Thanks for your comprehensive help!
Is this the first log? OTL did not post. Found it by searching for *.log
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Soluto\solutoinstaller.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrator\desktop\solutoinstaller-_we5LFw2c3A4.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Documents and Settings\Administrator\My Documents\Downloads\solutoinstaller.exe deleted successfully.
========== COMMANDS ==========
OTL by OldTimer - Version 3.2.69.0 log created on 04042014_190324
2nd OTL log:
OTL logfile created on: 4/4/2014 7:14:48 PM - Run 5
OTL by OldTimer - Version 3.2.69.0 Folder = C:\Documents and Settings\Administrator\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy
2.00 Gb Total Physical Memory | 1.27 Gb Available Physical Memory | 63.62% Memory free
3.86 Gb Paging File | 3.31 Gb Available in Paging File | 85.56% Paging File free
Paging file location(s): C:\pagefile.sys 2060 4096 [binary data]
%SystemDrive% = C: | %SystemRoot% = C:\WINNT | %ProgramFiles% = C:\Program Files
Drive C: | 37.26 Gb Total Space | 10.43 Gb Free Space | 27.98% Space Free | Partition Type: NTFS
Computer Name: S0034324532 | User Name: Administrator | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days
========== Processes (SafeList) ==========
PRC - [2014/03/23 15:15:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\desktop\OTL.exe
PRC - [2014/03/18 09:49:28 | 000,275,568 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2013/10/23 16:01:10 | 000,300,552 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe
PRC - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\MsMpEng.exe
PRC - [2013/10/23 15:55:28 | 000,948,440 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
PRC - [2008/04/13 20:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINNT\explorer.exe
========== Modules (No Company Name) ==========
MOD - [2014/03/18 09:48:40 | 003,642,480 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2014/02/12 21:01:43 | 000,221,696 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.ServiceProce#\2e3fdae8546832614633495638bef8d0\System.ServiceProcess.ni.dll
MOD - [2014/02/12 20:56:29 | 000,762,880 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Runtime.Remo#\8556fa9ad747e43a85e107dbeb42659e\System.Runtime.Remoting.ni.dll
MOD - [2014/02/12 20:56:26 | 000,787,456 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.EnterpriseSe#\6a5f031a28c774f1163af0715c3a6097\System.EnterpriseServices.ni.dll
MOD - [2014/02/12 20:56:25 | 000,649,728 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Transactions\fc7255cccb69c45a808b3d7e6abf55c5\System.Transactions.ni.dll
MOD - [2014/02/12 20:52:14 | 006,817,280 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Data\2c4f9ef6baacb578ab136a5b30ada098\System.Data.ni.dll
MOD - [2014/02/12 20:51:48 | 001,014,272 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Configuration\991c4e11f571a4074b9c4a5841222338\System.Configuration.ni.dll
MOD - [2014/02/12 20:51:36 | 005,628,928 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Xml\850fa7110c7423c324762c1ad3130219\System.Xml.ni.dll
MOD - [2014/02/12 20:51:24 | 013,199,360 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Windows.Forms\2781e84862746a34f026d0ee179eed2b\System.Windows.Forms.ni.dll
MOD - [2014/02/12 20:51:16 | 007,070,720 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Core\354a5906fd46f4374f86916debf3ebcb\System.Core.ni.dll
MOD - [2014/02/12 20:50:59 | 001,667,584 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System.Drawing\243ff1822abc8282cb8fee37538170b4\System.Drawing.ni.dll
MOD - [2014/02/12 20:50:52 | 009,099,776 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\System\4c906eb82e6f56aea01b2a7291fab7ea\System.ni.dll
MOD - [2014/02/12 20:50:35 | 014,416,896 | ---- | M] () -- C:\WINNT\assembly\NativeImages_v4.0.30319_32\mscorlib\4e62d1d9b7dd2c2d14915abb73c22d50\mscorlib.ni.dll
MOD - [2006/06/26 19:02:49 | 000,049,852 | ---- | M] () -- C:\WINNT\system32\pdf995mon.dll
========== Services (SafeList) ==========
SRV - [2014/03/18 09:49:27 | 000,119,408 | ---- | M] (Mozilla Foundation) [Disabled | Stopped] -- C:\Program Files\Mozilla Maintenance Service\maintenanceservice.exe -- (MozillaMaintenance)
