Please Help With System Tool - Computer is used for work - Geeks to Go Forums

Jump to content

Log in Register Register Malware removal guide How it works

Please Help With System Tool - Computer is used for work

#1 chansey

  • Group: Member
  • Posts: 46
  • Joined: 13-August 08

Posted 07 February 2011 - 01:11 AM

I got hit with a System Tool and it will not let me install the Malwarebytes. I tried to download it exactly as the instructions stated, by renaming the .exe file and then install it, but it won't let me. I couldn't download it from another computer either. I have no clue what to do, but soooo need this computer for work.

Any help you can give me will be greatly appreciated, and I will donate to the help of this problem.

Thank you!!

*** UPDATE ***
After much determination, I finally was able to get mbam to run on this computer and remove the System Tool (yay!!). However, is there a way to make sure that every trace of it is gone, and it didn't sneak into any other files or registry values?

Here are the results from the OTL.Txt

OTL logfile created on: 2/7/2011 6:52:04 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 214.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.31 Gb Total Space | 12.33 Gb Free Space | 17.53% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.60 Gb Free Space | 14.26% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: MAIN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/02/07 06:48:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
PRC - [2011/02/02 06:31:28 | 000,918,184 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fssm32.exe
PRC - [2011/02/02 06:31:27 | 000,508,584 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32.exe
PRC - [2011/01/04 07:09:43 | 000,372,904 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsav32.exe
PRC - [2010/12/20 07:14:46 | 000,063,992 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe
PRC - [2010/03/19 10:34:56 | 000,522,848 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\FWES\program\fsdfwd.exe
PRC - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE
PRC - [2009/08/05 09:58:50 | 000,199,264 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSM32.EXE
PRC - [2009/08/05 09:58:50 | 000,088,672 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Common\FSHDLL32.EXE
PRC - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe
PRC - [2009/02/23 07:05:34 | 000,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2008/04/13 18:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/12/07 04:17:00 | 000,025,256 | ---- | M] () -- C:\Program Files\Lexmark Z2300 Series\lxdpmsdmon.exe
PRC - [2007/12/01 01:16:54 | 000,594,600 | ---- | M] ( ) -- C:\WINDOWS\system32\lxdpcoms.exe
PRC - [2007/10/30 22:37:22 | 001,654,784 | ---- | M] (Belkin) -- C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe
PRC - [2005/01/21 18:04:42 | 000,163,840 | ---- | M] (Simple Star, Inc.) -- C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe
PRC - [2003/10/29 10:17:30 | 000,135,168 | ---- | M] (Alcor Micro, Corp.) -- C:\Program Files\Multimedia Card Reader\shwicon2k.exe
PRC - [2003/08/21 05:15:48 | 000,483,328 | ---- | M] (Hewlett-Packard) -- C:\WINDOWS\system32\hphmon05.exe
PRC - [2003/07/14 19:52:44 | 000,040,960 | ---- | M] (Agere Systems) -- C:\WINDOWS\ltmsg.exe
PRC - [2003/02/03 10:29:12 | 001,568,768 | ---- | M] (Scansoft, Inc.) -- C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe


========== Modules (SafeList) ==========

MOD - [2011/02/07 06:48:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
MOD - [2010/08/23 10:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2009/08/05 09:59:08 | 000,256,608 | ---- | M] (F-Secure Corporation) -- C:\Program Files\Charter Security Suite\Spam Control\fsscoepl.dll
MOD - [2006/10/22 12:22:00 | 001,470,464 | ---- | M] () -- C:\WINDOWS\system32\nview.dll
MOD - [2006/10/22 12:22:00 | 000,081,920 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\nvwddi.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - File not found [On_Demand | Stopped] -- -- (AppMgmt)
SRV - [2010/12/20 07:14:46 | 000,063,992 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\ORSP Client\fsorsp.exe -- (FSORSPClient)
SRV - [2010/03/19 10:34:56 | 000,522,848 | ---- | M] (F-Secure Corporation) [On_Demand | Running] -- C:\Program Files\Charter Security Suite\FWES\Program\fsdfwd.exe -- (FSDFWD)
SRV - [2009/08/05 09:58:52 | 000,186,976 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Common\FSMA32.EXE -- (FSMA)
SRV - [2009/08/05 09:56:10 | 000,215,648 | ---- | M] (F-Secure Corporation) [Auto | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\fsgk32st.exe -- (F-Secure Gatekeeper Handler Starter)
SRV - [2008/11/09 14:48:14 | 000,602,392 | ---- | M] (Yahoo! Inc.) [Auto | Running] -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService)
SRV - [2007/12/01 01:16:54 | 000,594,600 | ---- | M] ( ) [Auto | Running] -- C:\WINDOWS\System32\lxdpcoms.exe -- (lxdp_device)
SRV - [2007/12/01 01:16:47 | 000,098,984 | ---- | M] () [Auto | Stopped] -- C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\\lxdpserv.exe -- (lxdpCATSCustConnectService)


