WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93124 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

fake critical error warning windows xp :-9

Started by wilma1313 , Jun 11 2011 07:26 PM

This topic is locked

148 replies to this topic

#1 wilma1313

Silver Member

Authentic Member
386 posts

Posted 11 June 2011 - 07:26 PM

Hi, When my husband turned on his laptop a popup came up with critical warning messages and indicated that the computer was compromised. All of the stuff on his desktop was gone, it was black screen, he could not do anything. HE rebooted the puter and same thing came up. I searched on my puter and foundthat this was definitely fake. We tried to shut the warning down via task manager, but that was disabled (greyed out) I used system restore and went back to June 1. THe popup is gone but mcaffee kept giving a message it removed a trojan. Now google redirects everything. His computer is slow. Some of his stuff has disappeared. There is definitely still something lurking. Please help. I am pasting in DDS, Hijack this, and OTL as directed. thanks for your help. :clap:

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Owner at 20:18:47 on 2011-06-11
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1918.831 [GMT -5:00]
.
AV: McAfee Anti-Virus and Anti-Spyware *Enabled/Updated* {84B5EE75-6421-4CDE-A33A-DD43BA9FAD83}
FW: McAfee Firewall *Enabled*
.
============== Running Processes ===============
.
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup
svchost.exe
svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBK370backup.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
svchost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\McAfee Online Backup\MOBK370stat.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.yahoo.com/
uWindow Title = Windows Internet Explorer provided by MSN & Bing
uInternet Settings,ProxyServer = ibahn:80
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
mSearchAssistant = hxxp://www.gateway.com/g/sidepanel.html?Ch=Retail&Br=GTW&Loc=ENG_US&Sys=PTB&M=MX6453
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: McAfee Phishing Filter: {27b4851a-3207-45a2-b947-be8afe6163ab} - c:\progra~1\mcafee\msk\mskapbho.dll
BHO: scriptproxy: {7db2d5a0-7241-4e79-b68d-6309f01c5231} - c:\program files\common files\mcafee\systemcore\ScriptSn.20110517161831.dll
BHO: Windows Live ID Sign-in Helper: {9030d464-4c02-4abf-8ecc-5164760863c6} - c:\program files\common files\microsoft shared\windows live\WindowsLiveLogin.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar2.dll
BHO: McAfee SiteAdvisor BHO: {b164e929-a1b6-4a06-b104-2cd0e90a88ff} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
BHO: CBrowserHelperObject Object: {ca6319c0-31b7-401e-a518-a07c3db8f777} - c:\windows\system32\BAE.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar2.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: McAfee SiteAdvisor Toolbar: {0ebbbe48-bad4-4b4c-8e5a-516abecae064} - c:\progra~1\mcafee\sitead~1\mcieplg.dll
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [Power2GoExpress] NA
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [gStart] c:\garmin\gStart.exe
mRun: [ehTray] c:\windows\ehome\ehtray.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [Reminder] %WINDIR%\Creator\Remind_XP.exe
mRun: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
mRun: [ATICCC] "c:\program files\ati technologies\ati.ace\cli.exe" runtime -Delay
mRun: [SigmatelSysTrayApp] stsystra.exe
mRun: [SMSERIAL] c:\program files\motorola\smserial\sm56hlpr.exe
mRun: [Broadcom Wireless Manager UI] c:\windows\system32\WLTRAY.exe
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\AppleSyncNotifier.exe
mRun: [mcui_exe] "c:\program files\mcafee.com\agent\mcagent.exe" /runkey
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [SunJavaUpdateSched] "c:\program files\common files\java\java update\jusched.exe"
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
StartupFolder: c:\docume~1\alluse~1\startm~1\programs\startup\mcafee~1.lnk - c:\program files\mcafee online backup\MOBK370stat.exe
IE: E&xport to Microsoft Excel - c:\progra~1\micros~2\office11\EXCEL.EXE/3000
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} - hxxp://download.mcafee.com/molbin/shared/mcinsctl/4,0,0,101/mcinsctl.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab
DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_02-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_24-windows-i586.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
TCP: DhcpNameServer = 209.18.47.61 209.18.47.62
TCP: Interfaces\{4BE250BD-C200-47DF-BE37-3136C01E15A3} : DhcpNameServer = 209.18.47.61 209.18.47.62
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\progra~1\mcafee\sitead~1\McIEPlg.dll
Notify: AtiExtEvent - Ati2evxx.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
LSA: Authentication Packages = msv1_0 nwprovau
.
============= SERVICES / DRIVERS ===============
.
R0 mfehidk;McAfee Inc. mfehidk;c:\windows\system32\drivers\mfehidk.sys [2010-11-17 387480]
R1 mfetdi2k;McAfee Inc. mfetdi2k;c:\windows\system32\drivers\mfetdi2k.sys [2010-11-17 84200]
R1 MOBK370Filter;MOBK370Filter;c:\windows\system32\drivers\MOBK370.sys [2011-3-7 54776]
R2 McAfee SiteAdvisor Service;McAfee SiteAdvisor Service;c:\program files\mcafee\siteadvisor\McSACore.exe [2008-10-10 206096]
R2 McMPFSvc;McAfee Personal Firewall Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-17 271480]
R2 McNaiAnn;McAfee VirusScan Announcer;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-17 271480]
R2 McProxy;McAfee Proxy Service;c:\program files\common files\mcafee\mcsvchost\McSvHost.exe [2010-11-17 271480]
R2 McrdSvc;Media Center Extender Service;c:\windows\ehome\mcrdsvc.exe [2005-8-5 99328]
R2 McShield;McShield;c:\program files\common files\mcafee\systemcore\mcshield.exe [2010-11-17 171168]
R2 mfefire;McAfee Firewall Core Service;c:\program files\common files\mcafee\systemcore\mfefire.exe [2010-11-17 188136]
R2 mfevtp;McAfee Validation Trust Protection Service;c:\windows\system32\mfevtps.exe [2010-11-17 141792]
R2 MOBK370backup;McAfee Online Backup;c:\program files\mcafee online backup\MOBK370backup.exe [2010-10-20 216888]
R3 cfwids;McAfee Inc. cfwids;c:\windows\system32\drivers\cfwids.sys [2010-11-17 56064]
R3 mfeavfk;McAfee Inc. mfeavfk;c:\windows\system32\drivers\mfeavfk.sys [2010-11-17 153280]
R3 mfebopk;McAfee Inc. mfebopk;c:\windows\system32\drivers\mfebopk.sys [2010-11-17 52320]
R3 mfefirek;McAfee Inc. mfefirek;c:\windows\system32\drivers\mfefirek.sys [2010-11-17 314088]
R3 mfendiskmp;mfendiskmp;c:\windows\system32\drivers\mfendisk.sys [2010-11-17 88736]
R3 mferkdet;McAfee Inc. mferkdet;c:\windows\system32\drivers\mferkdet.sys [2010-11-17 84488]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-9-24 136176]
S3 cpuz132;cpuz132;\??\c:\docume~1\owner~1.mig\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner~1.mig\locals~1\temp\cpuz132\cpuz132_x32.sys [?]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-9-24 136176]
S3 mfendisk;McAfee Core NDIS Intermediate Filter;c:\windows\system32\drivers\mfendisk.sys [2010-11-17 88736]
.
=============== Created Last 30 ================
.
2011-06-11 22:29:41 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-11 22:29:41 -------- d-----w- c:\windows\system32\wbem\Repository
2011-06-11 21:48:37 480256 ----a-w- c:\documents and settings\all users\application data\nmqkFApeDId.exe
2011-06-11 13:26:59 -------- d-----w- c:\program files\iPod
2011-06-04 21:28:25 -------- d--h--w- c:\documents and settings\owner.miguel\local settings\application data\Garmin
2011-06-04 21:22:28 -------- d--h--w- c:\documents and settings\owner.miguel\application data\GARMIN
2011-06-04 21:19:34 -------- d-----w- c:\program files\Garmin
.
==================== Find3M ====================
.
2011-04-14 19:01:38 95824 ----a-w- c:\windows\system32\drivers\mfeapfk.sys
2011-04-14 19:01:38 9344 ----a-w- c:\windows\system32\drivers\mfeclnk.sys
2011-04-14 19:01:38 88736 ----a-w- c:\windows\system32\drivers\mfendisk.sys
2011-04-14 19:01:38 84488 ----a-w- c:\windows\system32\drivers\mferkdet.sys
2011-04-14 19:01:38 84200 ----a-w- c:\windows\system32\drivers\mfetdi2k.sys
2011-04-14 19:01:38 56064 ----a-w- c:\windows\system32\drivers\cfwids.sys
2011-04-14 19:01:38 52320 ----a-w- c:\windows\system32\drivers\mfebopk.sys
2011-04-14 19:01:38 387480 ----a-w- c:\windows\system32\drivers\mfehidk.sys
2011-04-14 19:01:38 314088 ----a-w- c:\windows\system32\drivers\mfefirek.sys
2011-04-14 19:01:38 153280 ----a-w- c:\windows\system32\drivers\mfeavfk.sys
2011-04-14 19:01:38 141792 ----a-w- c:\windows\system32\mfevtps.exe
2011-04-06 21:20:16 91424 ----a-w- c:\windows\system32\dnssd.dll
2011-04-06 21:20:16 107808 ----a-w- c:\windows\system32\dns-sd.exe
.
============= FINISH: 20:19:53.12 ===============