SRV - [2014/03/12 17:56:53 | 000,257,928 | ---- | M] (Adobe Systems Incorporated) [On_Demand | Stopped] -- C:\WINNT\system32\Macromed\Flash\FlashPlayerUpdateService.exe -- (AdobeFlashPlayerUpdateSvc)
SRV - [2013/10/23 16:01:10 | 000,022,208 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\MsMpEng.exe -- (MsMpSvc)
SRV - [2013/06/28 18:48:04 | 000,014,624 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe -- (IntuitUpdateServiceV4)
SRV - [2010/08/23 21:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2003/10/15 18:13:06 | 000,077,824 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SigmaTel\C-Major Audio\ControlPanel\passthru.exe -- (PassThru)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
========== Driver Services (SafeList) ==========
DRV - File not found [Kernel | Disabled | Stopped] -- C:\Program Files\Internet Explorer\SABProcEnum.sys -- (SABProcEnum)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\Drivers\PROCEXP151.SYS -- (PROCEXP151)
DRV - [2013/09/10 19:25:16 | 000,003,840 | ---- | M] () [Kernel | System | Running] -- C:\WINNT\system32\drivers\BANTExt.sys -- (BANTExt)
DRV - [2007/09/28 14:30:57 | 000,019,345 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MREMPR5.sys -- (MREMPR5)
DRV - [2007/09/28 14:30:49 | 000,018,003 | ---- | M] (Motive, Inc.) [Kernel | On_Demand | Stopped] -- C:\Program Files\Common Files\Motive\MRENDIS5.sys -- (MRENDIS5)
DRV - [2007/06/05 11:56:40 | 000,044,928 | ---- | M] (Panda Software) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\SDTHOOK.SYS -- (SDTHOOK)
DRV - [2006/04/26 21:44:22 | 000,028,672 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\CO_Mon.sys -- (CO_Mon)
DRV - [2005/08/09 20:35:42 | 001,273,856 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/31 15:21:32 | 000,200,704 | ---- | M] (Roxio) [File_System | System | Running] -- C:\WINNT\System32\drivers\udfreadr.sys -- (UdfReadr)
DRV - [2003/10/14 17:05:28 | 000,252,144 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\STAC97.sys -- (STAC97)
DRV - [2003/07/17 18:40:06 | 000,265,728 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2003/06/27 09:53:44 | 001,196,352 | ---- | M] (Agere Systems) [Kernel | On_Demand | Running] -- C:\WINNT\system32\drivers\AGRSM.sys -- (AgereSoftModem)
DRV - [2003/03/17 18:39:12 | 000,020,352 | ---- | M] (Intel Corporation ) [Kernel | On_Demand | Stopped] -- C:\WINNT\system32\drivers\iqvw32.sys -- (NAL)
========== Standard Registry (SafeList) ==========
========== Internet Explorer ==========
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKLM\..\SearchScopes,DefaultScope =
IE - HKLM\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://www.bing.com/...ms}&FORM=IE8SRC
IE - HKLM\..\SearchScopes\{6A1806CD-94D4-4689-BA73-E35EA1EA9990}: "URL" = http://www.google.co...g}&sourceid=ie7
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINNT\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Bar = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Overture
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.overture....s={searchTerms}
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = https://classic.netaddress.com/tpl [Binary data over 200 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co...urce=gama&hl=en
IE - HKCU\..\SearchScopes,DefaultScope = {91E988AB-50B7-46B0-B45D-5CF6103F052F}
IE - HKCU\..\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}: "URL" = http://search.live.c...Box&Form=IE8SRC
IE - HKCU\..\SearchScopes\{79141AC0-4211-45BD-8AD5-0CAC7ACCA01B}: "URL" = http://www.bing.com/...rc=IE-SearchBox
IE - HKCU\..\SearchScopes\{91E988AB-50B7-46B0-B45D-5CF6103F052F}: "URL" = http://www.google.co...age={startPage}
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost
========== FireFox ==========
FF - prefs.js..browser.startup.homepage: "http://www.netvibes....le.com/finance"
FF - prefs.js..extensions.enabledAddons: %7B1BC9BA34-1EED-42ca-A505-6D2F1A935BBB%7D:5.12.12.1
FF - prefs.js..extensions.enabledAddons: %7B972ce4c6-7e08-4474-a285-3208198ce6fd%7D:28.0
FF - prefs.js..keyword.URL: "http://www.google.co...ient&gfns=1&q="
FF - user.js - File not found
FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINNT\system32\Macromed\Flash\NPSWF32_12_0_0_77.dll ()
FF - HKLM\Software\MozillaPlugins\@canon.com/EPPEX: C:\Program Files\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL (CANON INC.)