========== Driver Services (SafeList) ==========

DRV - File not found [File_System | Boot | Running] -- -- (MFX)
DRV - [2010/12/16 14:15:30 | 000,082,120 | ---- | M] (F-Secure Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\fsdfw.sys -- (FSFW)
DRV - [2010/12/15 06:23:53 | 000,042,664 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\system32\Drivers\fsbts.sys -- (fsbts)
DRV - [2010/11/29 21:01:27 | 000,130,728 | ---- | M] () [Kernel | On_Demand | Running] -- C:\Program Files\Charter Security Suite\Anti-Virus\minifilter\fsgk.sys -- (F-Secure Gatekeeper)
DRV - [2009/08/05 09:58:30 | 000,068,064 | ---- | M] (F-Secure Corporation) [Kernel | System | Running] -- C:\Program Files\Charter Security Suite\HIPS\drivers\fshs.sys -- (F-Secure HIPS)
DRV - [2009/08/05 09:56:14 | 000,039,776 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsfilter.sys -- (F-Secure Filter)
DRV - [2009/08/05 09:56:14 | 000,025,184 | ---- | M] () [Kernel | Disabled | Stopped] -- C:\Program Files\Charter Security Suite\Anti-Virus\win2k\fsrec.sys -- (F-Secure Recognizer)
DRV - [2007/07/26 20:08:18 | 000,019,072 | R--- | M] (ASIX Electronics Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ax88772.sys -- (AX88772)
DRV - [2006/10/22 12:22:00 | 003,994,624 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\nv4_mini.sys -- (nv)
DRV - [2004/10/07 19:16:04 | 000,035,840 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2004/10/01 10:24:02 | 002,279,424 | ---- | M] (Realtek Semiconductor Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ALCXWDM.SYS -- (ALCXWDM) Service for Realtek AC97 Audio (WDM)
DRV - [2004/01/27 08:00:44 | 000,028,256 | ---- | M] (MusicMatch, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\System32\drivers\MxlW2k.sys -- (MxlW2k)
DRV - [2003/12/12 08:54:14 | 000,391,424 | ---- | M] (Sensaura Ltd) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ALCXSENS.SYS -- (ALCXSENS)
DRV - [2003/12/06 04:13:42 | 000,429,440 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\sisgrp.sys -- (SiS315)
DRV - [2003/12/05 18:25:54 | 000,011,392 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\srvkp.sys -- (SiSkp)
DRV - [2003/12/02 20:23:20 | 000,142,336 | ---- | M] (Promise Technology, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\fasttx2k.sys -- (fasttx2k)
DRV - [2003/11/10 11:24:24 | 000,039,532 | ---- | M] (Alcor Micro Corp.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\Sunkfilt.sys -- (SunkFilt)
DRV - [2003/09/03 01:51:00 | 000,021,120 | ---- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2003/07/18 18:58:20 | 000,036,992 | ---- | M] (Silicon Integrated Systems Corporation) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\SISAGPX.sys -- (SISAGP)
DRV - [2003/07/02 13:42:00 | 000,027,904 | ---- | M] (VIA Technologies, Inc.) [Kernel | Boot | Stopped] -- C:\WINDOWS\System32\DRIVERS\viaagp1.sys -- (viaagp1)
DRV - [2003/07/02 01:33:00 | 000,652,497 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ltmdmnt.sys -- (ltmodem5)
DRV - [2003/04/28 08:13:06 | 000,009,856 | ---- | M] (Padus, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\pfc.sys -- (pfc)
DRV - [2003/04/21 23:18:00 | 000,054,784 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/10/04 19:04:10 | 000,046,976 | ---- | M] (Realtek Semiconductor Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\R8139n51.sys -- (rtl8139)
DRV - [2002/07/29 23:43:50 | 000,023,808 | ---- | M] (Hewlett-Packard Company) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\PS2.sys -- (Ps2)
DRV - [2002/04/11 21:21:38 | 000,013,335 | R--- | M] (Microsystems Corp) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbcm.sys -- (usbcm)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.yahoo.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\litmus-ff@f-secure.com: C:\Program Files\Charter Security Suite\NRS\litmus-ff@f-secure.com [2010/09/07 07:55:08 | 000,000,000 | ---D | M]


