
[2006/03/06 23:15:48 | 00,223,128 | ---- | C] () -- C:\WINDOWS\System32\drivers\dtscsi.sys
[2006/03/06 23:12:05 | 00,642,560 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd.sys
[2006/03/06 23:12:05 | 00,096,256 | ---- | C] () -- C:\WINDOWS\System32\drivers\sptd0285.sys
[2006/03/06 00:12:42 | 00,092,031 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2006/03/06 00:12:27 | 00,178,291 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2006/01/15 18:18:09 | 00,009,216 | ---- | C] () -- C:\Documents and Settings\Carl\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/12/24 16:35:42 | 00,024,576 | ---- | C] () -- C:\WINDOWS\System32\OODCSPRO.dll
[2005/12/24 16:35:42 | 00,016,384 | ---- | C] () -- C:\WINDOWS\System32\ood2kmsg.dll
[2005/12/21 00:10:19 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2005/12/20 18:27:43 | 00,000,169 | ---- | C] () -- C:\WINDOWS\RtlRack.ini
[2005/12/20 04:29:50 | 00,114,729 | ---- | C] () -- C:\WINDOWS\System32\Autorun.ini
[2005/12/20 04:26:21 | 00,000,692 | ---- | C] () -- C:\WINDOWS\System32\eRLog.ini
[2005/03/09 09:50:56 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMP3.dll
[2005/03/07 12:32:10 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/03/07 12:22:45 | 00,000,313 | ---- | C] () -- C:\WINDOWS\uninstall.ini
[2005/03/07 12:22:45 | 00,000,033 | ---- | C] () -- C:\WINDOWS\Acer.ini
[2005/03/07 12:15:13 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIBUN4.dll
[2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIMPEG2.dll
[2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTIFCD3.dll
[2005/03/07 12:14:29 | 00,001,024 | RH-- | C] () -- C:\WINDOWS\System32\NTICDMK7.dll
[2005/03/07 12:01:50 | 00,000,164 | ---- | C] () -- C:\WINDOWS\avrack.ini
[2005/03/07 12:01:47 | 00,156,672 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2005/03/07 11:54:46 | 00,037,776 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/03/07 11:46:14 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/12/17 17:14:44 | 00,013,952 | ---- | C] () -- C:\WINDOWS\System32\drivers\UBHelper.sys
[2001/12/26 16:12:30 | 00,065,536 | R--- | C] () -- C:\WINDOWS\System32\multiplex_vcd.dll
[2001/09/03 23:46:38 | 00,110,592 | R--- | C] () -- C:\WINDOWS\System32\Hmpg12.dll
[2001/07/30 16:33:56 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC.dll
[2001/07/23 22:04:36 | 00,118,784 | R--- | C] () -- C:\WINDOWS\System32\HMPV2_ENC_MMX.dll
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll
[1980/01/01 00:00:00 | 00,081,920 | ---- | C] () -- C:\WINDOWS\System32\ieencode.dll
[1980/01/01 00:00:00 | 00,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[1980/01/01 00:00:00 | 00,002,790 | ---- | C] () -- C:\WINDOWS\ANTIV.INI
[1980/01/01 00:00:00 | 00,000,091 | ---- | C] () -- C:\WINDOWS\ALaunch.ini