Logfile of Trend Micro HijackThis v2.0.4
Scan saved at 7:44:06 PM, on 6/11/2011
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\WLTRYSVC.EXE
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
C:\WINDOWS\system32\WLTRAY.exe
C:\Program Files\McAfee.com\Agent\mcagent.exe
C:\Program Files\Common Files\Java\Java Update\jusched.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Garmin\gStart.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
C:\WINDOWS\system32\mfevtps.exe
C:\Program Files\McAfee Online Backup\MOBK370backup.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSvcM.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\Program Files\ATI Technologies\ATI.ACE\cli.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\McAfee Online Backup\MOBK370stat.exe
C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
C:\Program Files\McAfee\VirusScan\mcods.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Documents and Settings\Owner.Miguel\Desktop\HiJackThis.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=MX6453
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://search.yahoo....?fr=mcafee&p=%s
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = Windows Internet Explorer provided by MSN & Bing
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = ibahn:80
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (file missing)
O2 - BHO: McAfee Phishing Filter - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\progra~1\mcafee\msk\mskapbho.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517161831.dll
O2 - BHO: Windows Live ID Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: McAfee SiteAdvisor BHO - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O2 - BHO: CBrowserHelperObject Object - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll
O3 - Toolbar: McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
O4 - HKLM\..\Run: [Broadcom Wireless Manager UI] C:\WINDOWS\system32\WLTRAY.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [mcui_exe] "C:\Program Files\McAfee.com\Agent\mcagent.exe" /runkey
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [Power2GoExpress] NA
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [gStart] C:\Garmin\gStart.exe
O4 - Global Startup: McAfee Online Backup Status.lnk = C:\Program Files\McAfee Online Backup\MOBK370stat.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcaf...01/mcinsctl.cab
O18 - Protocol: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\PROGRA~1\mcafee\SITEAD~1\mcieplg.dll
O18 - Protocol: skype4com - (no CLSID) - (no file)
O22 - SharedTaskScheduler: Browseui preloader - {438755C2-A8BA-11D1-B96B-00A0C90312E1} - C:\WINDOWS\system32\browseui.dll
O22 - SharedTaskScheduler: Component Categories cache daemon - {8C7461EF-2B13-11d2-BE35-3078302C2030} - C:\WINDOWS\system32\browseui.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: McAfee SiteAdvisor Service - Unknown owner - C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
O23 - Service: McAfee Personal Firewall Service (McMPFSvc) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee VirusScan Announcer (McNaiAnn) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
O23 - Service: McShield - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe
O23 - Service: McAfee Firewall Core Service (mfefire) - McAfee, Inc. - C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe
O23 - Service: McAfee Validation Trust Protection Service (mfevtp) - McAfee, Inc. - C:\WINDOWS\system32\mfevtps.exe
O23 - Service: McAfee Online Backup (MOBK370backup) - McAfee, Inc. - C:\Program Files\McAfee Online Backup\MOBK370backup.exe
O23 - Service: McAfee Anti-Spam Service (MSK80Service) - McAfee, Inc. - C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: Broadcom Wireless LAN Tray Service (wltrysvc) - Unknown owner - C:\WINDOWS\System32\WLTRYSVC.EXE

--
End of file - 10940 bytes

OTL logfile created on: 6/11/2011 7:53:30 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner.Miguel\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 47.15% Memory free
3.72 Gb Paging File | 2.92 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 97.98 Gb Free Space | 68.90% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.83 Gb Free Space | 70.71% Space Free | Partition Type: FAT32

Computer Name: MIGUEL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 19:27:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/20 01:40:24 | 003,653,432 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBK370stat.exe
PRC - [2010/10/20 01:40:22 | 000,216,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBK370backup.exe
PRC - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee\VirusScan\mcods.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/12/05 16:51:06 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/04 01:56:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/05/23 21:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/05/16 23:15:10 | 000,071,288 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\AcroRd32.exe
PRC - [2006/01/02 19:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/27 12:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/11 19:27:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/05 16:51:10 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2004/11/05 09:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/20 01:40:22 | 000,216,888 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBK370backup.exe -- (MOBK370backup)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Running] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/12/05 16:51:06 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/10/04 01:56:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/20 01:40:02 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK370.sys -- (MOBK370Filter)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/10/04 01:47:40 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/15 17:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 21:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/04 23:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/02 16:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/10 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=MX6453

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ibahn:80

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 22:12:15 | 000,000,000 | ---D | M]

[2009/12/26 15:21:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner.Miguel\Application Data\Mozilla\Extensions
[2009/12/26 15:21:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner.Miguel\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517161831.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk = C:\Program Files\McAfee Online Backup\MOBK370stat.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{00a38b3f-6f6a-11df-9b46-0014a5f3dee6}\Shell - "" = AutoRun
O33 - MountPoints2\{00a38b3f-6f6a-11df-9b46-0014a5f3dee6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{00a38b3f-6f6a-11df-9b46-0014a5f3dee6}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{71e26ae1-ce1b-11dc-95d4-0014a5f3dee6}\Shell - "" = AutoRun
O33 - MountPoints2\{71e26ae1-ce1b-11dc-95d4-0014a5f3dee6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71e26ae1-ce1b-11dc-95d4-0014a5f3dee6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.clmp3enc - C:\Program Files\CyberLink\Power2Go\CLMP3Enc.ACM (CyberLink Corp.)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Intel Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\system32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll ()
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Intel Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Intel Corporation)

