I have run many anti virus scans but it still comes back....please help.

philipwk

Hello.

Download OTL by OldTimer to your Desktop.

• Close all windows and double click OTL.exe
  
• Click Run Scan and let the program run uninterrupted
  
• It will produce two logs for you, one will pop up - OTL.txt, the other will be saved on your Desktop - Extras.txt. Post both logs in this thread.
  
• You may need to use two posts to get it all.
  

Hi young man....cool avatar.
Ok so I downloaded the OTL started it and it scaned for a few minutes and then this appeared and the OTL disapeared [see attachment]
Well crap I can't put in a attachment because of some rule 57

Your Forum will not allow me to post an attachment I keep getting a message, something about rule? 57 'not enough space'

My apologies that happened...

Go ahead and copy and paste the log in your next reply.

Well I can't run anything on the computer now the virus has gotten so bad
Only thing I can do is get into safe mode.
When I start windows normally the virus/malware is in the system tray and will not let anything run, I can't even do a clean install.

Can you boot to safe mode with networking? attach the logs if needed.

OTL logfile created on: 5/10/2011 9:19:26 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Administrator\My Documents\Downloads
Windows XP Professional Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 78.00% Memory free
4.00 Gb Paging File | 4.00 Gb Available in Paging File | 91.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 32.46 Gb Free Space | 29.04% Space Free | Partition Type: NTFS
Drive E: | 248.42 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: DARREN | User Name: Administrator | Logged in as Administrator.
Boot Mode: SafeMode with Networking | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/05/10 21:18:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
PRC - [2011/05/09 20:03:58 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/01/22 14:11:14 | 000,119,384 | ---- | M] () -- C:\Program Files\IObit\Advanced SystemCare 3\ContextMenu.exe
PRC - [2004/08/04 00:56:49 | 001,032,192 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/05/10 21:18:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\My Documents\Downloads\OTL.exe
MOD - [2010/08/23 09:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/02/28 18:44:14 | 000,183,560 | ---- | M] (Microsoft Corporation.) [On_Demand | Stopped] -- C:\Program Files\Microsoft\BingBar\BBSvc.EXE -- (BBSvc)
SRV - [2011/02/25 10:46:22 | 000,249,648 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft\BingBar\SeaPort.EXE -- (SeaPort)
SRV - [2010/12/13 15:37:46 | 000,135,536 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2010/12/12 21:34:17 | 000,651,720 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2009/09/03 16:44:46 | 000,444,224 | ---- | M] (Rosetta Stone Ltd.) [Auto | Stopped] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe -- (RosettaStoneDaemon)
SRV - [2008/11/11 16:33:12 | 000,200,704 | ---- | M] (SoundMovieServer) [Disabled | Stopped] -- C:\WINDOWS\System32\snmvtsvc.exe -- (SoundMovieServer)
SRV - [2004/01/05 00:27:32 | 000,065,795 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\system32\hpzipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - [2010/12/13 15:37:46 | 000,030,576 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nx6000.sys -- (MSHUSBVideo)
DRV - [2010/08/15 04:48:30 | 000,691,696 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\Drivers\sptd.sys -- (sptd)
DRV - [2010/07/15 16:41:40 | 000,216,400 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2010/06/07 19:51:01 | 000,029,584 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System | Stopped] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/10/27 13:02:14 | 000,023,936 | ---- | M] (Motorola) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\motmodem.sys -- (motmodem)
DRV - [2008/11/27 12:52:00 | 000,022,768 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\usbsermpt.sys -- (usbsermpt)
DRV - [2008/11/11 15:58:02 | 000,003,768 | ---- | M] (Windows (R) 2000 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCVideo.sys -- (MusCVideo)
DRV - [2008/11/11 15:58:00 | 000,023,096 | ---- | M] (Windows (R) Codename Longhorn DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\MusCAudio.sys -- (MusCAudio)
DRV - [2006/10/11 18:43:54 | 001,777,152 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/07/25 11:04:08 | 000,048,640 | ---- | M] (Prolific Technology Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ser2pl.sys -- (Ser2pl)
DRV - [2005/02/23 14:58:56 | 000,011,776 | ---- | M] (Arcsoft, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\afc.sys -- (Afc)
DRV - [2004/08/03 23:08:21 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gameenum.sys -- (gameenum)
DRV - [2004/05/25 15:58:04 | 000,396,032 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvapu.sys -- (nvnforce) Service for NVIDIA(R) nForce(TM)
DRV - [2004/05/25 15:58:02 | 000,048,640 | ---- | M] (NVIDIA Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\nvax.sys -- (nvax) Service for NVIDIA(R) nForce(TM)
DRV - [2003/09/29 22:25:22 | 000,022,880 | R--- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\drivers\Gvcpldrv.sys -- (GVCplDrv)
DRV - [2002/11/05 23:48:08 | 000,005,376 | R--- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Stopped] -- C:\Documents and Settings\Administrator\Local Settings\temp\ATICDSDr.sys -- (ATICDSDr)
DRV - [2002/09/22 19:37:00 | 000,080,896 | R--- | M] (NVIDIA Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NVENET.sys -- (NVENET)
DRV - [2002/09/05 20:24:00 | 000,013,568 | R--- | M] (NVIDIA Corporation) [Kernel | Boot | Running] -- C:\WINDOWS\System32\DRIVERS\nv_agp.sys -- (nv_agp)
DRV - [2002/08/13 06:27:22 | 000,074,338 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\el90Xbc5.SYS -- (EL90Xbc)
DRV - [2001/08/17 14:51:32 | 000,018,688 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\irsir.sys -- (irsir)
DRV - [2001/08/17 07:00:04 | 000,002,944 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\msmpu401.sys -- (ms_mpu401)
DRV - [2001/08/17 06:28:18 | 000,794,399 | ---- | M] (U.S. Robotics, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USR1806V.SYS -- (USR1806V)
DRV - [1999/09/10 12:06:00 | 000,025,244 | ---- | M] (Adaptec) [Kernel | System | Stopped] -- C:\WINDOWS\System32\drivers\ASPI32.SYS -- (Aspi32)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie

IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..network.proxy.type: 0

FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/05/09 20:04:04 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0.1\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/05/01 21:07:37 | 000,000,000 | ---D | M]

[2011/05/10 21:15:23 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Administrator\Application Data\Mozilla\Extensions
[2011/03/28 21:33:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
File not found (No name found) --
[2011/05/09 20:03:57 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml.old

Hosts file not found
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Conduit Engine ) - {30F9B915-B755-4826-820B-08FBA6BD249D} - C:\Program Files\ConduitEngine\prxConduitEngine.dll (Conduit Ltd.)
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (Java(tm) Plug-In SSV Helper) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre6\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Bing Bar Helper) - {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - C:\Program Files\Microsoft\BingBar\BingExt.dll (Microsoft Corporation.)
O2 - BHO: (Ask Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask)
O2 - BHO: (DVDVideoSoftTB Toolbar) - {e9911ec6-1bcc-40b0-9993-e0eea7f6953f} - C:\Program Files\DVDVideoSoft\prxtbDVD0.dll (Conduit Ltd.)
O2 - BHO: (SmartSelect Class) - {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-8398-26FADCF27386} - No CLSID value found.
O3 - HKLM\..\Toolbar: (no name) - {A057A204-BACC-4D26-9990-79A187E2698E} - No CLSID value found.
O4 - HKLM..\Run: [Acrobat Assistant 8.0] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe (Adobe Systems Inc.)
O4 - HKLM..\Run: [Adobe Acrobat Speed Launcher] C:\Program Files\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe (Adobe Systems Incorporated)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\CLIStart.exe ()
O4 - HKLM..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe (Brother Industries, Ltd.)
O4 - HKLM..\Run: [DXDllRegExe] File not found
O4 - HKLM..\Run: [EPSON Stylus Photo R200 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S4I2H1.EXE (SEIKO EPSON CORPORATION)
O4 - HKLM..\Run: [LifeCam] C:\Program Files\Microsoft LifeCam\LifeExp.exe (Microsoft Corporation)
O4 - HKLM..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl04g\BrStDvPt.exe (Brother Industories, Ltd.)
O4 - HKLM..\Run: [ShowIcon_The Company_USB Product Driver v2.16r002] File not found
O4 - HKLM..\Run: [SoundMan] C:\WINDOWS\SOUNDMAN.EXE (Realtek Semiconductor Corp.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Infodelivery present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: LinkResolveIgnoreLinkInfo = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoResolveSearch = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: RestrictRun = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Rip YouTube File - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Rip YouTube file embedded in this page - {38E51477-DDB4-4aed-9D61-D0C193E10749} - C:\Program Files\AllMusicConverter\YouTubeRipper.dll ()
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227673403375 (WUWebControl Class)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1256495627796 (MUWebControl Class)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset.com/special/eos-beta/OnlineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab (Reg Error: Value error.)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab (Reg Error: Value error.)
O16 - DPF: Garmin Communicator Plug-In https://static.garmincdn.com/gcp/ie/2.9.1.0/GarminAxControl.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - Reg Error: Key error. File not found
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - Reg Error: Key error. File not found
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\dimsntfy: DllName - Reg Error: Value error. - Reg Error: Value error. File not found
O24 - Desktop BackupWallPaper:
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2008/11/25 18:46:34 | 000,000,000 | -HS- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2003/12/10 00:47:28 | 000,000,000 | R--D | M] - E:\AUTORUN -- [ CDFS ]
O32 - AutoRun File - [2003/09/25 18:41:56 | 000,000,048 | R--- | M] () - E:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
O37 - HKCU\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/05/10 21:18:31 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/10 21:18:31 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\My Documents\Downloads
[2011/05/10 21:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2011/05/10 21:16:56 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2011/05/10 21:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Local Settings\Application Data\Mozilla
[2011/05/10 21:14:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2011/05/09 21:00:55 | 000,861,696 | ---- | C] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/05/09 19:29:49 | 000,000,000 | ---D | C] -- C:\WINDOWS\Prefetch
[2011/05/08 14:22:09 | 000,000,000 | ---D | C] -- C:\WINDOWS\Performance
[2011/05/08 14:21:35 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows 7 Upgrade Advisor
[2011/05/08 13:21:20 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/05/07 13:39:24 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/05/07 11:21:13 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/05/05 20:24:39 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/05 20:24:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/05/05 20:24:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/05/05 20:24:34 | 000,020,952 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/05/05 20:24:34 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/05/04 19:58:37 | 000,000,000 | -HSD | C] -- C:\WINDOWS\CSC
[2011/05/04 17:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple Computer
[2011/05/04 17:59:30 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Apple Computer
[2011/05/02 18:29:03 | 000,000,000 | ---D | C] -- C:\rsit
[2011/05/01 20:12:55 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Xvid
[2011/05/01 20:12:54 | 000,000,000 | ---D | C] -- C:\Program Files\Xvid
[2011/05/01 14:52:25 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Threat Expert
[2011/05/01 13:13:06 | 000,000,000 | ---D | C] -- C:\Inetpub
[2011/05/01 13:00:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows Support Tools
[2011/05/01 13:00:12 | 000,000,000 | ---D | C] -- C:\Program Files\Support Tools
[2011/04/28 17:38:18 | 000,098,392 | ---- | C] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/27 11:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\AskToolbar
[2011/04/25 18:12:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Rootkit Unhooker LE
[2011/04/25 18:07:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\7-Zip
[2011/04/25 18:07:11 | 000,000,000 | ---D | C] -- C:\Program Files\7-Zip
[2011/04/23 20:47:26 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/04/23 20:47:26 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/04/23 20:47:26 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/04/23 20:47:26 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/04/23 17:21:35 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Perfect Uninstaller
[2011/04/23 17:21:33 | 000,000,000 | ---D | C] -- C:\Program Files\Perfect Uninstaller
[2011/04/21 21:58:16 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\ParetoLogic
[2011/04/21 21:58:14 | 000,000,000 | ---D | C] -- C:\Program Files\ParetoLogic
[2011/04/21 21:58:14 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\ParetoLogic
[2011/04/21 21:29:39 | 000,000,000 | R--D | C] -- C:\Documents and Settings\Administrator\Recent
[2011/04/21 20:57:00 | 000,000,000 | ---D | C] -- C:\Windows Recovery
[2011/04/21 20:47:23 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Sun
[2011/04/18 17:55:10 | 000,000,000 | -HSD | C] -- C:\Documents and Settings\Administrator\PrivacIE
[2011/04/16 21:30:09 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
[2011/04/16 18:19:20 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/16 15:51:43 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/16 15:51:40 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/13 17:28:58 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\nNg01817eNlFj01817