O1 HOSTS File: ([2010/11/27 17:04:27 | 000,000,098 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 6.0\Reader\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Browsing Protection Class) - {C6867EB7-8350-4856-877F-93CF8AE3DC9C} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O3 - HKLM\..\Toolbar: (Browsing Protection Toolbar) - {265EEE8E-3228-44D3-AEA5-F7FDF5860049} - C:\Program Files\Charter Security Suite\NRS\iescript\baselitmus.dll (F-Secure Corporation)
O4 - HKLM..\Run: [F5D7050v3] C:\Program Files\Belkin\F5D7050v3\Belkinwcui.exe (Belkin)
O4 - HKLM..\Run: [F-Secure Manager] C:\Program Files\Charter Security Suite\Common\FSM32.EXE (F-Secure Corporation)
O4 - HKLM..\Run: [HPHmon05] C:\WINDOWS\system32\hphmon05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [HPHUPD05] c:\Program Files\HP\{45B6180B-DCAB-4093-8EE8-6164457517F0}\hphupd05.exe (Hewlett-Packard)
O4 - HKLM..\Run: [KernelFaultCheck] File not found
O4 - HKLM..\Run: [LTMSG] C:\WINDOWS\ltmsg.exe (Agere Systems)
O4 - HKLM..\Run: [lxdpamon] C:\Program Files\Lexmark Z2300 Series\lxdpamon.exe ()
O4 - HKLM..\Run: [lxdpmon.exe] C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe ()
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe ()
O4 - HKLM..\Run: [PS2] C:\WINDOWS\system32\ps2.EXE (Hewlett-Packard Company)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Sunkist2k] C:\Program Files\Multimedia Card Reader\shwicon2k.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [PhotoShow Deluxe Media Manager] C:\Program Files\Simple Star\PhotoShow Deluxe 3\data\Xtras\mssysmgr.exe (Simple Star, Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Reminder.lnk = C:\Program Files\Broderbund\PrintMaster\pmremind.exe (Broderbund Properties LLC)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\Program Files\Quicken\bagent.exe (Intuit Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SmartUI.lnk = C:\Program Files\Scansoft\PaperPort\SmartUI\SmartUI.exe (Scansoft, Inc.)
O4 - Startup: C:\Documents and Settings\Owner\Start Menu\Programs\Startup\Eyetide Launcher.lnk = C:\Program Files\Eyetide Media\Eyetide Viewer\EyetideController.exe ()
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: oma11pwww05 ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: prod.westworlds.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: west.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: westathome.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: workathomeagent.net ([]* in Trusted sites)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1257591609875 (WUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-0016-0000-0018-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_18)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.2.1
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/01/27 05:48:57 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/02/07 06:48:29 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/02/07 01:20:36 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/06 23:03:46 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Start Menu\Programs\System Tool
[2011/02/06 22:53:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\fOgNkIl06300
[2011/01/13 14:15:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Promos
[2009/11/11 10:13:58 | 000,438,272 | ---- | C] ( ) -- C:\WINDOWS\System32\LXDPhcp.dll
[2009/11/11 10:13:58 | 000,364,544 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpinpa.dll
[2009/11/11 10:13:58 | 000,339,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpiesc.dll
[2009/11/11 10:13:57 | 001,101,824 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpserv.dll
[2009/11/11 10:13:57 | 000,843,776 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpusb1.dll
[2009/11/11 10:13:56 | 000,647,168 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdppmui.dll
[2009/11/11 10:13:56 | 000,569,344 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdplmpm.dll
[2009/11/11 10:13:56 | 000,053,248 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpprox.dll
[2009/11/11 10:13:54 | 000,663,552 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdphbn3.dll
[2009/11/11 10:13:52 | 000,851,968 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomc.dll
[2009/11/11 10:13:52 | 000,376,832 | ---- | C] ( ) -- C:\WINDOWS\System32\lxdpcomm.dll

========== Files - Modified Within 30 Days ==========

[2011/02/07 06:48:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/02/07 04:44:55 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011/02/07 01:47:47 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/07 01:47:45 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/02/07 01:47:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/07 00:13:07 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/01 23:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/30 23:10:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kevin Theology.doc
[2011/01/19 16:29:19 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.url