========== Files - Unicode (All) ==========
[2007/02/09 20:58:40 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\W?nSxS) -- C:\Documents and Settings\Carl\My Documents\WіnSxS
[2007/02/09 20:58:39 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\W?nSxS) -- C:\Documents and Settings\Carl\My Documents\WіnSxS
[2007/02/03 21:45:24 | 00,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2007/02/03 21:45:24 | 00,000,000 | ---D | M](C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
[2007/02/02 20:55:52 | 00,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2007/02/02 20:55:52 | 00,000,000 | ---D | M](C:\Program Files\s?stem) -- C:\Program Files\sуstem
[2007/01/27 21:13:58 | 00,000,000 | ---D | M](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2007/01/27 21:13:57 | 00,000,000 | ---D | C](C:\WINDOWS\System32\??mbols) -- C:\WINDOWS\System32\ѕуmbols
[2007/01/26 20:53:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\?ymbols) -- C:\Documents and Settings\Carl\My Documents\ѕymbols
[2007/01/26 20:53:11 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\?ymbols) -- C:\Documents and Settings\Carl\My Documents\ѕymbols
[2007/01/20 22:29:20 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2007/01/20 22:29:20 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
[2007/01/19 23:08:10 | 00,000,000 | ---D | M](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2007/01/19 23:08:08 | 00,000,000 | ---D | C](C:\WINDOWS\System32\??sembly) -- C:\WINDOWS\System32\аѕsembly
[2007/01/18 23:07:22 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2007/01/18 23:07:22 | 00,000,000 | ---D | M](C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
[2007/01/16 23:57:04 | 00,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2007/01/16 23:57:04 | 00,000,000 | ---D | M](C:\Program Files\?asks) -- C:\Program Files\Тasks
[2007/01/15 23:08:50 | 00,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2007/01/15 23:08:50 | 00,000,000 | ---D | M](C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
[2007/01/14 22:36:22 | 00,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2007/01/14 22:36:22 | 00,000,000 | ---D | M](C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
[2007/01/13 22:10:14 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Οracle
[2007/01/13 22:10:12 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?racle) -- C:\WINDOWS\System32\Οracle
[2007/01/12 22:38:40 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\?ppPatch) -- C:\Documents and Settings\Carl\My Documents\АppPatch
[2007/01/12 22:38:38 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\?ppPatch) -- C:\Documents and Settings\Carl\My Documents\АppPatch
[2007/01/07 21:20:36 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\??sembly) -- C:\Documents and Settings\Carl\My Documents\аѕsembly
[2007/01/07 21:20:35 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\??sembly) -- C:\Documents and Settings\Carl\My Documents\аѕsembly
[2007/01/06 21:35:00 | 00,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2007/01/06 21:35:00 | 00,000,000 | ---D | M](C:\Program Files\?racle) -- C:\Program Files\Оracle
[2006/12/31 23:11:46 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\s?curity) -- C:\Documents and Settings\Carl\Application Data\sеcurity
[2006/12/31 23:11:46 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\s?curity) -- C:\Documents and Settings\Carl\Application Data\sеcurity
[2006/12/30 23:06:08 | 00,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2006/12/30 23:06:06 | 00,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Таsks
[2006/12/29 22:56:52 | 00,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2006/12/29 22:56:52 | 00,000,000 | ---D | M](C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
[2006/12/23 20:48:08 | 00,000,000 | ---D | M](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/12/23 20:48:07 | 00,000,000 | ---D | C](C:\WINDOWS\??curity) -- C:\WINDOWS\ѕеcurity