========== Files - Modified Within 30 Days ==========

[2011/05/10 21:20:55 | 000,000,095 | ---- | M] () -- C:\Documents and Settings\Administrator\Desktop\I have the XP Anti-Virus 2011 & need help..URL
[2011/05/10 21:18:36 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Administrator\Desktop\OTL.exe
[2011/05/10 21:15:15 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/05/10 21:04:07 | 000,013,646 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/10 21:03:20 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/05/09 22:04:29 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\AWC AutoSweep.job
[2011/05/09 21:01:00 | 000,000,236 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2011/05/09 21:00:57 | 000,000,791 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/09 21:00:56 | 000,861,696 | ---- | M] (BitDefender) -- C:\Documents and Settings\All Users\Application Data\defender.exe
[2011/05/09 20:32:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\WebReg 20090507203209.job
[2011/05/09 20:19:20 | 000,000,088 | ---- | M] () -- C:\WINDOWS\VSWizard.ini
[2011/05/09 19:50:05 | 000,001,862 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/09 19:34:15 | 000,450,162 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/05/09 19:34:15 | 000,074,354 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/05/09 19:33:35 | 000,023,392 | ---- | M] () -- C:\WINDOWS\System32\nscompat.tlb
[2011/05/09 19:33:35 | 000,016,832 | ---- | M] () -- C:\WINDOWS\System32\amcompat.tlb
[2011/05/09 19:28:49 | 000,327,504 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/05/09 19:09:08 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2011/05/08 20:05:02 | 000,001,319 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/05/08 16:29:00 | 000,000,982 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-725345543-1003UA.job
[2011/05/08 16:24:59 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagwrn.xml
[2011/05/08 16:24:59 | 000,001,908 | ---- | M] () -- C:\WINDOWS\diagerr.xml
[2011/05/08 14:15:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/05/08 12:29:00 | 000,000,930 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1202660629-583907252-725345543-1003Core.job
[2011/05/05 20:24:39 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 20:12:15 | 000,000,064 | ---- | M] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/05/04 20:12:15 | 000,000,044 | ---- | M] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/05/04 18:00:00 | 000,000,446 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/05/01 14:43:55 | 000,000,112 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\MxS2VvD2.dat
[2011/04/30 15:53:00 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/04/30 13:11:12 | 000,014,236 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\535yh84146fpewg27u3tu0k
[2011/04/30 11:24:40 | 000,013,538 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\561988593
[2011/04/30 11:24:05 | 000,013,542 | -HS- | M] () -- C:\Documents and Settings\All Users\Application Data\3920450109
[2011/04/29 15:47:48 | 000,001,778 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DAK Wave MP3 Editor PRO.lnk
[2011/04/29 01:50:00 | 000,000,420 | ---- | M] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/04/28 17:38:18 | 000,098,392 | ---- | M] (Sunbelt Software) -- C:\WINDOWS\System32\drivers\SBREDrv.sys
[2011/04/27 11:13:13 | 000,157,184 | RHS- | M] () -- C:\WINDOWS\System32\wshcon2.dll
[2011/04/23 20:30:02 | 000,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2011/04/23 17:21:45 | 000,000,042 | ---- | M] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/04/23 15:46:17 | 075,045,523 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/04/21 21:58:23 | 000,000,378 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/04/21 21:58:22 | 000,000,360 | ---- | M] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/04/21 20:57:02 | 000,000,160 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899892
[2011/04/21 20:57:02 | 000,000,128 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\~16899892r
[2011/04/21 20:57:00 | 000,000,721 | ---- | M] () -- C:\Windows Recovery.lnk
[2011/04/21 20:56:52 | 000,000,328 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\16899892