========== Files Created - No Company Name ==========

[2011/02/07 00:13:07 | 001,228,854 | ---- | C] () -- C:\fsqwr.bmp
[2011/01/30 23:10:56 | 000,024,576 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Kevin Theology.doc
[2011/01/19 16:29:19 | 000,000,722 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.url
[2010/12/31 18:19:21 | 000,189,992 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/27 18:25:37 | 000,003,982 | ---- | C] () -- C:\WINDOWS\kj01d.sys
[2010/03/19 09:51:22 | 000,042,664 | ---- | C] () -- C:\WINDOWS\System32\drivers\fsbts.sys
[2010/01/20 21:31:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Console
[2010/01/20 21:31:03 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Components
[2010/01/20 21:31:02 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/20 21:27:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\All Users\Application Data\Conditionals
[2010/01/20 21:27:05 | 000,000,268 | RH-- | C] () -- C:\Documents and Settings\Owner\Application Data\Commands
[2010/01/20 21:27:05 | 000,000,020 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/30 19:57:19 | 000,000,145 | ---- | C] () -- C:\WINDOWS\XWords2.INI
[2009/12/29 20:10:32 | 000,005,224 | ---- | C] () -- C:\WINDOWS\System32\ucuiinfo.ini
[2009/11/23 14:30:41 | 000,000,032 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\art.udk
[2009/11/23 14:30:41 | 000,000,017 | -H-- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\19720201.dat
[2009/11/11 10:14:13 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\lxdprwrd.ini
[2009/11/11 10:13:58 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\LXDPinst.dll
[2009/11/11 10:13:54 | 000,208,896 | ---- | C] () -- C:\WINDOWS\System32\lxdpgrd.dll
[2009/11/07 04:00:15 | 001,470,464 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2009/11/07 04:00:15 | 000,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2009/07/01 14:18:14 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxdpvs.dll
[2009/07/01 14:18:12 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\lxdpcoin.dll
[2008/01/09 14:01:48 | 000,000,453 | ---- | C] () -- C:\WINDOWS\bdoscandellang.ini
[2007/05/23 16:18:23 | 000,000,067 | ---- | C] () -- C:\Documents and Settings\Owner\Application Data\photoshow_express_setup.txt
[2007/02/16 20:20:57 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2006/10/22 12:22:00 | 001,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/10/22 12:22:00 | 000,581,632 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/10/22 12:22:00 | 000,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/10/22 12:22:00 | 000,212,992 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2006/09/15 06:19:19 | 000,000,173 | ---- | C] () -- C:\WINDOWS\ConnMgr.ini
[2006/09/14 19:37:38 | 000,000,079 | ---- | C] () -- C:\WINDOWS\office.ini
[2006/09/14 18:50:31 | 000,000,239 | ---- | C] () -- C:\WINDOWS\tb89r.ini
[2006/04/20 20:35:06 | 000,004,247 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/01/21 13:00:21 | 000,000,078 | ---- | C] () -- C:\WINDOWS\qwimp.ini
[2006/01/21 13:00:19 | 000,000,368 | ---- | C] () -- C:\WINDOWS\intuprof.ini
[2005/12/29 10:38:57 | 000,000,035 | ---- | C] () -- C:\WINDOWS\ulead32.ini
[2005/12/20 13:43:51 | 000,028,672 | ---- | C] () -- C:\WINDOWS\hookdllX.dll
[2005/10/18 23:45:58 | 000,000,427 | ---- | C] () -- C:\WINDOWS\COOK'N5.INI
[2005/10/16 15:37:06 | 000,000,094 | ---- | C] () -- C:\WINDOWS\Cook'n99.ini
[2005/10/12 07:48:54 | 000,000,121 | ---- | C] () -- C:\Program Files\new household arrangement.txt
[2005/06/18 15:19:44 | 000,018,944 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2004/12/10 05:28:41 | 000,000,073 | ---- | C] () -- C:\WINDOWS\webica.ini
[2004/08/15 14:35:39 | 000,000,040 | ---- | C] () -- C:\WINDOWS\opt_2460.ini
[2004/08/15 14:35:38 | 000,000,051 | ---- | C] () -- C:\WINDOWS\brmx2001.ini
[2004/08/15 14:29:16 | 000,002,189 | ---- | C] () -- C:\WINDOWS\BRMFBIDI.INI
[2004/08/15 14:28:06 | 000,000,645 | ---- | C] () -- C:\WINDOWS\Brpcfx.ini
[2004/08/15 14:28:06 | 000,000,463 | ---- | C] () -- C:\WINDOWS\brwmark.ini
[2004/08/15 14:28:06 | 000,000,079 | ---- | C] () -- C:\WINDOWS\BRPP2KA.INI
[2004/08/15 14:25:05 | 000,000,767 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2004/08/14 22:59:40 | 000,006,580 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2004/08/14 06:23:16 | 000,000,074 | ---- | C] () -- C:\WINDOWS\ImportClient.ini
[2004/08/13 05:45:06 | 000,000,000 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/01/28 02:41:11 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/01/28 02:29:45 | 000,000,051 | ---- | C] () -- C:\WINDOWS\System32\mshrml.ini
[2004/01/28 01:57:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\VGAunistlog.ini
[2004/01/28 01:57:29 | 000,000,451 | ---- | C] () -- C:\WINDOWS\VGAsetup.ini
[2004/01/27 08:34:23 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\JAWTAccessBridge.dll
[2004/01/27 08:34:02 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\PcdrKernelModeServices.dll
[2004/01/27 08:34:02 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\ProgressTrace.dll
[2004/01/27 08:33:16 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/27 08:32:01 | 000,167,936 | ---- | C] () -- C:\WINDOWS\System32\PCDrJNI_1_1.dll
[2004/01/27 08:26:56 | 000,029,216 | ---- | C] () -- C:\WINDOWS\System32\CHODDI.SYS
[2004/01/27 08:26:40 | 000,024,576 | ---- | C] () -- C:\WINDOWS\System32\syscontr.dll
[2004/01/27 08:26:05 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\hpreg.dll
[2004/01/27 08:13:03 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/01/27 08:07:37 | 000,000,907 | ---- | C] () -- C:\WINDOWS\QUICKEN.INI
[2004/01/27 07:23:17 | 000,000,928 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/27 07:16:57 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/01/27 07:09:01 | 001,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2004/01/27 06:49:21 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/01/27 06:40:50 | 000,299,073 | ---- | C] () -- C:\WINDOWS\System32\PythonCOM22.dll
[2004/01/27 06:40:50 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\PyWinTypes22.dll
[2004/01/27 06:40:36 | 000,016,896 | ---- | C] () -- C:\WINDOWS\System32\bcbmm.dll
[2004/01/27 05:52:57 | 000,000,802 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/01/27 04:41:25 | 000,000,553 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2004/01/26 21:44:54 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2003/09/23 02:19:42 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/05/13 13:41:58 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\cdlock.dll
[2003/03/07 00:53:16 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\hpnvr82.dll
[2003/01/08 00:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2002/03/19 17:30:00 | 000,010,752 | ---- | C] () -- C:\WINDOWS\System32\mag.dll