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/06/11 19:42:02 | 000,388,608 | ---- | C] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.Miguel\Desktop\HiJackThis.exe
[2011/06/11 19:35:42 | 000,607,310 | R--- | C] (Swearware) -- C:\Documents and Settings\Owner.Miguel\Desktop\dds.scr
[2011/06/11 19:27:09 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
[2011/06/11 18:06:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/11 17:29:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.Miguel\Recent
[2011/06/11 17:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Miguel\Start Menu\Programs\Windows XP Restore
[2011/06/11 16:48:37 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\nmqkFApeDId.exe
[2011/06/11 08:28:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/11 08:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 16:28:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Garmin
[2011/06/04 16:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.Miguel\Application Data\GARMIN
[2011/06/04 16:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2011/05/25 19:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/11 19:42:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.Miguel\Desktop\HiJackThis.exe
[2011/06/11 19:42:00 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/11 19:35:44 | 000,607,310 | R--- | M] (Swearware) -- C:\Documents and Settings\Owner.Miguel\Desktop\dds.scr
[2011/06/11 19:27:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe
[2011/06/11 18:53:45 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home (2).url
[2011/06/11 18:35:33 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Yahoo!.url
[2011/06/11 18:31:45 | 000,040,016 | ---- | M] () -- C:\WINDOWS\MOBK370.blk
[2011/06/11 18:31:45 | 000,003,150 | ---- | M] () -- C:\WINDOWS\MOBK370.flt
[2011/06/11 18:24:27 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\PaperBack Swap.com.url
[2011/06/11 18:06:38 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/11 18:05:43 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/11 18:05:38 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/11 18:05:34 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/11 17:09:11 | 000,000,040 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17162020
[2011/06/11 16:48:37 | 000,480,256 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\nmqkFApeDId.exe
[2011/06/11 12:46:43 | 000,000,263 | -H-- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Swap.com.url
[2011/06/11 12:27:01 | 000,000,214 | -H-- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home.url
[2011/05/13 16:58:04 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/11 18:30:12 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
[2011/06/11 18:24:27 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\PaperBack Swap.com.url
[2011/06/11 18:19:40 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home (2).url
[2011/06/11 18:08:20 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Yahoo!.url
[2011/06/11 17:09:07 | 000,000,040 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17162020
[2011/05/22 13:50:02 | 000,000,263 | -H-- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Swap.com.url
[2010/04/10 21:26:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/04 22:05:39 | 000,028,792 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/07 13:09:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/05/26 16:27:56 | 000,002,206 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/05/16 08:47:50 | 000,001,774 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/28 13:19:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/17 18:22:59 | 000,010,752 | -H-- | C] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/08 21:08:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/11/08 15:47:14 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\fusioncache.dat
[2006/10/04 02:01:07 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/10/04 01:46:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/04 01:46:05 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/10/04 01:41:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/04 01:15:28 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/04 01:14:37 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/10/04 01:14:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/04 01:14:20 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 04:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 04:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 04:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 04:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 04:23:22 | 000,445,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 04:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 04:23:22 | 000,072,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 04:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 04:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 04:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 04:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 04:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 04:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 04:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 04:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 21:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 21:30:47 | 000,159,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/15 02:00:00 | 000,077,321 | ---- | C] () -- C:\WINDOWS\unins000.exe
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.* >
[2006/10/04 01:38:40 | 000,000,002 | ---- | M] () -- C:\AUDIT_INSTALL_IN_PROGRESS
[2006/06/17 04:41:16 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2006/10/04 02:01:06 | 000,000,090 | ---- | M] () -- C:\bcmwl5.log
[2006/11/08 15:46:51 | 000,000,221 | RHS- | M] () -- C:\boot.ini
[2006/06/17 04:41:16 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2011/02/09 19:30:55 | 000,014,692 | ---- | M] () -- C:\drwtsn32.log
[2011/06/11 18:05:34 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2006/06/17 04:41:16 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2006/10/04 01:48:13 | 000,001,191 | -H-- | M] () -- C:\IPH.PH
[2006/06/17 04:41:16 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2004/08/10 14:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2008/08/28 17:27:29 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/06/11 18:05:28 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2006/10/04 01:39:47 | 000,000,090 | ---- | M] () -- C:\powerdvd.log
[2006/10/04 01:41:30 | 000,000,191 | ---- | M] () -- C:\touchpad.log

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2006/06/17 04:40:30 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 07:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2004/03/22 17:17:08 | 000,025,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2008/07/06 05:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >
[2007/07/22 15:44:54 | 000,001,738 | -H-- | M] () -- C:\Documents and Settings\Owner.Miguel\Application Data\Microsoft\LastFlashConfig.WFC

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2006/06/16 21:30:11 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2006/06/16 21:30:11 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2006/06/16 21:30:11 | 000,897,024 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >

< %USERPROFILE%\Desktop\*.exe >
[2011/06/11 19:42:08 | 000,388,608 | ---- | M] (Trend Micro Inc.) -- C:\Documents and Settings\Owner.Miguel\Desktop\HiJackThis.exe
[2011/06/11 19:27:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\OTL.exe

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install|LastSuccessTime /rs >
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update\Results\Install\\LastSuccessTime: 2011-05-13 22:54:38

< >

< >

< End of report >

OTL Extras logfile created on: 6/11/2011 7:53:30 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner.Miguel\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 0.88 Gb Available Physical Memory | 47.15% Memory free
3.72 Gb Paging File | 2.92 Gb Available in Paging File | 78.37% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 97.98 Gb Free Space | 68.90% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.83 Gb Free Space | 70.71% Space Free | Partition Type: FAT32

Computer Name: MIGUEL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office\msohtmed.exe" /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe shdocvw.dll,OpenURL %l
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22002
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL
"C:\Program Files\America Online 9.0\waol.exe" = C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon
"C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe" = C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed
"C:\Program Files\Common Files\AOL\1159944416\EE\AOLServiceHost.exe" = C:\Program Files\Common Files\AOL\1159944416\EE\AOLServiceHost.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe" = C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL
"C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe" = C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire
"C:\ses2_client_bin_2_8_13g\seswiz.exe" = C:\ses2_client_bin_2_8_13g\seswiz.exe:*:Enabled:Wireless SecureEasySetup -- (Broadcom)
"C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe" = C:\Program Files\Common Files\McAfee\MNA\McNASvc.exe:*:Enabled:McAfee Network Agent
"C:\Program Files\LimeWire2\LimeWire.exe" = C:\Program Files\LimeWire2\LimeWire.exe:*:Enabled:LimeWire
"C:\Program Files\Google\Google Earth\plugin\geplugin.exe" = C:\Program Files\Google\Google Earth\plugin\geplugin.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe" = C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe:*:Enabled:McAfee Shared Service Host -- (McAfee, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00000409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 SR-1 Premium
"{01C0CB1D-FF49-43F1-ADC5-65F05DB7BDD1}" = ATI Catalyst Control Center
"{0840B4D6-7DD1-4187-8523-E6FC0007EFB7}" = Windows Live ID Sign-in Assistant
"{0C3EC6A8-28A1-AE6D-A6F7-5011C36DB1DB}" = McAfee Online Backup
"{0DFB3DE8-65B9-44FF-AA0A-3BECC5A2BFD1}" = Adobe Flash Player 10 Plugin
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite Gateway
"{184EB198-1DBA-46DB-B728-7A5FC13D5C2B}_is1" = Yahoo! Photos Print-at-Home Tool
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216016FF}" = Java™ 6 Update 24
"{27C467F8-F8EF-4f68-BD72-D63632B2096C}" = McAfee Online Backup
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{353FE16B-30FE-469A-BF55-B978F4218003}" = iTunes
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{57752979-A1C9-4C02-856B-FBB27AC4E02C}" = QuickTime
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6C1E7AA1-44E9-446D-AAB2-0DE6D9EFEAB1}" = Safari
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = TIPCI
"{853A4763-6643-4604-8D64-28BDD8925F4C}" = Apple Application Support
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8BBF6DFD-0AD9-43A7-9FBD-BF065E3866AF}" = URGE
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{A9F6CFB0-806D-11E0-8EA1-B8AC6F97B88E}" = Google Earth Plug-in
"{AC76BA86-7AD7-1033-7B44-A71000000002}" = Adobe Reader 7.1.0
"{BBBCAE4B-B416-4182-A6F2-438180894A81}" = Napster
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C2E4B5BD-32DB-4817-A060-341AB17C3F90}" = Bonjour
"{CACAEB5F-174D-4C7C-AC56-A33289A807CA}" = Apple Mobile Device Support
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{DE659AC8-EEF0-4115-AA0C-6500D194FB10}" = Garmin Training Center v5
"{E633D396-5188-4E9D-8F6B-BFB8BF3467E8}" = Skype™ 5.0
"53F13DB4D9611FD63BE580F06F0729BF236ABE68" = Windows Driver Package - Advanced Micro Devices (AmdK8) Processor (05/27/2006 1.3.2.0)
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"All ATI Software" = ATI - Software Uninstall Utility
"ATI Display Driver" = ATI Display Driver
"Broadcom 802.11b Network Adapter" = Broadcom 802.11 Network Adapter
"Gateway Game Console" = Gateway Game Console
"gtw_logo" = gtw_logo
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{7B6CF9EB-CB2B-4A1A-81A9-BE1A9044690A}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Mah Jong Medley" = Mah Jong Medley
"McAfee Uninstall Utility" = McAfee Uninstall Wizard
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Money2006b" = Microsoft Money 2006
"MSC" = McAfee Internet Security
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"RealPlayer 6.0" = RealPlayer Basic
"SMSERIAL" = Motorola SM56 Data Fax Modem
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"ViewpointMediaPlayer" = Viewpoint Media Player
"WildTangent CDA" = WildTangent Web Driver
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"WT010650" = FATE
"WT010655" = Tradewinds
"WT010661" = Polar Golfer
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Photos Easy Upload Tool" = Yahoo! Photos Easy Upload Tool
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/4/2011 5:10:17 PM | Computer Name = MIGUEL | Source = Application Hang | ID = 1002
Description = Hanging application Training Center.exe, version 3.2.0.5, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 6/4/2011 5:10:24 PM | Computer Name = MIGUEL | Source = Application Hang | ID = 1001
Description = Fault bucket 414491521.