========== Files Created - No Company Name ==========

[2011/05/10 21:20:55 | 000,000,095 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\I have the XP Anti-Virus 2011 & need help..URL
[2011/05/09 21:00:57 | 000,000,791 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malware Protection.lnk
[2011/05/08 14:21:36 | 000,001,868 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Windows 7 Upgrade Advisor.lnk
[2011/05/08 14:21:36 | 000,001,862 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Windows 7 Upgrade Advisor.lnk
[2011/05/08 14:16:18 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagwrn.xml
[2011/05/08 14:16:18 | 000,001,908 | ---- | C] () -- C:\WINDOWS\diagerr.xml
[2011/05/05 20:24:39 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/05/04 20:04:26 | 004,337,362 | ---- | C] () -- C:\Documents and Settings\Administrator\My Documents\ComboFix.exe
[2011/05/04 20:02:22 | 004,337,362 | ---- | C] () -- C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
[2011/05/01 20:12:56 | 000,650,752 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2011/05/01 20:12:56 | 000,240,640 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2011/05/01 14:43:55 | 000,000,112 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\MxS2VvD2.dat
[2011/05/01 12:51:31 | 000,001,319 | ---- | C] () -- C:\WINDOWS\imsins.BAK
[2011/04/30 11:24:40 | 000,013,538 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\561988593
[2011/04/30 11:24:05 | 000,013,542 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\3920450109
[2011/04/30 11:17:30 | 000,014,236 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\535yh84146fpewg27u3tu0k
[2011/04/30 11:17:30 | 000,013,652 | -HS- | C] () -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\535yh84146fpewg27u3tu0k
[2011/04/28 17:39:00 | 000,000,064 | ---- | C] () -- C:\WINDOWS\System32\rp_stats.dat
[2011/04/28 17:39:00 | 000,000,044 | ---- | C] () -- C:\WINDOWS\System32\rp_rules.dat
[2011/04/27 11:13:13 | 000,157,184 | RHS- | C] () -- C:\WINDOWS\System32\wshcon2.dll
[2011/04/23 20:47:26 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/04/23 20:47:26 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/04/23 20:47:26 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/04/23 20:47:26 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/04/23 20:47:26 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/04/23 17:21:45 | 000,000,042 | ---- | C] () -- C:\WINDOWS\System32\AK083E209605E394C.lie
[2011/04/21 21:58:47 | 000,000,446 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Registration3.job
[2011/04/21 21:58:24 | 000,000,420 | ---- | C] () -- C:\WINDOWS\tasks\ParetoLogic Update Version3.job
[2011/04/21 21:58:22 | 000,000,378 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor Defrag.job
[2011/04/21 21:58:20 | 000,000,360 | ---- | C] () -- C:\WINDOWS\tasks\PC Health Advisor.job
[2011/04/21 20:57:02 | 000,000,160 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899892
[2011/04/21 20:57:02 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\~16899892r
[2011/04/21 20:57:00 | 000,000,721 | ---- | C] () -- C:\Windows Recovery.lnk
[2011/04/21 20:56:52 | 000,000,328 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\16899892
[2011/04/02 17:30:49 | 000,000,426 | ---- | C] () -- C:\WINDOWS\BRWMARK.INI
[2011/04/02 17:29:53 | 000,000,065 | ---- | C] () -- C:\WINDOWS\System32\BD7020.dat
[2011/04/02 17:29:18 | 000,077,824 | ---- | C] () -- C:\WINDOWS\System32\BROSNMP.DLL
[2011/02/12 18:52:54 | 000,289,824 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2011/02/05 14:52:25 | 000,000,056 | ---- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2010/12/18 18:21:03 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2010/12/13 20:39:09 | 000,074,108 | ---- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/11/10 20:30:34 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\RTLCPAPI.dll
[2010/07/17 12:01:47 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Bjuhitesuzup.bin
[2010/07/17 12:01:46 | 000,000,120 | ---- | C] () -- C:\WINDOWS\Hdapiker.dat
[2010/05/23 13:59:34 | 000,059,924 | ---- | C] () -- C:\WINDOWS\System32\libdvdcss-2.dll
[2010/04/01 20:34:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2010/01/27 22:38:10 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2010/01/14 22:07:11 | 000,000,070 | ---- | C] () -- C:\WINDOWS\GECKOS.INI
[2009/12/20 12:05:52 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\Machinist2.dll
[2009/12/12 15:55:12 | 000,000,316 | ---- | C] () -- C:\WINDOWS\PICKLIST.INI
[2009/12/12 15:54:13 | 000,000,303 | ---- | C] () -- C:\WINDOWS\MIREPAIR.INI
[2009/12/12 15:54:13 | 000,000,058 | ---- | C] () -- C:\WINDOWS\MITCHELL.INI
[2009/12/12 15:54:06 | 000,003,032 | ---- | C] () -- C:\WINDOWS\ODWIN.INI
[2009/12/12 15:54:06 | 000,000,754 | ---- | C] () -- C:\WINDOWS\BTI.INI
[2009/11/22 12:56:31 | 000,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2009/10/21 20:15:04 | 000,027,440 | ---- | C] () -- C:\WINDOWS\System32\drivers\secdrv.sys
[2009/08/29 21:19:27 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat
[2009/08/29 21:19:27 | 000,029,566 | ---- | C] () -- C:\WINDOWS\hpoins03.dat
[2009/08/29 21:12:10 | 000,038,867 | ---- | C] () -- C:\WINDOWS\hpomdl03.dat.temp
[2009/08/29 21:12:10 | 000,029,232 | ---- | C] () -- C:\WINDOWS\hpoins03.dat.temp
[2009/08/03 16:07:42 | 000,403,816 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.dll
[2009/08/03 16:07:42 | 000,230,768 | ---- | C] () -- C:\WINDOWS\System32\OGAEXEC.exe
[2009/06/20 19:14:15 | 000,395,776 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2009/06/20 19:14:15 | 000,262,144 | ---- | C] () -- C:\WINDOWS\System32\TomsMoComp_ff.dll
[2009/06/20 19:14:15 | 000,112,640 | ---- | C] () -- C:\WINDOWS\System32\libmpeg2_ff.dll
[2009/06/05 14:39:08 | 000,008,356 | ---- | C] () -- C:\Program Files\Acknowledgements.rtf
[2009/05/24 12:36:22 | 000,000,023 | ---- | C] () -- C:\WINDOWS\Neo Firmware Update.INI
[2009/05/21 19:26:57 | 000,348,160 | ---- | C] () -- C:\WINDOWS\System32\cdga.dll