========== LOP Check ==========

[2005/12/20 13:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7100Series
[2009/12/16 16:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/12/11 13:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2004/08/14 04:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2004/08/14 04:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/11/08 21:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/20 21:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/19 09:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/02/07 01:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fOgNkIl06300
[2010/03/19 09:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/01/31 17:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2010/11/24 23:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kAhFn03100
[2009/12/15 17:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Z2300 Series
[2010/11/03 12:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/08/25 08:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/18 14:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewSoft
[2010/01/20 21:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2005/10/16 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2004/08/16 02:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/20 21:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\String Comparison
[2005/10/16 12:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUIIMAGE
[2010/01/20 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tables
[2010/01/15 00:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/20 21:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/08/14 04:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/08 17:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\www.EasyGiftSoftware.com
[2009/11/14 21:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/08/21 23:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3M
[2007/02/20 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\7100Series
[2007/06/07 06:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2007/06/07 07:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2009/10/07 08:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2007/06/02 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2011/01/06 03:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\i42 Software
[2004/12/10 05:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2004/01/28 02:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/10/14 18:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/06/02 20:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ispnews
[2005/03/18 02:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/09/06 07:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2005/10/16 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development
[2009/01/24 15:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2004/08/16 02:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PPIMAGES
[2004/01/27 08:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/07/02 01:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SierraHome
[2010/01/08 23:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2008/08/20 21:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/12/31 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/06/07 06:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/02/22 02:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2009/12/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\www.EasyGiftSoftware.com
[2011/02/07 04:44:55 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >
[2011/02/07 06:58:45 | 000,024,576 | -H-- | M] () -- C:\Documents and Settings\Owner\ntuser.dat.LOG
[2011/02/07 06:57:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Desktop
[2011/02/07 06:48:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/02/07 06:48:21 | 000,000,000 | -HSD | M] -- C:\Documents and Settings\Owner\Cookies
[2011/02/07 04:44:55 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011/02/07 01:47:51 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Owner\order.txt
[2011/02/07 01:47:47 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/07 01:47:45 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/02/07 01:47:41 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2011/02/07 01:47:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/07 01:45:58 | 009,175,040 | ---- | M] () -- C:\Documents and Settings\Owner\ntuser.dat
[2011/02/07 01:45:58 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\Owner\ntuser.ini
[2011/02/07 01:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fOgNkIl06300
[2011/02/07 01:32:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Desktop
[2011/02/07 01:20:40 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/02/07 00:42:33 | 000,000,000 | ---D | M] -- C:\Program Files\Malwarebytes' Anti-Malware1
[2011/02/06 23:27:32 | 000,000,000 | ---D | M] -- C:\Program Files\interMute
[2011/02/06 23:27:31 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Owner\Start Menu\Programs\Startup
[2011/02/06 23:27:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\PC Security and Backup
[2011/02/06 23:03:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Start Menu\Programs\System Tool
[2011/02/06 22:53:59 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2011/02/06 15:14:11 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\Owner\Recent
[2011/02/06 14:04:04 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Owner\Favorites
[2011/02/06 10:01:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mIRC
[2011/02/06 04:13:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Skype
[2011/02/06 01:44:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\skypePM
[2011/02/04 12:35:14 | 000,000,731 | ---- | M] () -- C:\WINDOWS\win.ini
[2011/02/01 23:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/31 00:03:08 | 000,000,000 | R--D | M] -- C:\Documents and Settings\Owner\My Documents
[2011/01/30 23:10:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kevin Theology.doc
[2011/01/28 22:02:40 | 000,000,000 | ---D | M] -- C:\Program Files\LeapFTP2
[2011/01/19 16:29:19 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.url
[2011/01/19 16:10:21 | 000,189,992 | ---- | M] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/01/13 10:21:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Tracing
[2011/01/13 10:20:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Local Settings\Application Data\Deployment
[2011/01/09 21:37:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Lx_cats
[2010/11/27 18:19:31 | 000,054,120 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2010/06/12 20:45:54 | 000,018,944 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/01/30 13:18:37 | 000,000,017 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\19720201.dat
[2010/01/20 21:31:03 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Console
[2010/01/20 21:31:03 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Owner\Application Data\Components
[2010/01/20 21:31:02 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdw.DAT
[2010/01/20 21:27:05 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\All Users\Application Data\Conditionals
[2010/01/20 21:27:05 | 000,000,268 | RH-- | M] () -- C:\Documents and Settings\Owner\Application Data\Commands
[2010/01/20 21:27:05 | 000,000,020 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
[2009/12/08 17:16:18 | 000,000,032 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\art.udk
[2009/11/27 16:45:29 | 003,071,874 | -H-- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\IconCache.db
[2009/10/27 17:47:49 | 000,004,247 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2009/10/18 05:34:04 | 000,098,272 | ---- | M] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
[2007/05/23 16:18:23 | 000,000,067 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\photoshow_express_setup.txt
[2007/02/16 21:03:09 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LauncherAccess.dt
[2005/10/12 07:48:54 | 000,000,121 | ---- | M] () -- C:\Program Files\new household arrangement.txt
[2004/01/27 08:33:16 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\Owner\Local Settings\Application Data\fusioncache.dat
[2004/01/27 07:36:13 | 000,000,928 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2004/01/26 21:44:44 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Application Data\desktop.ini
[2004/01/26 21:44:44 | 000,000,062 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini

========== Files - Modified Within 30 Days ==========

[2011/02/07 06:48:33 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner\Desktop\OTL.exe
[2011/02/07 04:44:55 | 000,000,508 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled scanning task.job
[2011/02/07 01:47:47 | 000,088,566 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2011/02/07 01:47:45 | 000,000,186 | ---- | M] () -- C:\WINDOWS\System\hpsysdrv.DAT
[2011/02/07 01:47:37 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/02/07 00:13:07 | 001,228,854 | ---- | M] () -- C:\fsqwr.bmp
[2011/02/01 23:55:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/01/30 23:10:57 | 000,024,576 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Kevin Theology.doc
[2011/01/19 16:29:19 | 000,000,722 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Club Pogo - Exclusive Games, No Ads, Bigger Prizes!.url