[2006/12/22 21:37:06 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\My Documents\?ymantec) -- C:\Documents and Settings\Carl\My Documents\Ѕymantec
[2006/12/22 21:37:04 | 00,000,000 | ---D | C](C:\Documents and Settings\Carl\My Documents\?ymantec) -- C:\Documents and Settings\Carl\My Documents\Ѕymantec
[2006/12/16 12:38:04 | 00,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/12/16 12:38:04 | 00,000,000 | ---D | M](C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
[2006/12/15 23:18:36 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\??crosoft.NET) -- C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET
[2006/12/15 23:18:36 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\??crosoft.NET) -- C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET
[2006/12/08 21:54:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\?icrosoft) -- C:\Documents and Settings\Carl\Application Data\Мicrosoft
[2006/12/08 21:54:12 | 00,000,000 | ---D | M](C:\Documents and Settings\Carl\Application Data\?icrosoft) -- C:\Documents and Settings\Carl\Application Data\Мicrosoft
[2006/12/04 00:38:48 | 00,000,000 | ---D | M](C:\WINDOWS\System32\S?mantec) -- C:\WINDOWS\System32\Sуmantec
[2006/12/04 00:38:46 | 00,000,000 | ---D | C](C:\WINDOWS\System32\S?mantec) -- C:\WINDOWS\System32\Sуmantec
[2006/12/03 00:09:26 | 00,000,000 | ---D | M](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2006/12/03 00:09:24 | 00,000,000 | ---D | C](C:\WINDOWS\W?nSxS) -- C:\WINDOWS\WіnSxS
[2006/12/02 00:07:46 | 00,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2006/12/02 00:07:46 | 00,000,000 | ---D | M](C:\Program Files\T?sks) -- C:\Program Files\Tаsks
[2006/11/25 22:31:56 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/11/25 22:31:56 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
[2006/11/24 22:28:18 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2006/11/24 22:28:18 | 00,000,000 | ---D | M](C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
[2006/11/23 08:40:26 | 00,000,000 | ---D | M](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2006/11/23 08:40:25 | 00,000,000 | ---D | C](C:\WINDOWS\F?nts) -- C:\WINDOWS\Fоnts
[2006/11/18 18:13:00 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2006/11/18 18:12:58 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?ssembly) -- C:\WINDOWS\System32\аssembly
[2006/11/18 18:08:28 | 00,000,000 | ---D | M](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2006/11/18 18:08:26 | 00,000,000 | ---D | C](C:\WINDOWS\??sks) -- C:\WINDOWS\Τаsks
[2006/11/18 18:08:06 | 00,000,000 | ---D | M](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Μicrosoft
[2006/11/18 18:08:05 | 00,000,000 | ---D | C](C:\WINDOWS\System32\?icrosoft) -- C:\WINDOWS\System32\Μicrosoft
(C:\Program Files\T?sks) -- C:\Program Files\Tаsks
(C:\Program Files\s?stem) -- C:\Program Files\sуstem
(C:\Program Files\Common Files\W?nSxS) -- C:\Program Files\Common Files\WіnSxS
(C:\Program Files\Common Files\s?mbols) -- C:\Program Files\Common Files\sуmbols
(C:\Program Files\Common Files\M?crosoft.NET) -- C:\Program Files\Common Files\Mіcrosoft.NET
(C:\Program Files\Common Files\?dobe) -- C:\Program Files\Common Files\Αdobe
(C:\Program Files\Common Files\??stem32) -- C:\Program Files\Common Files\ѕуstem32
(C:\Program Files\Common Files\??stem) -- C:\Program Files\Common Files\ѕуstem
(C:\Program Files\Common Files\??sks) -- C:\Program Files\Common Files\Τаsks
(C:\Program Files\?racle) -- C:\Program Files\Оracle
(C:\Program Files\?asks) -- C:\Program Files\Тasks
(C:\Program Files\??mantec) -- C:\Program Files\Ѕуmantec
(C:\Program Files\??curity) -- C:\Program Files\ѕеcurity
(C:\Documents and Settings\Carl\Application Data\s?curity) -- C:\Documents and Settings\Carl\Application Data\sеcurity
(C:\Documents and Settings\Carl\Application Data\?icrosoft) -- C:\Documents and Settings\Carl\Application Data\Мicrosoft
(C:\Documents and Settings\Carl\Application Data\??crosoft.NET) -- C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET
< End of report >