Error - 6/11/2011 8:53:44 AM | Computer Name = MIGUEL | Source = crypt32 | ID = 131075
Description = Failed auto update retrieval of third-party root list cab from: <http://www.download....uthrootstl.cab>
with error: This operation returned because the timeout period expired.

Error - 6/11/2011 6:03:32 PM | Computer Name = MIGUEL | Source = VSS | ID = 12302
Description = Volume Shadow Copy Service error: An internal inconsistency was detected
in trying to contact shadow copy service writers. Please check to see that the
Event Service and Volume Shadow Copy Service are operating properly.

Error - 6/11/2011 6:31:49 PM | Computer Name = MIGUEL | Source = McLogEvent | ID = 5022
Description = MCSCAN32 Engine Initialisation failed. Engine returned error : 3

Error - 6/11/2011 6:32:08 PM | Computer Name = MIGUEL | Source = Application Error | ID = 1000
Description = Faulting application McSvHost.exe, version 1.5.109.0, faulting module
shell32.dll, version 6.0.2900.6072, fault address 0x00030e7e.

Error - 6/11/2011 6:32:38 PM | Computer Name = MIGUEL | Source = Application Error | ID = 1001
Description = Fault bucket -1992108205.

Error - 6/11/2011 6:33:33 PM | Computer Name = MIGUEL | Source = Media Center Scheduler | ID = 0
Description =

Error - 6/11/2011 7:05:52 PM | Computer Name = MIGUEL | Source = Media Center Scheduler | ID = 0
Description =

Error - 6/11/2011 8:51:38 PM | Computer Name = MIGUEL | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.2.24.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 6/11/2011 6:04:25 PM | Computer Name = MIGUEL | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 6/11/2011 6:11:42 PM | Computer Name = MIGUEL | Source = DCOM | ID = 10010
Description = The server {209500FC-6B45-4693-8871-6296C4843751} did not register
with DCOM within the required timeout.

Error - 6/11/2011 6:33:29 PM | Computer Name = MIGUEL | Source = DCOM | ID = 10010
Description = The server {9B3BEB4E-1C5E-4A5F-BB36-2F6587DD34E2} did not register
with DCOM within the required timeout.

Error - 6/11/2011 6:33:32 PM | Computer Name = MIGUEL | Source = Service Control Manager | ID = 7031
Description = The McAfee Personal Firewall Service service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in
60000 milliseconds: Restart the service.

Error - 6/11/2011 6:33:32 PM | Computer Name = MIGUEL | Source = Service Control Manager | ID = 7031
Description = The McAfee Services service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/11/2011 6:33:32 PM | Computer Name = MIGUEL | Source = Service Control Manager | ID = 7031
Description = The McAfee VirusScan Announcer service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/11/2011 6:33:32 PM | Computer Name = MIGUEL | Source = Service Control Manager | ID = 7031
Description = The McAfee Network Agent service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/11/2011 6:33:32 PM | Computer Name = MIGUEL | Source = Service Control Manager | ID = 7031
Description = The McAfee Proxy Service service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 6/11/2011 6:33:32 PM | Computer Name = MIGUEL | Source = Service Control Manager | ID = 7031
Description = The McAfee Anti-Spam Service service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Restart the service.

Error - 6/11/2011 6:33:59 PM | Computer Name = MIGUEL | Source = DCOM | ID = 10010
Description = The server {26608B46-476A-4BF1-9CC6-AFEA28EBBC17} did not register
with DCOM within the required timeout.

< End of report >

Advertisements

Register to Remove

#2 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 12 June 2011 - 02:35 AM

Hi , wima1313.

To make cleaning this machine easier

Please do not uninstall/install any programs unless asked to
It is more difficult when files/programs are appearing in/disappearing from the logs.
Please do not run any scans other than those requested
Please follow all instructions in the order posted
All logs/reports, etc.. must be posted in Notepad. Please ensure that word wrap is unchecked. In notepad click format, uncheck word wrap if it is checked.
Do not attach any logs/reports, etc.. unless specifically requested to do so.
If you have problems with or do not understand the instructions, Please ask before continuing.
Please stay with this thread until given the All Clear. A absence of symptoms does not mean a clean machine.

I need some information on some unidentified files. We will use Virustotal Please submit these files for analysis

To submit a file to virustotal, please click on this link VirusTotal

copy and paste the following into the upload a file box (one at a time if more than one file is listed)

c:\documents and settings\all users\application data\nmqkFApeDId.exe
C:\Documents and Settings\All Users\Application Data\~17162020

scroll down a bit and click "send file", wait for the results and post them in your next reply.

Please note that sometimes the scans take a few minutes. Please ensure that the scan has completed and the results are complete before submitting the next sample. Also please make sure each result is clearly identified as to which sample they belong to.

Next

Download aswMBR.exe ( 511KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image

There shall also be a file on your desktop named MBR.dat. Right click that file and select Send To>Compressed (zipped) folder. Please attach that zipped file in your next reply.

Next

Please open OTL.

Make sure all other windows are closed and to let it run uninterrupted.
When the window appears, click the None button near the top (it may looked greyed out)
In the window under Custom Scans/Fixes copy and paste the following

/md5start
kb.dll
winlogon.*
/md5stop
%Temp%\smtmp\*.* /s
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

Please post back with

VirusTotal results
aswMBR log
MBR.dat (zipped and attached)
OTL.txt

Thanks

Proud Graduate of the WTT Classroon
If you are happy with the help you recieved, please consider making a Donation
Curiosity didn't kill the cat. Ignorance did, curiosity was framed.
Learn how to protect Yourself

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#3 wilma1313

Silver Member

Authentic Member
386 posts

Posted 12 June 2011 - 04:43 PM

Hi,
I believe you helped in the past when my puter was down, and the help was great - my computer is bug free. Now for hubby's.