[2009/05/17 21:15:29 | 000,000,088 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2009/05/17 11:43:25 | 000,000,000 | ---- | C] () -- C:\WINDOWS\ativpsrm.bin
[2009/03/03 15:01:50 | 000,003,584 | ---- | C] () -- C:\Documents and Settings\Administrator\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/02/25 13:58:44 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativva5x.dat
[2009/02/25 13:58:44 | 000,887,724 | ---- | C] () -- C:\WINDOWS\System32\ativva6x.dat
[2009/01/26 10:55:37 | 000,136,650 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2008/12/13 20:38:32 | 001,208,320 | ---- | C] () -- C:\WINDOWS\System32\cygxml2-2.dll
[2008/12/13 20:38:32 | 000,062,464 | ---- | C] () -- C:\WINDOWS\System32\cygz.dll
[2008/12/13 20:38:31 | 000,980,992 | ---- | C] () -- C:\WINDOWS\System32\cygiconv-2.dll
[2008/12/05 22:53:16 | 000,022,528 | ---- | C] () -- C:\WINDOWS\exeshl.dll
[2008/12/05 22:53:16 | 000,000,144 | ---- | C] () -- C:\WINDOWS\netctrl.ini
[2008/12/02 20:06:03 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/11/30 13:59:26 | 000,098,304 | ---- | C] () -- C:\WINDOWS\System32\neo_uninst.exe
[2008/11/30 13:01:00 | 000,118,784 | ---- | C] () -- C:\WINDOWS\System32\Jpeg32.dll
[2008/11/30 13:00:50 | 000,001,056 | ---- | C] () -- C:\WINDOWS\maxlink.ini
[2008/11/30 13:00:50 | 000,000,090 | ---- | C] () -- C:\WINDOWS\calera.ini
[2008/11/30 13:00:42 | 000,269,312 | ---- | C] () -- C:\WINDOWS\System32\FPXIG.DLL
[2008/11/30 13:00:42 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\IGFPX32P.DLL
[2008/11/30 13:00:42 | 000,065,024 | ---- | C] () -- C:\WINDOWS\System32\JPEGACC.DLL
[2008/11/30 13:00:22 | 000,101,376 | ---- | C] () -- C:\WINDOWS\System32\WELSOF32.DLL
[2008/11/29 19:20:56 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2008/11/27 12:36:40 | 000,000,364 | ---- | C] () -- C:\WINDOWS\Ulead32.ini
[2008/11/27 12:34:58 | 000,000,045 | ---- | C] () -- C:\WINDOWS\MDSC2.INI
[2008/11/27 12:34:56 | 000,000,000 | ---- | C] () -- C:\WINDOWS\DELAY.INI
[2008/11/27 11:51:56 | 000,001,368 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2008/11/26 19:10:50 | 000,000,088 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2008/11/25 22:13:24 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\ati2sgag.exe
[2008/11/25 22:12:25 | 007,860,224 | ---- | C] () -- C:\WINDOWS\System32\VTunner.exe
[2008/11/25 22:12:25 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\GVTunner.dll
[2008/11/25 22:12:25 | 000,122,880 | ---- | C] () -- C:\WINDOWS\System32\Nvflashl.dll
[2008/11/25 22:12:24 | 000,544,768 | ---- | C] () -- C:\WINDOWS\System32\G-vga.exe
[2008/11/25 22:12:24 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\Guninst.exe
[2008/11/25 22:12:24 | 000,000,155 | ---- | C] () -- C:\WINDOWS\System32\Gfreq.ini
[2008/11/25 22:09:37 | 000,022,880 | R--- | C] () -- C:\WINDOWS\System32\drivers\Gvcpldrv.sys
[2008/11/25 21:33:11 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2008/11/25 20:25:05 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2008/11/25 20:24:53 | 000,000,066 | ---- | C] () -- C:\WINDOWS\ESPR200.ini
[2008/11/25 19:38:03 | 000,001,024 | R--- | C] () -- C:\WINDOWS\System32\drivers\jedih2rx.bin
[2008/11/25 19:38:03 | 000,000,122 | R--- | C] () -- C:\WINDOWS\System32\drivers\ramsed.bin
[2008/11/25 19:38:00 | 000,018,253 | ---- | C] () -- C:\WINDOWS\System32\ssnvfx.ini
[2008/11/25 19:36:41 | 000,003,597 | ---- | C] () -- C:\WINDOWS\Ascd_tmp.ini
[2008/11/25 19:36:40 | 000,005,824 | ---- | C] () -- C:\WINDOWS\System32\drivers\ASUSHWIO.SYS
[2008/11/25 18:48:33 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2008/11/25 18:44:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2008/11/25 10:30:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2008/11/25 10:29:57 | 000,327,504 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2006/10/11 18:26:36 | 003,107,788 | ---- | C] () -- C:\WINDOWS\System32\ativvaxx.dat
[2005/10/14 03:56:50 | 000,921,600 | ---- | C] () -- C:\WINDOWS\System32\VorbisEnc.dll
[2005/10/14 03:56:50 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\xvid.dll
[2005/10/14 03:56:50 | 000,237,568 | ---- | C] () -- C:\WINDOWS\System32\OggDS.dll
[2005/10/14 03:56:50 | 000,188,416 | ---- | C] () -- C:\WINDOWS\System32\vorbis.dll
[2005/10/14 03:56:50 | 000,155,136 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2005/10/14 03:56:50 | 000,045,056 | ---- | C] () -- C:\WINDOWS\System32\ogg.dll
[2004/07/29 03:19:46 | 000,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2004/07/27 21:44:08 | 000,040,960 | ---- | C] () -- C:\WINDOWS\SPARKEY.DLL
[2004/01/05 00:27:36 | 000,565,248 | ---- | C] () -- C:\WINDOWS\System32\hpotscl.dll
[2003/10/28 00:58:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(4).dll
[2003/10/28 00:58:18 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(3).dll
[2003/10/28 00:58:12 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(3).exe
[2003/10/28 00:58:12 | 000,376,832 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx(2).exe
[2003/03/31 05:00:00 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2003/03/31 05:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2003/03/31 05:00:00 | 000,450,162 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2003/03/31 05:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2003/03/31 05:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2003/03/31 05:00:00 | 000,074,354 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2003/03/31 05:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2003/03/31 05:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2003/03/31 05:00:00 | 000,004,461 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2003/03/31 05:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2003/03/31 05:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/08/13 20:09:48 | 000,659,520 | ---- | C] () -- C:\WINDOWS\System32\vbid3lib.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\WINDOWS\SOUNDMAN.EXE:SummaryInformation
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6971CCC5
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A8ADE5D8