========== LOP Check ==========

[2005/12/20 13:34:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\7100Series
[2009/12/16 16:44:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2008/12/11 13:08:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Applications
[2004/08/14 04:20:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC
[2004/08/14 04:20:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2009/11/08 21:04:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Citrix
[2010/01/20 21:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp
[2010/03/19 09:50:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\F-Secure
[2011/02/07 01:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fOgNkIl06300
[2010/03/19 09:48:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\fssg
[2009/01/31 17:48:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2010/11/24 23:52:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kAhFn03100
[2009/12/15 17:58:09 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Lexmark Z2300 Series
[2010/11/03 12:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MySQL
[2009/08/25 08:00:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Napster
[2008/12/18 14:55:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NewSoft
[2010/01/20 21:27:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nikon
[2005/10/16 14:36:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nova Development
[2004/08/16 02:35:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2010/01/20 21:27:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\String Comparison
[2005/10/16 12:54:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUIIMAGE
[2010/01/20 21:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tables
[2010/01/15 00:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/01/20 21:31:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15
[2008/08/14 04:49:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/12/08 17:15:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\www.EasyGiftSoftware.com
[2009/11/14 21:37:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2005/08/21 23:35:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\3M
[2007/02/20 12:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\7100Series
[2007/06/07 06:44:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\acccore
[2007/06/07 07:01:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Aim
[2009/10/07 08:28:31 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Amazon
[2007/06/02 20:05:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\F-Secure
[2011/01/06 03:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\i42 Software
[2004/12/10 05:29:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ICAClient
[2004/01/28 02:29:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\interMute
[2004/10/14 18:37:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\InterVideo
[2007/06/02 20:05:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\ispnews
[2005/03/18 02:58:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Leadertech
[2004/09/06 07:25:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\MSNInstaller
[2005/10/16 14:37:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Nova Development
[2009/01/24 15:17:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Pogo Games
[2004/08/16 02:35:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\PPIMAGES
[2004/01/27 08:55:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SampleView
[2009/07/02 01:34:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\SierraHome
[2010/01/08 23:11:26 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Simple Star
[2008/08/20 21:35:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Snapfish
[2006/12/31 09:17:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Template
[2007/06/07 06:47:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Viewpoint
[2009/02/22 02:10:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\Walgreens
[2009/12/08 17:16:05 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\www.EasyGiftSoftware.com
[2011/02/07 04:44:55 | 000,000,508 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled scanning task.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 151 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:07348C09
@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A73EAFFB
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8
@Alternate Data Stream - 103 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2

< End of report >

It also generated an Extra.Txt...

OTL Extras logfile created on: 2/7/2011 6:52:04 AM - Run 1
OTL by OldTimer - Version 3.2.20.6 Folder = C:\Documents and Settings\Owner\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

703.00 Mb Total Physical Memory | 214.00 Mb Available Physical Memory | 30.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 61.00% Paging File free
Paging file location(s): C:\pagefile.sys 1056 2112 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 70.31 Gb Total Space | 12.33 Gb Free Space | 17.53% Space Free | Partition Type: NTFS
Drive D: | 4.20 Gb Total Space | 0.60 Gb Free Space | 14.26% Space Free | Partition Type: FAT32
Unable to calculate disk information.