I started following your virustotal directions. It is not possible to copy and paste or to type into the "upload a file" box. It has a browse button and I typed the file name into that and got it with this for a result. I don't know how they analzyed the file before since this is the first time I"ve done this....

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: 20adb77b39e7bfc75fe22461374a8a9d
Date first seen: 2011-06-11 23:36:10 (UTC)
Date last seen: 2011-06-12 02:48:58 (UTC)
Detection ratio: 6/42

What do you wish to do?

There was a button to show the original report which just went to error on page. The reanalyze button yields this.

Warning: VirusTotal is currently experiencing high workload. The scanning process of your file can take over 15 minutes. We suggest you use the email interface in these situations. Follow the instructions on the "Advanced" page to do so. If you wish you can still submit your sample via this interface.

Maximum size exceeded: you have tried to upload a file which is larger than 20MB.

Second file same basic thing, but gave me the report when I asked for it.

File already submitted: The file sent has already been analysed by VirusTotal in the past. This is same basic info regarding the sample itself and its last analysis:

MD5: 13aac3ce8a0bd8db32f9a8fba1d4fb0e
Date first seen: 2011-02-01 13:51:46 (UTC)
Date last seen: 2011-06-11 17:06:25 (UTC)
Detection ratio: 1/42

What do you wish to do

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: ~17162020
Submission date: 2011-06-11 17:06:25 (UTC)
Current status: finished
Result: 1 /42 (2.4%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.06.12.00 2011.06.11 -
AntiVir 7.11.9.159 2011.06.11 -
Antiy-AVL 2.0.3.7 2011.06.11 -
Avast 4.8.1351.0 2011.06.11 -
Avast5 5.0.677.0 2011.06.11 -
AVG 10.0.0.1190 2011.06.11 -
BitDefender 7.2 2011.06.11 -
CAT-QuickHeal 11.00 2011.06.11 -
ClamAV 0.97.0.0 2011.06.10 -
Commtouch 5.3.2.6 2011.06.11 -
Comodo 9029 2011.06.11 -
DrWeb 5.0.2.03300 2011.06.11 -
eSafe 7.0.17.0 2011.06.09 -
eTrust-Vet 36.1.8380 2011.06.10 -
F-Prot 4.6.2.117 2011.06.10 -
F-Secure 9.0.16440.0 2011.06.11 -
Fortinet 4.2.257.0 2011.06.11 -
GData 22 2011.06.11 -
Ikarus T3.1.1.104.0 2011.06.11 -
Jiangmin 13.0.900 2011.06.11 -
K7AntiVirus 9.106.4798 2011.06.10 -
Kaspersky 9.0.0.837 2011.06.11 -
McAfee 5.400.0.1158 2011.06.11 -
McAfee-GW-Edition 2010.1D 2011.06.11 -
Microsoft 1.6903 2011.06.11 -
NOD32 6198 2011.06.11 -
Norman 6.07.10 2011.06.10 -
nProtect 2011-06-11.01 2011.06.11 -
Panda 10.0.3.5 2011.06.11 -
PCTools 7.0.3.5 2011.06.10 -
Prevx 3.0 2011.06.11 -
Rising 23.61.04.07 2011.06.10 -
Sophos 4.66.0 2011.06.11 Mal/FakeAvCn-A
SUPERAntiSpyware 4.40.0.1006 2011.06.11 -
Symantec 20111.1.0.186 2011.06.11 -
TheHacker 6.7.0.1.228 2011.06.11 -
TrendMicro 9.200.0.1012 2011.06.11 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.11 -
VBA32 3.12.16.1 2011.06.10 -
VIPRE 9552 2011.06.11 -
ViRobot 2011.6.11.4507 2011.06.11 -
VirusBuster 14.0.76.0 2011.06.11 -
Additional informationShow all
MD5 : 13aac3ce8a0bd8db32f9a8fba1d4fb0e
SHA1 : 42cbe43460058b2cdd2e44ad187654bc2c202cf9
SHA256: 5981a69e98c86e7b9e8ebd222f6b1a3f37cbef92024f7791741ad3a390336005
ssdeep: 3:Hk1o0yQ4HzZT/n:E1o0yd1/n
File size : 40 bytes
First seen: 2011-02-01 13:51:46
Last seen : 2011-06-11 17:06:25
Magic: data
TrID:
Unknown!
sigcheck:
publisher....: n/a
copyright....: n/a
product......: n/a
description..: n/a
original name: n/a
internal name: n/a
file version.: n/a
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: -
Androguard:
-
ExifTool:
-

View my profile
Inbox and since the second one worked I redid the first one and got the report on the second try so here it is.

Virustotal is a service that analyzes suspicious files and URLs and facilitates the quick detection of viruses, worms, trojans, and all kinds of malware detected by antivirus engines. More information...

0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is goodware. 0 VT Community user(s) with a total of 0 reputation credit(s) say(s) this sample is malware.
File name: 15D8045D00856650546007A20A2550004A8655A6.exe
Submission date: 2011-06-12 02:48:58 (UTC)
Current status: finished
Result: 6 /42 (14.3%)
VT Community

not reviewed
Safety score: -
Compact Print results Antivirus Version Last Update Result
AhnLab-V3 2011.06.12.00 2011.06.11 Trojan/Win32.Jorik
AntiVir 7.11.9.159 2011.06.11 -
Antiy-AVL 2.0.3.7 2011.06.11 -
Avast 4.8.1351.0 2011.06.11 -
Avast5 5.0.677.0 2011.06.11 -
AVG 10.0.0.1190 2011.06.11 -
BitDefender 7.2 2011.06.12 Trojan.Generic.KD.249558
CAT-QuickHeal 11.00 2011.06.11 -
ClamAV 0.97.0.0 2011.06.12 -
Commtouch 5.3.2.6 2011.06.11 -
Comodo 9034 2011.06.12 -
DrWeb 5.0.2.03300 2011.06.12 Trojan.Packed.191
Emsisoft 5.1.0.8 2011.06.11 -
eSafe 7.0.17.0 2011.06.09 -
eTrust-Vet 36.1.8380 2011.06.10 -
F-Prot 4.6.2.117 2011.06.11 -
Fortinet 4.2.257.0 2011.06.11 -
GData 22 2011.06.12 Trojan.Generic.KD.249558
Ikarus T3.1.1.104.0 2011.06.11 -
Jiangmin 13.0.900 2011.06.11 -
K7AntiVirus 9.106.4798 2011.06.10 -
Kaspersky 9.0.0.837 2011.06.12 UDS:DangerousObject.Multi.Generic
McAfee 5.400.0.1158 2011.06.12 FakeAlert-SysDef.b
McAfee-GW-Edition 2010.1D 2011.06.12 -
Microsoft 1.6903 2011.06.11 -
NOD32 6199 2011.06.12 -
Norman 6.07.10 2011.06.10 -
nProtect 2011-06-11.01 2011.06.11 -
Panda 10.0.3.5 2011.06.11 -
PCTools 7.0.3.5 2011.06.10 -
Prevx 3.0 2011.06.12 -
Rising 23.61.04.07 2011.06.10 -
Sophos 4.66.0 2011.06.11 -
SUPERAntiSpyware 4.40.0.1006 2011.06.11 -
Symantec 20111.1.0.186 2011.06.12 -
TheHacker 6.7.0.1.228 2011.06.11 -
TrendMicro 9.200.0.1012 2011.06.11 -
TrendMicro-HouseCall 9.200.0.1012 2011.06.12 -
VBA32 3.12.16.1 2011.06.10 -
VIPRE 9557 2011.06.12 -
ViRobot 2011.6.11.4507 2011.06.11 -
VirusBuster 14.0.76.0 2011.06.11 -
Additional informationShow all
MD5 : 20adb77b39e7bfc75fe22461374a8a9d
SHA1 : 2a70efe11a6f8bf476c30aaf0629483d265882b2
SHA256: 68878b793182815fdbbdb4d3dbbd381c227aa4ba4887bddad81e4937bd2db8b2
ssdeep: 6144:IruESuIh8B9+HBaQXMT4odjYSo43ZEfRf/BmN4tycCX92wFhINL8G080r5kFx+fh:zESzq
2aQg5z3mfpsytcXLjIXGpT1WO
File size : 480256 bytes
First seen: 2011-06-11 23:36:10
Last seen : 2011-06-12 02:48:58
Magic: PE32 executable for MS Windows (GUI) Intel 80386 32-bit
TrID:
Win32 Executable Generic (42.3%)
Win32 Dynamic Link Library (generic) (37.6%)
Generic Win/DOS Executable (9.9%)
DOS Executable Generic (9.9%)
Autodesk FLIC Image File (extensions: flc, fli, cel) (0.0%)
sigcheck:
publisher....: Microsoft Corporation
copyright....: © Microsoft Corporation. All rights reserved.
product......: Microsoft_ Windows_ Operating System
description..: Windows XP USER API Client DLL
original name: user32
internal name: user32
file version.: 5.1.2600.5512 (xpsp.080413-2105)
comments.....: n/a
signers......: -
signing date.: -
verified.....: Unsigned