FF - HKLM\Software\MozillaPlugins\@garmin.com/GpsControl: C:\Program Files\Garmin GPS Plugin\npGarmin.dll (GARMIN Corp.)
FF - HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=10.10.2: C:\WINNT\system32\npDeployJava1.dll (Oracle Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINNT\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=8: File not found
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)
FF - HKLM\Software\MozillaPlugins\[email protected]/YahooActiveXPluginBridge;version=1.0.0.1: File not found
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 28.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins
[2011/10/01 11:21:49 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2014/03/20 16:54:02 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions
[2013/12/16 10:20:14 | 000,000,000 | ---D | M] (IE Tab 2 (FF 3.6+)) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\miobjuei.default-1349313115875\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}
[2014/03/18 09:48:16 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\browser\extensions
[2014/03/18 09:49:29 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
O1 HOSTS File: ([2012/10/25 19:13:12 | 000,000,098 | ---- | M]) - C:\WINNT\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Canon Easy-WebPrint EX BHO) - {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll (CANON INC.)
O3 - HKLM\..\Toolbar: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O3 - HKCU\..\Toolbar\WebBrowser: (Canon Easy-WebPrint EX) - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll (CANON INC.)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\billmind.exe (Intuit)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O15 - HKCU\..Trusted Domains: geekstogo.com ([www] http in Trusted sites)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = gofsg.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{050C88C6-9DB9-4307-B7C2-8D384252F0A1}: DhcpNameServer = 192.168.100.5
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{62DA5302-5FB3-4816-A3DE-94EFDB50EBF7}: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\belarc {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files\Belarc\BelarcAdvisor\System\BAVoilaX.dll (Belarc, Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINNT\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINNT\system32\userinit.exe) - C:\WINNT\system32\userinit.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - (Ati2evxx.dll) - C:\WINNT\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Administrator\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/10/15 23:31:53 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{5e59674a-b37a-11e1-9bd2-00904b847847}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{663fc156-6412-11e1-9ba3-00904b847847}\Shell\AutoRun\command - "" = E:\KODAK_Camera_Setup_App.exe
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{8382f4fc-c626-11dd-9808-00904b847847}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell - "" = AutoRun
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{9f2e57b0-d2a7-11dd-9825-00904b847847}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *)
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O38 - SubSystems\\Windows: (ServerDll=winsrv:UserServerDllInitialization,3)
O38 - SubSystems\\Windows: (ServerDll=winsrv:ConServerDllInitialization,2)
========== Files/Folders - Created Within 30 Days ==========
[2014/04/03 00:19:31 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Administrator\Recent
[2014/04/02 23:47:42 | 000,107,736 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\MBAMSwissArmy.sys
[2014/04/02 23:46:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes Anti-Malware
[2014/04/02 23:46:33 | 000,050,648 | ---- | C] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\mbamchameleon.sys
[2014/04/02 23:46:33 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes Anti-Malware
[2014/03/30 14:39:06 | 000,000,000 | ---D | C] -- C:\_OTL
[2014/03/29 18:44:25 | 004,787,368 | ---- | C] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/03/29 17:39:04 | 000,000,000 | ---D | C] -- C:\AdwCleaner