OTL Extras logfile created on: 12/22/2009 10:55:02 PM - Run 1
OTL by OldTimer - Version 3.1.19.0 Folder = C:\Documents and Settings\Carl\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

382.00 Mb Total Physical Memory | 55.00 Mb Available Physical Memory | 14.00% Memory free
1,017.00 Mb Paging File | 772.00 Mb Available in Paging File | 76.00% Paging File free
Paging file location(s): C:\pagefile.sys 672 1344 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 17.07 Gb Total Space | 1.92 Gb Free Space | 11.25% Space Free | Partition Type: FAT32
Drive D: | 17.24 Gb Total Space | 12.20 Gb Free Space | 70.73% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: ACER-2E68C49B20
Current User Name: Carl
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office10\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"D:\America Online 9.0\waol.exe" = D:\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\Common Files\AOL\1135141983\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1135141983\ee\aolsoftware.exe:*:Enabled:AOL Services -- File not found
"C:\Program Files\Common Files\AOL\1135141983\ee\aim6.exe" = C:\Program Files\Common Files\AOL\1135141983\ee\aim6.exe:*:Enabled:AIM -- File not found
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL -- (AOL LLC)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL -- (AOL LLC)
"D:\America Online 9.0\waol.exe" = D:\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 -- File not found
"C:\Program Files\Yahoo!\Messenger\YPager.exe" = C:\Program Files\Yahoo!\Messenger\YPager.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- File not found
"C:\Program Files\Grisoft\AVG Free\avgcc.exe" = C:\Program Files\Grisoft\AVG Free\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\ABC\abc.exe" = C:\Program Files\ABC\abc.exe:*:Enabled:abc -- ()
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- File not found
"D:\turbo tax\TurboTax Home & Business 2007\32bit\ttax.exe" = D:\turbo tax\TurboTax Home & Business 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- File not found
"D:\turbo tax\TurboTax Home & Business 2007\32bit\updatemgr.exe" = D:\turbo tax\TurboTax Home & Business 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- File not found
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- File not found
"C:\Program Files\Common Files\aol\1259973095\ee\aolsoftware.exe" = C:\Program Files\Common Files\aol\1259973095\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- (AOL LLC)
"C:\Program Files\AOL 9.5\waol.exe" = C:\Program Files\AOL 9.5\waol.exe:*:Enabled:AOL -- (AOL, LLC.)
"C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\aol\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL TopSpeed -- (AOL LLC)
"C:\Program Files\Common Files\aol\System Information\sinf.exe" = C:\Program Files\Common Files\aol\System Information\sinf.exe:*:Enabled:AOL System Information -- (AOL LLC)
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM -- (AOL LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0AD84416-63A4-4CF3-BDDF-8FA866711FB0}" = Civilization III
"{13F3917B56CD4C25848BDC69916971BB}" = DivX Converter
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{20E5F823-61A4-4BCE-9DF4-5DB43F302B69}" = Diskeeper Professional Premier Edition
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Arcade 3.0
"{3248F0A8-6813-11D6-A77B-00B0D0150060}" = J2SE Runtime Environment 5.0 Update 6
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3FC7CBBC4C1E11DCA1A752EA55D89593}" = DivX Version Checker
"{48A34EA8-695B-48BE-B900-C0C44D5D518A}" = Photo Viewer
"{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker
"{5490882C-6961-11D5-BAE5-00E0188E010B}" = FUJIFILM USB Driver
"{582D2A53-F426-4C5E-A2E6-43C1AB36B907}" = Safari
"{5EE7D259-D137-4438-9A5F-42F432EC0421}" = VC80CRTRedist - 8.0.50727.4053
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{797EE0CA-8165-405C-B5CE-F11EC20F1BB0}" = Microsoft VC9 runtime libraries
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8
"{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{90280409-6000-11D3-8CFE-0050048383C9}" = Microsoft Office XP Professional with FrontPage
"{A96E97134CA649888820BCDE5E300BBD}" = H.264 Decoder
"{AAC389499AEF40428987B3D30CFC76C9}" = MKV Splitter
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AEF9DC35ADDF4825B049ACBFD1C6EB37}" = AAC Decoder
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Plus Web Player
"{B7A0CE06-068E-11D6-97FD-0050BACBF861}" = PowerProducer
"{DC226AC9-0314-496C-BE6A-B6A132628466}" = SiSAGP driver
"{E86E5246-AA7E-11D4-88C9-00105ADBE398}" = O&O Defrag 2000 Freeware Edition
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F958CA02-BB40-4007-894B-258729456EE4}" = QuickTime
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"7-Zip" = 7-Zip 4.42
"ABC" = ABC (remove only)
"Ad-Aware SE Personal" = Ad-Aware SE Personal
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Agere Systems Soft Modem" = Agere Systems AC'97 Modem
"AIM Search" = AIM Search
"AIM Toolbar" = AIM Toolbar
"AIM_7" = AIM 7
"AOL Emergency Connect Utility 1.0" = Uninstall AOL Emergency Connect Utility 1.0
"AOL Toolbar" = AOL Toolbar
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"Bywifi" = Bywifi 1.10.3
"DivX Plus DirectShow Filters" = DivX Plus DirectShow Filters
"GridVista" = Acer GridVista
"HijackThis" = HijackThis 2.0.2
"InstallShield_{5242A858-AD61-4130-92D4-BDF5087CE562}" = NTI CD & DVD-Maker Gold
"InstallShield_{69CC0647-7F98-4358-AAB6-4F65C0705400}" = NTI Backup NOW! 4
"InstallShield_{827289F5-B44F-4E49-9993-840741585A62}" = Acer eManager for Notebook
"LimeWire" = LimeWire PRO 4.12.11
"LManager" = Launch Manager
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"mr7910_32bb2befe1e5d1d6012329af0300b36139b7b84a" = Windows Driver Package - (mr7910) Image 06/28/2005 1.3.0.0
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSNINST" = MSN
"MySpaceIM" = MySpaceIM
"RealPlayer 6.0" = RealPlayer Basic
"SiS VGA Driver" = SiS VGA Utilities
"SiSLan" = SiS 900 PCI Fast Ethernet Adapter Driver
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"USB Driver Vers. 3.2" = USB Driver Vers. 3.2
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 3/5/2009 11:25:51 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:26:55 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:27:54 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:30:47 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:43:41 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/5/2009 11:43:41 AM | Computer Name = ACER-2E68C49B20 | Source = Lavasoft Ad-Aware Service | ID = 0
Description =