PEiD: -
PEInfo: PE structure information

[[ basic data ]]
entrypointaddress: 0x1F20
timedatestamp....: 0x4DF3CDF3 (Sat Jun 11 20:20:03 2011)
machinetype......: 0x14C (Intel I386)

[[ 24 section(s) ]]
name, viradd, virsiz, rawdsiz, ntropy, md5
.text, 0x1000, 0x1F84, 0x2000, 6.38, b53cc5b65674bd4a307fd56a00c22611
.rdata, 0x3000, 0x1599C, 0x15C00, 6.71, fe9fd9aa922b8c7eec0a6d977dff50aa
.data, 0x19000, 0x14D99, 0x15000, 6.8, f958cd15150778c0e33af67f5d923984
.tls, 0x2E000, 0x14D99, 0x15000, 6.79, 88fe8634b0e4b0aafe426f8791da2bf5
.ndata, 0x43000, 0x1E4, 0x400, 0.96, 6f74965fd76fe1256ca042cb2116ad16
.push, 0x44000, 0x65, 0x400, 0.03, a4d9864c35788d1708aad65a40ae6e8b
.ik, 0x45000, 0x14D99, 0x15000, 7.88, 23a00cfcd0fb9ca791e9c44b9c538707
.susa, 0x5A000, 0xC00, 0xC00, 0.0, 3c04c608cb90b9dc045d88675eae2e9c
.kkkk, 0x5B000, 0x1D4, 0x400, 0.01, 24a5e8d8408623427a3de7499071e34c
.laks, 0x5C000, 0x44, 0x400, 0.01, c8545ba6c1b7310d5a0e84bf89b277a6
.imho, 0x5D000, 0x15199, 0x15400, 7.92, f9b8306fbd6108485962a6ab171adb7c
.dcode, 0x73000, 0xC6, 0x400, 0.71, f52be62745d221602bd42047a09eda1e
.ocode, 0x74000, 0x6A, 0x400, 0.47, 2f5ac03474468603fa34a6ef63c15a9e
.mcode, 0x75000, 0xEA, 0x400, 0.97, 74f6be4d513cf4ead548e6243562de54
.kpack, 0x76000, 0x4E, 0x400, 0.35, c2c81772c155d60d4c2919977cfc62d0
.kpack0, 0x77000, 0x50, 0x400, 0.36, a08deb142c67332d06bbba337706ad5c
.masm, 0x78000, 0xFA, 0x400, 0.95, 5ee9720a9b4131965a0380e8211856a9
.buga, 0x79000, 0x46, 0x400, 0.31, 60fd76f245ee434b0b3e5e86d355b2b9
.alert, 0x7A000, 0x4A, 0x400, 0.33, cc5ffcce8979092f2ff9b372a720d188
.oaks, 0x7B000, 0x3A, 0x400, 0.26, f71eaecf9a37e696837bc8f4a7e6aba2
.oaks0, 0x7C000, 0x32, 0x400, 0.23, f51ea4bd5b28f6d85331b7c943f00bbb
.CRT, 0x7D000, 0x8, 0x400, 0.0, 0f343b0931126a20f133d67c2b018a3b
.rsrc, 0x7E000, 0x3FC8, 0x4000, 4.33, 905690ec2a04d8cf485e4d16d76d2dd5
.reloc, 0x82000, 0x146, 0x400, 1.05, b13c70dae88a0223464c37db5b413ea4

[[ 5 import(s) ]]
advapi32.dll: QueryServiceConfigW, OpenSCManagerW, OpenServiceW, CloseServiceHandle, QueryServiceStatus, SetServiceStatus, RegisterServiceCtrlHandlerExW
iphlpapi.dll: NotifyAddrChange
kernel32.dll: WideCharToMultiByte, MultiByteToWideChar, SetUnhandledExceptionFilter, UnhandledExceptionFilter, GetCurrentProcess, TerminateProcess, GetSystemTimeAsFileTime, GetCurrentProcessId, GetCurrentThreadId, GetTickCount, QueryPerformanceCounter, LocalFree, LocalAlloc, GetLastError, LeaveCriticalSection, SetEvent, EnterCriticalSection, DeleteCriticalSection, TerminateThread, CloseHandle, GetTimeFormatW, GetDateFormatW, WaitForSingleObject, CreateThread, CreateEventW, CreateMailslotA, ReadFile, Sleep, WriteFile, InterlockedExchange, CreateFileA, GetOverlappedResult, GetLocalTime, FreeLibrary, FormatMessageA, FormatMessageW, LoadLibraryExW, GetComputerNameW, GetProcAddress, LoadLibraryW, DisableThreadLibraryCalls
rpcrt4.dll: NdrServerCall2, RpcImpersonateClient, RpcRevertToSelf
user32.dll: RegisterDeviceNotificationW, UnregisterDeviceNotification, MessageBeep, MessageBoxW

Androguard:
-
ExifTool:
file metadata
CharacterSet: Unicode
CodeSize: 8192
CompanyName: Microsoft Corporation
EntryPoint: 0x1f20
FileDescription: Windows XP USER API Client DLL
FileFlagsMask: 0x003f
FileOS: Windows NT 32-bit
FileSize: 469 kB
FileSubtype: 0
FileType: Win32 EXE
FileVersion: 5.1.2600.5512 (xpsp.080413-2105)
FileVersionNumber: 5.1.2600.5512
ImageVersion: 0.0
InitializedDataSize: 470016
InternalName: user32
LanguageCode: English (U.S.)
LegalCopyright: Microsoft Corporation. All rights reserved.
LinkerVersion: 9.0
MIMEType: application/octet-stream
MachineType: Intel 386 or later, and compatibles
OSVersion: 5.0
ObjectFileType: Dynamic link library
OriginalFilename: user32
PEType: PE32
ProductName: Microsoft Windows Operating System
ProductVersion: 5.1.2600.5512
ProductVersionNumber: 5.1.2600.5512
Subsystem: Windows GUI
SubsystemVersion: 5.0
TimeStamp: 2011:06:11 22:20:03+02:00
UninitializedDataSize: 0