< End of report >

I don't see the "Extras.txt"
Maybe because I am in SAFE MODE?

pk

Ok found the Extras txt document:
OTL Extras logfile created on: 5/7/2011 10:25:09 PM - Run 1
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Philip\Desktop
Windows XP Professional Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 2.00 Gb Available Physical Memory | 71.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 84.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 111.75 Gb Total Space | 33.76 Gb Free Space | 30.21% Space Free | Partition Type: NTFS

Computer Name: DARREN | User Name: Philip | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\fst.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "C:\Documents and Settings\NetworkService\Local Settings\Application Data\fst.exe" -a "%1" %* (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
jsfile [edit] -- "C:\Program Files\Macromedia\Dreamweaver 8\dreamweaver.exe" "%1" (Macromedia, Inc.)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusOverride" = 1
"FirewallOverride" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:Firefox -- (Mozilla Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeEnC2.exe" = C:\Program Files\Microsoft LifeCam\LifeEnC2.exe:*:Enabled:LifeEnC2.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeTray.exe" = C:\Program Files\Microsoft LifeCam\LifeTray.exe:*:Enabled:LifeTray.exe -- (Microsoft Corporation)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServices.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Ltd Services -- (Rosetta Stone Ltd.)
"C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe" = C:\Program Files\RosettaStoneLtdServices\RosettaStoneDaemon.exe:127.0.0.1/255.255.255.255:Enabled:Rosetta Stone Daemon -- (Rosetta Stone Ltd.)
"C:\WINDOWS\system32\dpvsetup.exe" = C:\WINDOWS\system32\dpvsetup.exe:*:Enabled:Microsoft DirectPlay Voice Test -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0FABD3D7-3036-4e78-B29D-58957ADB0A12}" = HP PSC & OfficeJet 3.5
"{104A059B-CD20-4632-A8F6-D8C80E14782D}" = Magellan POI File Editor
"{1727CD47-A408-11d2-AFAD-00C04F72FB3E}" = VBA
"{1C02D187-9256-4B08-92D1-82922DBE4D52}" = DAK Wave MP3 Editor PRO v3.6b
"{1F7473D9-6C0B-4F5A-8FA4-AB8AD78CBE54}" = DocProc
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{24C8FBF7-26C6-48ca-834B-A4E5C09E362F}" = AiO_Scan
"{257EC58E-03FD-472B-A9B6-93F23A3C4CB0}" = Scan
"{26A24AE4-039D-4CA4-87B4-2F83216011FF}" = Java(TM) 6 Update 11
"{29B50D30-EAFC-4cea-9F76-3A0E3729E9B0}" = SkinsHP1
"{2A981294-F14C-4F0F-9627-D793270922F8}" = Bonjour
"{300A2961-B2B5-4889-9CB9-5C2A570D08AD}" = Debugging Tools for Windows (x86)
"{300D9EF4-2721-4cb4-A6C3-FB2337CFEA2D}" = AIOMinimal
"{308B6AEA-DE50-4666-996D-0FA461719D6B}" = Apple Mobile Device Support
"{326057C5-6185-4C85-A630-9C2FC2DB3F93}" = Rosetta Stone Ltd Services
"{34957B51-9676-41CE-9E52-44AE91B73F1C}" = HP Software Update
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BE480ED-E17A-431A-981C-5C2EDDBCD3BF}" = Macromedia Flash MX
"{3CBF3EBB-235D-4c29-A68B-2BB1F428586E}" = ParetoLogic PC Health Advisor
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{48242276-DB89-42e8-9678-BD4280D7B99A}" = Copy
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{57C7C46A-D35D-492d-A328-4F8C9B5B4B52}" = PrintScreen
"{595D0DE8-C38A-4432-B851-47DECC1A99BD}" = HP Unload DLL Patch
"{5C584ABC-0A83-40AC-83D5-B1695A96FEE2}" = Macromedia Contribute
"{61BEA823-ECAF-49F1-8378-A59B3B8AD247}" = Microsoft Default Manager
"{625386A4-B6B6-4911-A6E8-23189C3F2D15}" = Microsoft .NET Compact Framework 2.0
"{62F79C52-E264-44ab-ABC2-7BEA2962C70D}" = 5500Trb
"{63F2408D-A675-4d97-A256-70EACB6B9B4A}" = AiOSoftware
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6D4E56A1-22EE-44d8-BD14-7B9FB7F80D1B}" = 5500_Help
"{7148F0A8-6813-11D6-A77B-00B0D0142150}" = Java 2 Runtime Environment, SE v1.4.2_15
"{723C033E-63EA-4227-BAB2-0AA8693C16EB}" = Director
"{73006B34-9743-4A39-AC37-38EDFCEB6DCE}" = Adobe Product/Adobe Studio Update 10/2001
"{73C23496-A105-4b6f-B8F0-22523DFE4E4E}" = 5500
"{745A92AF-53B4-41A7-91C3-9B026B1D5897}" = InstantShare
"{766273C1-A39B-47EB-ACE8-DEBDD8094BCC}" = overland
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{77F8A71E-3515-4832-B8B2-2F1EDBD2E0F1}" = Bing Bar
"{7CEBE551-AA55-4C12-A68D-9A52D53339AF}" = Screen Memories
"{81DD5688-695A-4c1d-AE7D-368BF857725A}" = TrayApp
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{8398B542-3CC4-44D9-83DF-696CCE70124B}" = Windows Support Tools
"{83ED1E80-A1B7-4226-BCF1-AC4A88151A6B}" = Microsoft Streets & Trips 2006
"{86D4B82A-ABED-442A-BE86-96357B70F4FE}" = Ask Toolbar
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{881F5DE8-9367-4B81-A325-E91BBC6472F9}" = iTunes
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8B4AB829-DFD3-436D-B808-D9733D76C590}" = Macromedia Dreamweaver MX
"{8B4AE751-7055-4518-87B0-E148A8D50D0A}" = Macromedia FreeHand MX
"{8BB15793-E03A-42A7-A143-6F29A0E4924D}" = ATI Catalyst Control Center
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90170409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office FrontPage 2003