Computer Name: MAIN | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft, Inc.)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft, Inc.)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft, Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe" = C:\Program Files\Microsoft Office\Live Meeting 8\Console\PWConsole.exe:*:Enabled:Microsoft Office Live Meeting 2007 -- (Microsoft Corporation)
"C:\WINDOWS\system32\lxdpcoms.exe" = C:\WINDOWS\system32\lxdpcoms.exe:*:Enabled:Z2300 Series Server -- ( )
"C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe" = C:\Program Files\Lexmark Z2300 Series\lxdpmon.exe:*:Enabled:Printer Device Monitor -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdppswx.exe:*:Enabled:Printer Status Window Interface -- ()
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdptime.exe:*:Enabled:Lexmark Connect Time Executable -- (Lexmark International, Inc.)
"C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe" = C:\WINDOWS\system32\spool\drivers\w32x86\3\lxdpjswx.exe:*:Enabled:Job Status Window Interface -- ()
"C:\Program Files\Lexmark Z2300 Series\Diagnostics\LXDPdiag.exe" = C:\Program Files\Lexmark Z2300 Series\Diagnostics\LXDPdiag.exe:*:Enabled: -- ()
"C:\Program Files\AIM\aim.exe" = C:\Program Files\AIM\aim.exe:*:Enabled:AIM
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\WINDOWS\system32\WISPTIS.EXE" = C:\WINDOWS\system32\WISPTIS.EXE:*:Enabled:WISPTIS -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{002D9D5E-29BA-3E6D-9BC4-3D7D6DBC735C}" = Microsoft Visual C++ 2008 ATL Update kb973924 - x86 9.0.30729.4148
"{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0861E87B-24D7-4E7C-B11B-54F86E5C5199}" = hpg8200
"{092eeeee-9fdd-4895-a568-0818c96beb6c}" = AiO_Scan
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{14589F05-C658-4594-9429-D437BA688686}" = IntelliMover Data Transfer Demo
"{14B4E017-ACDF-4DB0-9D94-8988F5F0145A}" = hpg4600
"{15B9DC72-73F9-4d99-9E28-848D66DA8D99}" = HP Photo & Imaging 3.5 - HP Devices
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{1F7CCFA3-D926-4882-B2A5-A0217ED25597}" = PC-Doctor for Windows
"{20CF99FC-2CE7-4AA4-966E-A4B11C0662B4}" = hpg3970
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216017FF}" = Java™ 6 Update 18
"{29B39FB2-5ADF-4F94-BC82-13942871DD0D}" = CameraDrivers
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A267BC6-F77F-4DD4-825F-7AEB1F68B4B1}" = HpSdpAppCoreApp
"{2A304FDE-F4E3-446D-AA0D-31425C897B71}" = PrintMaster 12
"{2E132061-C78A-48D4-A899-1D13B9D189FA}" = Memories Disc Creator 2.0
"{2FBF04DC-404C-4FA4-BA28-99903080D2B9}" = Magnifier Powertoy for Windows XP
"{31C2F32D-C5DD-4583-8181-B48591CA231C}" = RapidPlayer v5.0 ActiveX Control
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{415B8A4E-0EA2-4C69-975C-EEE07B837FD7}" = Unload
"{45B6180B-DCAB-4093-8EE8-6164457517F0}" = Photosmart 140,240,7200,7600,7700,7900 Series
"{45EBDA59-D33B-433A-956E-B2F236468B56}" = MUSICMATCH® Jukebox
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{483616D1-867E-46F8-BEC7-3C6475933908}" = Adobe Photoshop Album Starter Edition
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{507FC614-6969-4788-BF8E-C5C9B2AE448B}" = MySQL Server 5.1
"{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"{54e854d5-d5d4-452d-9c75-b39f5625b5fb}" = Readme
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{60758250-C8CF-47EB-8CB6-E0C3B84D8207}" = PSShortcutsP
"{6661C844-F72D-44ED-823A-24862F2D1650}" = Print Artist Craft & Party Maker
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{764D06D8-D8DE-411E-A1C8-D9E9380F8A84}" = Microsoft Works 7.0
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" =
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91120409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Standard Edition 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = RecordNow!
"{98E8A2EF-4EAE-43B8-A172-74842B764777}" = InterVideo WinDVD Player
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9F4EEA0C-7174-4BD3-89AF-7AB2F9F6AEDD}" = hpmdtab
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AC76BA86-7AD7-1033-7B44-000000000001}" = Adobe Reader 6.0
"{AD17BC8E-4A5D-4E59-8640-10DF36E9EB75}" = hpg5530
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{bb6cac2a-1fa0-471a-bc3c-ade699c39f3c}" = Fax
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BE66348A-E83F-4982-941F-DFF2F742B851}" = Microsoft Office Live Meeting 2007
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{c330461f-c4a9-4fc7-af5d-c158e0b56aa7}" = AiOSoftware
"{C6A7AF96-4EB1-4AAE-8318-1AB393C64F88}" = Microsoft Plus! Digital Media Edition
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0122362-6333-4DE4-93F6-A5A2F3CC101A}" = Compaq Organize
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{E2E7A0E8-77C4-495F-8FA3-63DAEDAA2DB3}" = F-Secure PSC Prerequisites
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{EBFEEB3F-3E3B-4725-A4E0-376144CE4F76}" = Citrix XenApp Web Plugin
"{ec7d7a6a-31cb-4810-826f-74171bef44f1}" = AIOMinimal
"{ED869D8B-6C7E-44C7-9F2F-BD5436849C61}" = hpg2436
"{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"{F3759A9F-7AFA-4FB4-8DF1-53F26B979DEE}" = Belkin 54Mbps Wireless Network Adapter
"{F38FA38A-7E5A-4209-88ED-4DE21CD20EEF}" = HP PSC & OfficeJet 3.0
"{F419D20A-7719-4639-8E30-C073A040D878}" = HP Deskjet Preloaded Printer Drivers
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"05E21449-3BA3-42BF-BBDA-95205F4EA40A" = Polar Bowler from Compaq (remove only)
"26DC0ED6-93A7-43C1-8DC5-EC16079580F9" = Orbital from Compaq (remove only)
"29FF6D07-4A15-41F1-9D5E-E0F3A58012C6" = Bounce Symphony from Compaq (remove only)
"2FDCC229-354D-4279-ABEF-CE17E355BFFA" = Five Card Frenzy from Compaq (remove only)
"8A225900-C06D-41DD-B66C-43840D472758" = Otto from Compaq (remove only)
"8BA6F58B-7A91-461F-95F8-E34F8BD8AA4E" = Slyder from Compaq (remove only)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Alphabet Names" = Alphabet Names
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.10
"BackWeb-1940576 Uninstaller" = Compaq Connections
"BroadJump Client Foundation" = BroadJump Client Foundation
"C679AA5F-C2C8-4EA8-9CD1-504A39AEC264" = Excavation from Compaq (remove only)
"CoffeeCup PixConverter" = CoffeeCup PixConverter
"Compaq Instant Support" = Compaq Instant Support
"ERUNT_is1" = ERUNT 1.1j
"ESET Online Scanner" = ESET Online Scanner v3
"F07504C6-20C5-4BFE-83A0-523FB2455E72" = Blackhawk Striker from Compaq (remove only)
"FA7F5211-C629-4711-BD82-7DFFB08CB518" = Overball from Compaq (remove only)
"F-Secure Product 444" = Charter Security Suite
"Horoscopes" = Horoscopes
"HP Photo & Imaging" = HP Image Zone 3.5
"ie8" = Windows Internet Explorer 8
"InstallShield_{0613467F-A45E-4CB1-9ECE-1F3DD79FB927}" = Easy Internet Sign-up
"InstallShield_{54DE0B75-6CD9-44C4-B10A-1F25DA9899D8}" = Quicken 2004
"InstallShield_{EF9967D8-1999-4260-ACC2-86901AA36650}" = Multimedia Card Reader
"Lexmark Z2300 Series" = Lexmark Z2300 Series
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"mIRC" = mIRC
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NVIDIA Display Driver" = NVIDIA Display Driver
"NVIDIA Drivers" = NVIDIA Drivers
"NVIDIA Ethernet Driver" = NVIDIA Ethernet Driver
"NVIDIA GART Driver" = NVIDIA GART Driver
"PS2" = PS2
"Python 2.2 combined Win32 extensions" = Python 2.2 combined Win32 extensions
"Python 2.2.1" = Python 2.2.1
"RealPlayer 6.0" = RealOne Player
"SAM3" = SAM Broadcaster (remove only)
"Shockwave" = Shockwave
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"ViewpointMediaPlayer" = Viewpoint Media Player (Remove Only)
"WebPost" = Microsoft Web Publishing Wizard 1.52
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"bce6e03966db8ddc" = WAH Assistant - 1
"f7f9cabe8c290ac7" = West At Home Gateway V2 - 1
"Move Media Player" = Move Media Player
"Winamp Detect" = Winamp Detector Plug-in