Error - 3/12/2009 9:57:16 AM | Computer Name = ACER-2E68C49B20 | Source = Application Hang | ID = 1002
Description = Hanging application CDBak32.exe, version 4.0.20.1, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 11/23/2009 9:34:21 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module mshtml.dll, version 6.0.2900.2180, fault address 0x000b5afa.

Error - 11/26/2009 8:03:06 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 6.0.2900.2180, faulting
module unknown, version 0.0.0.0, fault address 0x027ae9e0.

Error - 12/15/2009 7:19:27 PM | Computer Name = ACER-2E68C49B20 | Source = Application Error | ID = 1000
Description = Faulting application bywifi.exe, version 1.0.0.1, faulting module
bywifips.dll, version 0.0.0.0, fault address 0x0000b29e.

[ System Events ]
Error - 12/20/2009 4:23:50 PM | Computer Name = ACER-2E68C49B20 | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 12/20/2009 5:02:40 PM | Computer Name = ACER-2E68C49B20 | Source = DCOM | ID = 10010
Description = The server {0EF242C6-6ECD-476E-9859-076503985F8E} did not register
with DCOM within the required timeout.

Error - 12/20/2009 9:22:38 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/20/2009 9:22:40 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi Lbd redbook

Error - 12/20/2009 9:33:05 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/20/2009 9:33:07 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom gagp30kx Imapi Lbd redbook

Error - 12/21/2009 11:54:18 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/21/2009 11:54:20 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi Lbd redbook

Error - 12/22/2009 11:26:44 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7000
Description = The Bonjour Service service failed to start due to the following error:
%%3

Error - 12/22/2009 11:26:46 PM | Computer Name = ACER-2E68C49B20 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Cdrom Imapi Lbd redbook


< End of report >

Wow, OTL shows you have a VERY old infection suprising no other scanner picked it up.

I see that you are running Limewire.
P2P(Peer to peer) applications are designed to help you easily share and distribute files between you and a group of people. But they can also be used to distribute malware, and thus are not considered safe.
The removal of these programs is optional, but highly recommended.

Go to Start > Control Panel > Add/Remove Programs and remove the following programs.

J2SE Runtime Environment 5.0 Update 6
LimeWire PRO 4.12.11
Viewpoint Media Player

Please run OTL.exe.

• Copy the commands with file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
  
  
  :OTL
  O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
  O20 - Winlogon\Notify\CSCSettings: DllName - C:\WINDOWS\system32\hpj0231mg.dll - C:\WINDOWS\System32\hpj0231mg.dll File not found
  
  :files
  C:\FOUND.***
  C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv
  
  :commands
  [purity]
  [emptytemp]
  [reboot]
  
  
  
• Return to OTL, right click in the "Custom Scans/Fixes" window (under the light green bar) and choose Paste.
  
  
• Click the red Run Fix button.
  
• A fix log in Notepad will appear. Copy the contents of the fix log to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  
• Close OTL.exe
  

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.