Symantec reputation:Suspicious.Insight

VT Community

0
This file has never been reviewed by any VT Community member. Be the first one to comment on it!
VirusTotal Team

#4 wilma1313

Silver Member

Authentic Member
386 posts

Posted 12 June 2011 - 04:48 PM

Here is the scan requested. I'm going to send this and work on OTL, but that one may not get posted til later in the night... aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software Run date: 2011-06-12 17:45:09 ----------------------------- 17:45:09.155 OS Version: Windows 5.1.2600 Service Pack 3 17:45:09.155 Number of processors: 2 586 0x4802 17:45:09.155 ComputerName: MIGUEL UserName: Owner 17:45:11.780 Initialize success 17:45:14.249 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-4 17:45:14.249 Disk 0 Vendor: Hitachi_HTS541616J9AT00 SB4OA70H Size: 152627MB BusType: 3 17:45:16.281 Disk 0 MBR read successfully 17:45:16.281 Disk 0 MBR scan 17:45:16.281 Disk 0 unknown MBR code 17:45:18.297 Disk 0 scanning sectors +312560640 17:45:18.328 Disk 0 scanning C:\WINDOWS\system32\drivers 17:45:33.799 Service scanning 17:45:35.627 Disk 0 trace - called modules: 17:45:35.658 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll >>UNKNOWN [0x8a7f71ed]<< 17:45:35.658 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8a837a18] 17:45:35.674 3 CLASSPNP.SYS[ba188fd7] -> nt!IofCallDriver -> \Device\000000ad[0x8a8ba5e8] 17:45:35.674 5 ACPI.sys[b9f7f620] -> nt!IofCallDriver -> \Device\Ide\IdeDeviceP0T0L0-4[0x8a83a940] 17:45:35.674 \Driver\atapi[0x8a885400] -> IRP_MJ_INTERNAL_DEVICE_CONTROL -> 0x8a7f71ed 17:45:36.018 Scan finished successfully 17:46:20.632 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Owner.Miguel\Desktop\MBR.dat" 17:46:20.648 The log file has been saved successfully to "C:\Documents and Settings\Owner.Miguel\Desktop\aswMBR.txt1.txt"

#5 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 12 June 2011 - 05:07 PM

Hi wilma1313,

That's fine. You did the correct thing.

When you do run the OTL scan please use this for the Custom Scan instead of the one previously posted. Something in the VirusTotal results warrants looking a little closer.

/md5start
user32.*
kb.dll
winlogon.*
/md5stop
%Temp%\smtmp\*.* /s

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#6 wilma1313

Silver Member

Authentic Member
386 posts

Posted 12 June 2011 - 05:07 PM

Hi again,
Sorry, I should not have posted this all separately - trying to get used to hubby computer and was doing things in order and couldn't figure out how to save the first stuff. I think I goofed the second scan. I have no idea how to send a zipped file? Let me know if I need to redo that second scan please - sorry about that, not the best direction following today.

THanks and good night
OTL logfile created on: 6/12/2011 5:52:22 PM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner.Miguel\Desktop\infectio
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 69.53% Memory free
3.72 Gb Paging File | 3.08 Gb Available in Paging File | 82.69% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 97.81 Gb Free Space | 68.79% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.83 Gb Free Space | 70.71% Space Free | Partition Type: FAT32

Computer Name: MIGUEL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/11 19:27:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\infectio\OTL.exe
PRC - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
PRC - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\SystemCore\mcshield.exe
PRC - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) -- C:\WINDOWS\system32\mfevtps.exe
PRC - [2011/04/05 11:50:44 | 001,195,408 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee.com\Agent\mcagent.exe
PRC - [2010/10/20 01:40:24 | 003,653,432 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBK370stat.exe
PRC - [2010/10/20 01:40:22 | 000,216,888 | ---- | M] (McAfee, Inc.) -- C:\Program Files\McAfee Online Backup\MOBK370backup.exe
PRC - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
PRC - [2008/12/05 16:51:06 | 000,206,096 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe
PRC - [2008/08/13 14:34:08 | 001,891,416 | ---- | M] (GARMIN Corp.) -- C:\Garmin\gStart.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2006/10/04 01:56:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
PRC - [2006/05/23 21:22:36 | 000,573,440 | ---- | M] (Motorola Inc.) -- C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe
PRC - [2006/01/02 19:41:22 | 000,045,056 | ---- | M] (ATI Technologies Inc.) -- C:\Program Files\ATI Technologies\ATI.ACE\CLI.exe
PRC - [2005/12/27 12:20:14 | 000,413,696 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/11/05 09:47:00 | 000,098,394 | ---- | M] (Synaptics, Inc.) -- C:\Program Files\Synaptics\SynTP\SynTPLpr.exe

========== Modules (SafeList) ==========

MOD - [2011/06/11 19:27:22 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Owner.Miguel\Desktop\infectio\OTL.exe
MOD - [2010/08/23 11:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll
MOD - [2008/12/05 16:51:10 | 000,014,032 | ---- | M] () -- C:\Program Files\McAfee\SiteAdvisor\sahook.dll
MOD - [2004/11/05 09:47:00 | 000,069,722 | ---- | M] (Synaptics, Inc.) -- C:\WINDOWS\system32\SynTPFcs.dll

========== Win32 Services (SafeList) ==========

SRV - [2011/04/14 14:01:38 | 000,188,136 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe -- (mfefire)
SRV - [2011/04/14 14:01:38 | 000,171,168 | ---- | M] () [Unknown | Running] -- C:\Program Files\Common Files\McAfee\SystemCore\\mcshield.exe -- (McShield)
SRV - [2011/04/14 14:01:38 | 000,141,792 | ---- | M] (McAfee, Inc.) [Unknown | Running] -- C:\WINDOWS\system32\mfevtps.exe -- (mfevtp)
SRV - [2010/10/20 01:40:22 | 000,216,888 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\McAfee Online Backup\MOBK370backup.exe -- (MOBK370backup)
SRV - [2010/10/07 22:34:28 | 000,364,216 | ---- | M] (McAfee, Inc.) [On_Demand | Stopped] -- C:\Program Files\McAfee\VirusScan\mcods.exe -- (McODS)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (MSK80Service)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McProxy)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNASvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (McNaiAnn)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe -- (mcmscsvc)
SRV - [2010/03/10 11:14:44 | 000,271,480 | ---- | M] (McAfee, Inc.) [Auto | Running] -- C:\Program Files\Common Files\Mcafee\McSvcHost\McSvHost.exe -- (McMPFSvc)
SRV - [2008/12/05 16:51:06 | 000,206,096 | ---- | M] () [Auto | Running] -- C:\Program Files\McAfee\SiteAdvisor\McSACore.exe -- (McAfee SiteAdvisor Service)
SRV - [2006/10/04 01:56:55 | 000,172,032 | ---- | M] (New Boundary Technologies, Inc.) [Auto | Running] -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS -- (PrismXL)