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 2/6/2011 6:10:34 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:34 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:36 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:39 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:12:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:12:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:12:59 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/7/2011 2:18:33 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

[ Application Events ]
Error - 2/6/2011 6:10:34 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:34 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:36 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:39 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:10:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:12:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:12:54 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/6/2011 6:12:59 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

Error - 2/7/2011 2:18:33 AM | Computer Name = MAIN | Source = nview_info | ID = 11141121
Description =

[ System Events ]
Error - 2/7/2011 3:45:52 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The lxdp_device service failed to start due to the following error:
%%1053

Error - 2/7/2011 3:48:01 AM | Computer Name = MAIN | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 2/7/2011 3:48:10 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the lxdpCATSCustConnectService
service to connect.

Error - 2/7/2011 3:48:10 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The lxdpCATSCustConnectService service failed to start due to the
following error: %%1053

Error - 2/7/2011 3:48:10 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The MCSTRM service failed to start due to the following error: %%2

Error - 2/7/2011 3:48:11 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
fasttx2k SISAGP viaagp1

Error - 2/7/2011 3:48:13 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Display Driver Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 2/7/2011 3:49:04 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the HTTP SSL service to connect.

Error - 2/7/2011 3:49:04 AM | Computer Name = MAIN | Source = Service Control Manager | ID = 7000
Description = The HTTP SSL service failed to start due to the following error: %%1053

Error - 2/7/2011 5:04:22 AM | Computer Name = MAIN | Source = PlugPlayManager | ID = 11
Description = The device Root\LEGACY_FSBL\0000 disappeared from the system without
first being prepared for removal.


< End of report >

#2 Salagubang

  • Group: Malware Removal
  • Posts: 3,883
  • Joined: 23-July 09

Posted 13 February 2011 - 08:42 PM

Hi chansey,

Sorry for the delay.

Welcome to Geekstogo. My name is Salagubang and if you still need assistance I'll be glad helping you with this problem.

  • Please read all of my response through at least once before attempting to follow the procedures described. I would recommend printing them out, if you can, as you can check off each step as you complete it. If there's anything you don't understand or isn't totally clear, please come back to me for clarification.

  • Please do not attach any log files to your replies unless I specifically ask you. Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you

  • English is not my first language, so please do not use slang or idioms, as this makes it difficult to understand for me.


Download OTL to your Desktop
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • Click on Minimal Output at the top
  • Select All Users
  • Download the following file scan.txt to your Desktop. Click here to download it. You may need to right click on it and select "Save"
  • Double click inside the Custom Scan box at the bottom
  • A window will appear saying "Click Ok to load a custom scan from a file or Cancel to cancel"
  • Click the Ok button and navigate to the file scan.txt which we just saved to your desktop
  • Select scan.txt and click Open. Writing will now appear under the Custom Scan box
  • Click the
    Quick Scan
    button. Do not change any settings unless otherwise told to do so. The scan wont take long.
    • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
    • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time and post them in your topic

#3 Salagubang

  • Group: Malware Removal
  • Posts: 3,883
  • Joined: 23-July 09

Posted 20 February 2011 - 09:04 PM

Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.

Share this topic:


Page 1 of 1