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{91E30409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{930B2432-43D4-11D5-9871-00C04F8EEB39}" = Macromedia Fireworks MX
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9B03C535-3AEA-4ef2-B326-0A01A2207034}" = CreativeProjects
"{9D18F7F8-B984-4249-8512-CC621BC59F12}" = Microsoft Location Finder
"{A0673E9E-4510-4AA0-B860-58FD5A7212A1}" = Motorola Driver Installation 4.5.0
"{A2500497-FD32-493e-B8E5-28D6728DBEF5}" = Readme
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A71D5E81-B967-43DB-93D7-FD31BFB95748}" = MobileMe Control Panel
"{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}" = Adobe Acrobat 9 Pro - English, Français, Deutsch
"{AF226123-1A6F-4ec1-8DEF-E35E7A0D0127}" = Fax
"{B2544A03-10D0-4E5E-BA69-0362FFC20D18}" = OGA Notifier 2.0.0048.0
"{B3BC9DB1-0B0A-48B0-B86B-EA77CAA7F800}" = Microsoft Corporation
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{BAD8CA9C-77C0-4663-B00B-A8D3B13C341B}" = Motorola Phone Tools
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BC339BFD-F550-471a-8D26-4D08126C62F7}" = SkinsHP2
"{BD71B413-9FEE-49BB-A6D1-2C0BFB99BDFE}" = Microsoft LifeCam
"{BED03D32-9AE6-450F-8F61-92F3D9E4D2B9}" = USB Product Driver v2.16r002
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C41300B9-185D-475E-BFEC-39EF732F19B1}" = Apple Software Update
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CBE3E0AF-73BB-4c21-8B96-B09E003EDE7F}" = QuickProjects
"{CD95D125-2992-4858-B3EF-5F6FB52FBAD6}" = Skype Toolbars
"{CDBFDD5B-50E0-4021-94AF-516B80509ABE}" = 5500Tour
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D0886AA2-F0B6-4EED-9CF9-B8084B796FB1}" = Power Chinese
"{D186329B-1B4D-408D-ABEC-EA5CE1F182C9}" = Overland
"{D444D748-EB5A-4A94-A84C-EA58A9FC52F5}" = OBD-PC Link
"{D83BD5E2-5AF4-49F6-B5C1-484A9760E73D}" = Brother MFL-Pro Suite
"{E0E1EFC2-FE99-11D3-99C7-0040F6982C20}" = PaperPort Printer Driver
"{E1E502E2-C006-49DB-9C0C-F2196E51826F}_is1" = Rootkit Unhooker LE 3.8 SR 2
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.1
"{E8BFBD0A-8002-4dc9-869C-E495FA9DCE7A}" = PhotoGallery
"{ECC3713C-08A4-40E3-95F1-7D0704F1CE5E}" = PL-2303 USB-to-Serial
"{EE6097DD-05F4-4178-9719-D3170BF098E8}" = Apple Application Support
"{EF6F70D0-C242-4047-946B-98EA8208481A}" = ArcSoft TotalMedia Backup & Record
"{F1AE162A-2958-4EAD-B861-2EB5FD1D86E9}" = DAK Wave MP3 Editor PRO v5.1b
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}" = Visual C++ 2008 x86 Runtime - (v9.0.30729)
"{F333A33D-125C-32A2-8DCE-5C5D14231E27}.vc_x86runtime_30729_01" = Visual C++ 2008 x86 Runtime - v9.0.30729.01
"{F49FEF83-45CA-4CE8-8304-A7372BA07AA9}" = Motorola Phone Tools
"{FB08F381-6533-4108-B7DD-039E11FBC27E}" = Realtek AC'97 Audio
"{FBBF532A-47AC-457d-AC06-0D3163D8911E}" = WebReg
"7-Zip" = 7-Zip 9.20
"A106663FD3361BDFACB045D83EBA03858EB1E411" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop 6.0" = Adobe Photoshop 6.0
"Adobe SVG Viewer" = Adobe SVG Viewer
"Advanced SystemCare 3_is1" = Advanced SystemCare 3
"All ATI Software" = ATI - Software Uninstall Utility
"AllMusicConverter_is1" = AllMusicConverter 3.6.5
"ATI Display Driver" = ATI Display Driver
"conduitEngine" = Conduit Engine
"Cucusoft DVD to iPod + iPod Video Converter Suite_is1" = Cucusoft DVD to iPod + iPod Video Converter Suite 3.16.3.29
"Cucusoft Ultimate DVD + Video Converter Suite_is1" = Cucusoft Ultimate DVD + Video Converter Suite 8.8.8.8
"DVDneXtCOPY 3 Ultimate" = DVDneXtCOPY 3 Ultimate
"DVDVideoSoft Toolbar" = DVDVideoSoft Toolbar
"Easy Duplicate Finder_is1" = Easy Duplicate Finder v. 2.2.4
"EPSON Printer and Utilities" = EPSON Printer Software
"ESET Online Scanner" = ESET Online Scanner v3
"F2F24872454C7CAEAABD8BB063F70FBEFF01989D" = Windows Driver Package - FTDI CDM Driver Package (03/13/2008 2.04.06)
"Flame Skin" = Flame Skin
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.91
"Free Text Pad" = Free Text Pad
"Free WMA to MP3 Converter_is1" = Free WMA to MP3 Converter 1.16
"Free YouTube to MP3 Converter_is1" = Free YouTube to MP3 Converter version 3.2
"FT-50 Programmer" = FT-50 Programmer
"GIGABYTE V-Tuner" = GIGABYTE V-Tuner
"HijackThis" = HijackThis 2.0.2
"HP Photo & Imaging" = HP Image Zone 3.5
"ie8" = Windows Internet Explorer 8
"ieSpell" = ieSpell
"iGolfNeo" = iGolf Neo Sync Application
"iPhoto Plus 4" = iPhoto Plus 4
"Machinist 2" = Machinist 2
"Machinist2DLL" = Machinist2DLL
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Moleskinsoft Clone Remover 3.8_is1" = Moleskinsoft Clone Remover 3.8
"Mozilla Firefox 4.0 (x86 en-US)" = Mozilla Firefox 4.0 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NVIDIAnForce" = NVIDIA Windows 2000/XP nForce Drivers
"PaperPort 7.02" = PaperPort 7.02
"Perfect Uninstaller_is1" = Perfect Uninstaller v6.3.3.9
"Speed Skin" = Speed Skin
"SSUtils" = NVIDIA nForce Utilities
"Veetle TV" = Veetle TV 0.9.17
"Visioneer Strobe Pro" = Visioneer Strobe Pro
"VLC media player" = VLC media player 1.1.5
"Wdf01005" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.5
"Wdf01007" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.7
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Xvid Video Codec 1.3.1" = Xvid Video Codec