All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\CSCSettings\ deleted successfully.
========== FILES ==========
C:\FOUND.000 folder moved successfully.
C:\FOUND.003 folder moved successfully.
C:\FOUND.002 folder moved successfully.
C:\FOUND.004 folder moved successfully.
C:\FOUND.001 folder moved successfully.
C:\Documents and Settings\Carl\Local Settings\Application Data\gvqjwv folder moved successfully.
========== COMMANDS ==========
C:\WINDOWS\Fоnts folder moved successfully.
C:\WINDOWS\ѕеcurity folder moved successfully.
C:\WINDOWS\Τаsks folder moved successfully.
C:\WINDOWS\Таsks folder moved successfully.
C:\WINDOWS\WіnSxS folder moved successfully.
C:\WINDOWS\System32\аѕsembly folder moved successfully.
C:\WINDOWS\System32\Μicrosoft\bak folder moved successfully.
C:\WINDOWS\System32\Μicrosoft\Μicrosoft folder moved successfully.
C:\WINDOWS\System32\Μicrosoft folder moved successfully.
C:\WINDOWS\System32\Οracle folder moved successfully.
C:\WINDOWS\System32\Sуmantec folder moved successfully.
C:\WINDOWS\System32\ѕуmbols folder moved successfully.
C:\Program Files\Оracle folder moved successfully.
C:\Program Files\ѕеcurity folder moved successfully.
C:\Program Files\Ѕуmantec folder moved successfully.
C:\Program Files\sуstem folder moved successfully.
C:\Program Files\Tаsks folder moved successfully.
C:\Program Files\Тasks folder moved successfully.
C:\Program Files\Common Files\Αdobe folder moved successfully.
C:\Program Files\Common Files\Mіcrosoft.NET folder moved successfully.
C:\Program Files\Common Files\sуmbols folder moved successfully.
C:\Program Files\Common Files\ѕуstem folder moved successfully.
C:\Program Files\Common Files\ѕуstem32 folder moved successfully.
C:\Program Files\Common Files\Τаsks folder moved successfully.
C:\Program Files\Common Files\WіnSxS folder moved successfully.
C:\Documents and Settings\Carl\My Documents\АppPatch folder moved successfully.
C:\Documents and Settings\Carl\My Documents\аѕsembly folder moved successfully.
C:\Documents and Settings\Carl\My Documents\Ѕymantec folder moved successfully.
C:\Documents and Settings\Carl\My Documents\ѕymbols folder moved successfully.
C:\Documents and Settings\Carl\My Documents\WіnSxS folder moved successfully.
C:\Documents and Settings\Carl\Application Data\Μіcrosoft.NET folder moved successfully.
C:\Documents and Settings\Carl\Application Data\Мicrosoft folder moved successfully.
C:\Documents and Settings\Carl\Application Data\sеcurity folder moved successfully.

[EMPTYTEMP]

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32768 bytes

User: All Users

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 1147863 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 297895 bytes

User: Carl
->Temp folder emptied: 2226732087 bytes
->Temporary Internet Files folder emptied: 8760768 bytes
->Java cache emptied: 130251005 bytes
->FireFox cache emptied: 44874134 bytes
->Apple Safari cache emptied: 209832 bytes

User: Administrator
->Temp folder emptied: 1511 bytes
->Temporary Internet Files folder emptied: 32902 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 864785 bytes
Windows Temp folder emptied: 115751261 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 33170 bytes
RecycleBin emptied: 43389700 bytes

Total Files Cleaned = 2,453.00 mb


OTL by OldTimer - Version 3.1.19.0 log created on 12232009_173043

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Carl\Local Settings\Temp\Temporary Internet Files\Content.IE5\NU4H0GW0\MDk4LjguOS5maC5uei44NS40OTNAQHh6eW92QEBvYm1tQEAtNF85QEB4bG54emhnIHh6eW92IHhsbm5mbXJ4emdybG1oIHNsb3dybXRoICBybXhAQG12Z0BAbWxpZ3N2emhnOzEyMTg1MTI5MjI4NDU7MTs7OzE7NDszNDc3MzQ4OzM0N&r=0 not found!
C:\WINDOWS\temp\Perflib_Perfdata_d4.dat moved successfully.

Registry entries deleted on Reboot...

there was a file that on the desktop called thumbs.db

whats that?

Delete that file, not sure where it came from.

To remove all of the tools we used and the files and folders they created do the following:
Double click OTL.exe.

• Click the CleanUp! button.
  
• Select Yes when the "Begin cleanup Process?" prompt appears.
  
• If you are prompted to Reboot during the cleanup, select Yes.
  
• The tool will delete itself once it finishes.
  

Done whats next?

How is the machine now?

It's running fine. Thanks once again for the help Belahzur!