[2014/03/29 14:53:46 | 004,745,728 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2014/03/23 15:15:04 | 000,602,112 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/03/18 09:48:16 | 000,000,000 | ---D | C] -- C:\Program Files\Mozilla Firefox
[2006/10/10 20:40:37 | 000,389,120 | ---- | C] (Citrix Online) -- C:\Documents and Settings\Administrator\remote.exe
========== Files - Modified Within 30 Days ==========
[2014/04/04 19:14:57 | 000,000,384 | -H-- | M] () -- C:\WINNT\tasks\Microsoft Antimalware Scheduled Scan.job
[2014/04/04 19:05:14 | 000,001,158 | ---- | M] () -- C:\WINNT\System32\wpa.dbl
[2014/04/04 19:04:42 | 000,002,048 | --S- | M] () -- C:\WINNT\bootstat.dat
[2014/04/04 18:01:13 | 000,004,616 | -H-- | M] () -- C:\Documents and Settings\Administrator\My Documents\Default.rdp
[2014/04/04 17:46:00 | 000,000,826 | ---- | M] () -- C:\WINNT\tasks\Adobe Flash Player Updater.job
[2014/04/03 18:27:54 | 000,002,256 | ---- | M] () -- C:\WINNT\QUICKEN.INI
[2014/04/02 23:49:29 | 000,107,736 | ---- | M] (Malwarebytes Corporation) -- C:\WINNT\System32\drivers\MBAMSwissArmy.sys
[2014/03/31 19:58:23 | 000,001,404 | ---- | M] () -- C:\quotes.csv
[2014/03/31 19:55:10 | 000,002,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Calculator Plus.lnk
[2014/03/29 19:31:39 | 000,171,084 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\211172-GA-1.pdf
[2014/03/29 19:12:16 | 000,190,131 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\http www.ebay.pdf
[2014/03/29 18:45:27 | 004,787,368 | ---- | M] (Piriform Ltd) -- C:\Documents and Settings\Administrator\Desktop\ccsetup412.exe
[2014/03/29 18:42:35 | 004,257,724 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Commercial Catalog.pdf
[2014/03/29 18:02:47 | 000,025,579 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\eBay.pdf
[2014/03/29 17:38:00 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2014/03/29 14:54:48 | 001,950,720 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/03/29 14:54:39 | 004,745,728 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Administrator\Desktop\aswMBR.exe
[2014/03/29 14:40:10 | 000,094,785 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Infiniti USA eStore.htm
[2014/03/28 09:49:31 | 000,312,607 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v3.pdf
[2014/03/23 15:17:53 | 000,000,155 | ---- | M] () -- C:\WINNT\INTUIT.INI
[2014/03/23 15:15:11 | 000,602,112 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2014/03/23 13:30:52 | 000,388,792 | ---- | M] () -- C:\WINNT\System32\FNTCACHE.DAT
[2014/03/22 10:29:22 | 000,163,059 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Documents_for_your_DocuSign_Signature_-_Updat.pdf
[2014/03/21 10:22:11 | 000,312,501 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v2.pdf
[2014/03/19 21:32:56 | 000,018,637 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.pdf
[2014/03/18 19:56:21 | 000,043,880 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\889956908_build.pdf
[2014/03/17 18:54:43 | 000,002,455 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\TurboTax 2013.lnk
[2014/03/16 18:38:35 | 000,521,577 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\f4868.pdf
[2014/03/15 19:42:06 | 000,198,529 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\VBMTPMenuFeb14.pdf
[2014/03/15 19:12:25 | 000,081,277 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\https citieasydeals.universalcard.pdf
[2014/03/15 10:26:01 | 000,015,812 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\Intuit.pdf
[2014/03/14 21:55:23 | 000,488,206 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\qph75 v1-1-0.zip
[2014/03/14 18:01:01 | 001,111,963 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2014/03/13 22:43:08 | 000,411,907 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\FE_Social_Security_Methodology_0214.pdf
[2014/03/12 10:02:27 | 000,505,162 | ---- | M] () -- C:\WINNT\System32\perfh009.dat
[2014/03/12 10:02:26 | 000,087,298 | ---- | M] () -- C:\WINNT\System32\perfc009.dat
[2014/03/09 17:13:26 | 000,832,761 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\financialplanning201310-13799126730002dad1a4d13-pp.pdf
========== Files Created - No Company Name ==========