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 5/8/2011 12:51:43 AM | Computer Name = DARREN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/8/2011 12:51:44 AM | Computer Name = DARREN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/8/2011 12:52:25 AM | Computer Name = DARREN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 5/8/2011 12:52:26 AM | Computer Name = DARREN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

Error - 5/8/2011 1:00:56 AM | Computer Name = DARREN | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module ntdll.dll, version 5.1.2600.6055, fault address 0x00022235.

Error - 5/8/2011 1:18:10 AM | Computer Name = DARREN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/8/2011 1:18:30 AM | Computer Name = DARREN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/8/2011 1:18:30 AM | Computer Name = DARREN | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/8/2011 1:19:16 AM | Computer Name = DARREN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: The connection with the server was terminated abnormally

Error - 5/8/2011 1:19:17 AM | Computer Name = DARREN | Source = crypt32 | ID = 131080
Description = Failed auto update retrieval of third-party root list sequence number
from:
with error: This network connection does not exist.

[ System Events ]
Error - 5/8/2011 12:47:23 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 5/8/2011 12:47:23 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/8/2011 12:47:23 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7034
Description = The MSCamSvc service terminated unexpectedly. It has done this 1
time(s).

Error - 5/8/2011 12:47:23 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/8/2011 12:47:23 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7034
Description = The SeaPort service terminated unexpectedly. It has done this 1 time(s).

Error - 5/8/2011 12:47:23 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7031
Description = The Windows Live ID Sign-in Assistant service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
10000 milliseconds: Restart the service.

Error - 5/8/2011 12:47:23 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7034
Description = The RosettaStoneDaemon service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/8/2011 12:47:24 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).

Error - 5/8/2011 12:50:35 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058

Error - 5/8/2011 1:17:01 AM | Computer Name = DARREN | Source = Service Control Manager | ID = 7001
Description = The Infrared Monitor service depends on the Terminal Services service
which failed to start because of the following error: %%1058


< End of report >

Hello.

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan.

Post the new log when done.

Malwarebytes' Anti-Malware 1.50.1.1100
www.malwarebytes.org

Database version: 6558

Windows 5.1.2600 Service Pack 2 (Safe Mode)
Internet Explorer 8.0.6001.18702

5/11/2011 6:07:58 PM
mbam-log-2011-05-11 (18-07-58).txt

Scan type: Quick scan
Objects scanned: 177853
Time elapsed: 4 minute(s), 7 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
c:\documents and settings\all users\application data\defender.exe (Trojan.Agent) -> Quarantined and deleted successfully.
c:\WINDOWS\temp\10.tmp (Heuristics.Shuriken) -> Quarantined and deleted successfully.

I had to run this last Malwarebytes in SAFE MODE.
After I ran it the computer rebooted right away and now I am in normal windows and Malwarebytes won't even start up or ANY malware software.
The computer will also NOT turn off normally, I have to do the 10 second thing with the start button.
When I open Internet Explorer a advertizing site shows up, NOT what I tried to open.
So we're not done yet!

After I sent you the logs I ran Search and Destroy.
The S&D found the attached file [see screen shot]

Crap!!!!
I got that rule 57 AGAIN!!!!!
I can't send you any attachments!!!

Please fix it!!!!

My apologies that has happened. We have a space limit of 67 KB. If the file is larger than that, it is not allowed to be sent.

Alternatively, you may upload it to Mediafire.com and post the download link here.