[2014/03/31 19:59:47 | 000,001,404 | ---- | C] () -- C:\quotes.csv
[2014/03/29 19:31:40 | 000,171,084 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\211172-GA-1.pdf
[2014/03/29 19:12:15 | 000,190,131 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\http www.ebay.pdf
[2014/03/29 18:41:48 | 004,257,724 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Commercial Catalog.pdf
[2014/03/29 18:02:44 | 000,025,579 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\eBay.pdf
[2014/03/29 17:38:00 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\MBR.dat
[2014/03/29 14:54:05 | 001,950,720 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\adwcleaner.exe
[2014/03/29 14:40:09 | 000,094,785 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Infiniti USA eStore.htm
[2014/03/28 09:49:31 | 000,312,607 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v3.pdf
[2014/03/23 13:30:52 | 000,388,792 | ---- | C] () -- C:\WINNT\System32\FNTCACHE.DAT
[2014/03/22 10:29:24 | 000,163,059 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Documents_for_your_DocuSign_Signature_-_Updat.pdf
[2014/03/21 10:22:10 | 000,312,501 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\McGuffie 09Apr14 Web v2.pdf
[2014/03/19 21:32:55 | 000,018,637 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\022014StatementDisplay.pdf
[2014/03/18 19:56:24 | 000,043,880 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\889956908_build.pdf
[2014/03/16 18:38:33 | 000,521,577 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\f4868.pdf
[2014/03/15 19:12:23 | 000,081,277 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\https citieasydeals.universalcard.pdf
[2014/03/15 10:25:10 | 000,015,812 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\Intuit.pdf
[2014/03/14 21:55:24 | 000,488,206 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\qph75 v1-1-0.zip
[2014/03/14 18:00:46 | 001,111,963 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\scan0001.pdf
[2014/03/13 22:43:05 | 000,411,907 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\FE_Social_Security_Methodology_0214.pdf
[2014/03/09 17:13:22 | 000,832,761 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\financialplanning201310-13799126730002dad1a4d13-pp.pdf
[2013/10/08 21:41:44 | 000,000,288 | ---- | C] () -- C:\Documents and Settings\Administrator\Application Data\.backup.dm
[2012/01/12 20:15:28 | 004,379,496 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-S-1-5-21-515416071-1635729839-3118798863-500-0.dat
[2012/01/12 20:15:25 | 000,372,830 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\WPFFontCache_v0400-System.dat
[2012/01/12 19:55:59 | 000,001,177 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.400.32.bc
[2011/11/20 12:49:01 | 003,153,920 | ---- | C] () -- C:\Documents and Settings\Administrator\secsetup.sdb
[2011/07/11 23:50:36 | 000,000,193 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\Microsoft.SqlServer.Compact.351.32.bc
[2008/02/13 16:43:33 | 000,072,080 | ---- | C] () -- C:\Documents and Settings\Administrator\g2mdlhlpx.exe
[2006/06/08 23:07:13 | 000,000,602 | ---- | C] () -- C:\Documents and Settings\Administrator\backup.sus
[2005/11/16 19:37:50 | 000,052,337 | ---- | C] () -- C:\Documents and Settings\Administrator\WinPatrolLog.html
[2005/11/10 21:48:57 | 000,000,136 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\fusioncache.dat
[2005/11/02 17:50:38 | 000,000,008 | RHS- | C] () -- C:\Documents and Settings\All Users\ntuser.pol
[2005/10/18 21:18:38 | 000,010,240 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
========== ZeroAccess Check ==========
[2003/10/07 08:59:36 | 000,000,227 | RHS- | M] () -- C:\WINNT\assembly\Desktop.ini
[HKEY_CURRENT_USER\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
[HKEY_CURRENT_USER\Software\Classes\clsid\{fbeb8a05-beee-4442-804e-409d6c4515e9}\InProcServer32]
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{42aedc87-2188-41fd-b9a3-0c966feabec1}\InProcServer32]
"" = %SystemRoot%\System32\shdocvw.dll -- [2008/04/13 20:12:05 | 001,499,136 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Apartment
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{5839FCA9-774D-42A1-ACDA-D6A79037F57F}\InProcServer32]
"" = C:\WINNT\System32\wbem\fastprox.dll -- [2009/02/09 08:10:48 | 000,473,600 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Free
[HKEY_LOCAL_MACHINE\Software\Classes\clsid\{F3130CDB-AA52-4C3A-AB32-85FFC23AF9C1}\InProcServer32]
"" = C:\WINNT\System32\wbem\wbemess.dll -- [2008/04/13 20:12:08 | 000,273,920 | ---- | M] (Microsoft Corporation)
"ThreadingModel" = Both
========== LOP Check ==========
[2007/06/02 19:56:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\aignes
[2010/01/31 13:07:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\AltrixSoft
[2012/10/20 09:59:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Auslogics
[2010/01/03 16:25:13 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon
[2014/03/01 02:42:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Canon Easy-WebPrint EX
[2010/02/14 11:10:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\cronometer
[2012/04/19 09:17:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\ElevatedDiagnostics
[2012/09/08 10:24:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\GARMIN
[2007/09/20 19:26:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Leadertech
[2005/11/01 22:00:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Learn2.com
[2009/07/13 20:57:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Neverball
[2004/10/25 23:32:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\pdf995
[2007/05/08 13:41:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\SmartDraw
[2008/12/24 00:12:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Software Informer
[2008/12/13 01:10:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Windows Search
[2013/11/09 17:59:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\WinPatrol
[2009/01/08 00:22:42 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\ActiveSMART
[2013/08/08 19:41:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Auslogics
[2010/01/02 19:17:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2010/01/12 10:45:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJEGV
[2010/01/03 16:25:13 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonIJScan
[2012/11/28 23:42:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CheckPoint
[2011/10/14 20:07:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ClubSanDisk
[2011/03/15 09:03:28 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2009/02/14 02:59:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DFX
[2014/03/25 08:50:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2010/07/28 23:25:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCPitstop
[2012/10/23 21:23:57 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/01/05 19:06:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WhiteCap (Holiday Edition)
[2012/10/28 20:36:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{C3B35EBF-B1F6-4DE1-9682-ED71913E187B}
[2012/03/03 19:23:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{FD7CAB3E-E895-4E98-9D68-A307CC601204}
========== Purity Check ==========
========== Custom Scans ==========
< C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\*.* >
[2005/09/12 14:09:44 | 000,021,504 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Blurry Screen.doc
[2005/09/25 19:25:14 | 000,026,669 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\Dead Pixel Buddy.zip
[2005/08/05 19:14:28 | 000,097,273 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\http shopper.cnet.com 4002-7409_9-6266032.pdf
[2005/10/19 11:37:22 | 004,430,336 | ---- | M] () -- C:\Documents and Settings\Administrator\My Documents\My Downloads 121408\Computer Security\KOMANDO KIM NATIONAL TALKRADIO SHOW E.doc
[1980/01/01 01:00:00 | 000,000,065 | RH-- | C] () -- C:\WINNT\Tasks\desktop.ini
[2003/10/06 17:41:17 | 000,000,006 | -H-- | C] () -- C:\WINNT\Tasks\SA.DAT
[2011/11/14 21:04:38 | 000,000,604 | ---- | C] () -- C:\WINNT\Tasks\SCHEDLGU.TXT
[2013/09/17 21:26:12 | 000,000,826 | ---- | C] () -- C:\WINNT\Tasks\Adobe Flash Player Updater.job
[2013/11/14 10:39:17 | 000,000,384 | -H-- | C] () -- C:\WINNT\Tasks\Microsoft Antimalware Scheduled Scan.job
< End of report >
Edited by joseph456, 04 April 2014 - 06:08 PM.