========== Driver Services (SafeList) ==========

DRV - [2011/04/14 14:01:38 | 000,387,480 | ---- | M] (McAfee, Inc.) [Kernel | Boot | Running] -- C:\WINDOWS\system32\drivers\mfehidk.sys -- (mfehidk)
DRV - [2011/04/14 14:01:38 | 000,314,088 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfefirek.sys -- (mfefirek)
DRV - [2011/04/14 14:01:38 | 000,153,280 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeavfk.sys -- (mfeavfk)
DRV - [2011/04/14 14:01:38 | 000,095,824 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfeapfk.sys -- (mfeapfk)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendiskmp)
DRV - [2011/04/14 14:01:38 | 000,088,736 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mfendisk.sys -- (mfendisk)
DRV - [2011/04/14 14:01:38 | 000,084,488 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\mferkdet.sys -- (mferkdet)
DRV - [2011/04/14 14:01:38 | 000,084,200 | ---- | M] (McAfee, Inc.) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\mfetdi2k.sys -- (mfetdi2k)
DRV - [2011/04/14 14:01:38 | 000,056,064 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\cfwids.sys -- (cfwids)
DRV - [2011/04/14 14:01:38 | 000,052,320 | ---- | M] (McAfee, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mfebopk.sys -- (mfebopk)
DRV - [2010/10/20 01:40:02 | 000,054,776 | ---- | M] (Mozy, Inc.) [File_System | System | Running] -- C:\WINDOWS\system32\drivers\MOBK370.sys -- (MOBK370Filter)
DRV - [2008/04/13 13:56:06 | 000,088,320 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkipx.sys -- (NwlnkIpx)
DRV - [2006/10/04 01:47:40 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/06/19 01:37:34 | 000,036,864 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdK8.sys -- (AmdK8)
DRV - [2006/06/15 17:28:04 | 001,179,784 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/05/23 21:30:06 | 000,893,952 | ---- | M] (Motorola Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\smserial.sys -- (smserial)
DRV - [2006/05/23 10:56:00 | 000,245,248 | ---- | M] (Marvell) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\yk51x86.sys -- (yukonwxp)
DRV - [2006/04/04 23:58:44 | 001,536,000 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2005/11/02 16:24:24 | 000,424,320 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2005/09/21 02:30:56 | 000,162,432 | ---- | M] (Texas Instruments) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\tifm21.sys -- (tifm21)
DRV - [2004/11/10 19:30:18 | 000,024,832 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdralw2k.sys -- (Cdralw2k)
DRV - [2004/11/10 19:27:34 | 000,044,288 | ---- | M] (Roxio) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\cdr4_xp.sys -- (Cdr4_xp)
DRV - [2004/08/10 14:00:00 | 000,063,232 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnknb.sys -- (NwlnkNb)
DRV - [2004/08/10 14:00:00 | 000,055,936 | ---- | M] (Microsoft Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\nwlnkspx.sys -- (NwlnkSpx)
DRV - [2003/01/10 16:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.gateway.c...h...TB&M=MX6453

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchDefaultBranded = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = ibahn:80

FF - HKLM\software\mozilla\Firefox\Extensions\\{B7082FAA-CB62-4872-9106-E42DD88EDE45}: C:\Program Files\McAfee\SiteAdvisor [2010/03/02 22:12:15 | 000,000,000 | ---D | M]

[2009/12/26 15:21:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner.Miguel\Application Data\Mozilla\Extensions
[2009/12/26 15:21:27 | 000,000,000 | -H-D | M] (No name found) -- C:\Documents and Settings\Owner.Miguel\Application Data\Mozilla\Extensions\mozswing@mozswing.org

O1 HOSTS File: ([2004/08/10 14:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - File not found
O2 - BHO: (McAfee Phishing Filter) - {27B4851A-3207-45A2-B947-BE8AFE6163AB} - c:\Program Files\McAfee\MSK\mskapbho.dll ()
O2 - BHO: (scriptproxy) - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\Common Files\McAfee\SystemCore\ScriptSn.20110517161831.dll (McAfee, Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O2 - BHO: (McAfee SiteAdvisor BHO) - {B164E929-A1B6-4A06-B104-2CD0E90A88FF} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\WINDOWS\system32\bae.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (McAfee SiteAdvisor Toolbar) - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\Program Files\Google\GoogleToolbar2.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [ATICCC] C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
O4 - HKLM..\Run: [mcui_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc.)
O4 - HKLM..\Run: [Recguard] C:\WINDOWS\SMINST\Recguard.exe ()
O4 - HKLM..\Run: [Reminder] C:\WINDOWS\creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [SMSERIAL] C:\Program Files\Motorola\SMSERIAL\sm56hlpr.exe (Motorola Inc.)
O4 - HKLM..\Run: [SynTPLpr] C:\Program Files\Synaptics\SynTP\SynTPLpr.exe (Synaptics, Inc.)
O4 - HKCU..\Run: [gStart] C:\Garmin\gStart.exe (GARMIN Corp.)
O4 - HKCU..\Run: [Power2GoExpress] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk = C:\Program Files\McAfee Online Backup\MOBK370stat.exe (McAfee, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Recovery present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\system32\nwprovau.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000005 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...01/mcinsctl.cab (McAfee.com Operating System Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0015-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0024-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_24)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.18.47.61 209.18.47.62
O18 - Protocol\Handler\sacore {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files\McAfee\SiteAdvisor\McIEPlg.dll ()
O18 - Protocol\Handler\skype4com - No CLSID value found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O30 - LSA: Authentication Packages - (nwprovau) - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/06/17 04:41:16 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 000,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O33 - MountPoints2\{00a38b3f-6f6a-11df-9b46-0014a5f3dee6}\Shell - "" = AutoRun
O33 - MountPoints2\{00a38b3f-6f6a-11df-9b46-0014a5f3dee6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{00a38b3f-6f6a-11df-9b46-0014a5f3dee6}\Shell\AutoRun\command - "" = F:\iStudio.exe
O33 - MountPoints2\{71e26ae1-ce1b-11dc-95d4-0014a5f3dee6}\Shell - "" = AutoRun
O33 - MountPoints2\{71e26ae1-ce1b-11dc-95d4-0014a5f3dee6}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{71e26ae1-ce1b-11dc-95d4-0014a5f3dee6}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -a
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/12 17:44:33 | 000,581,120 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Owner.Miguel\Desktop\aswMBR.exe
[2011/06/12 16:37:49 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\McAfee
[2011/06/11 20:31:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Miguel\Desktop\infectio
[2011/06/11 17:29:23 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Owner.Miguel\Recent
[2011/06/11 17:00:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Owner.Miguel\Start Menu\Programs\Windows XP Restore
[2011/06/11 16:48:37 | 000,480,256 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\nmqkFApeDId.exe
[2011/06/11 08:28:35 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/11 08:26:59 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/06/04 16:28:25 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\Garmin
[2011/06/04 16:22:28 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Owner.Miguel\Application Data\GARMIN
[2011/06/04 16:19:34 | 000,000,000 | ---D | C] -- C:\Program Files\Garmin
[2011/05/25 19:38:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Google Earth
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/12 17:46:20 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\MBR.dat
[2011/06/12 17:44:39 | 000,581,120 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Owner.Miguel\Desktop\aswMBR.exe
[2011/06/12 17:42:01 | 000,000,884 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/12 16:38:40 | 000,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/12 16:38:04 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/12 16:37:19 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/12 16:37:15 | 2011,279,360 | -HS- | M] () -- C:\hiberfil.sys
[2011/06/12 15:01:25 | 000,000,214 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home (2).url
[2011/06/12 14:51:38 | 000,000,248 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\PaperBack Swap.com.url
[2011/06/12 12:46:20 | 000,000,214 | -H-- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home.url
[2011/06/11 20:56:07 | 000,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/11 18:35:33 | 000,000,208 | ---- | M] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Yahoo!.url
[2011/06/11 18:31:45 | 000,040,016 | ---- | M] () -- C:\WINDOWS\MOBK370.blk
[2011/06/11 18:31:45 | 000,003,150 | ---- | M] () -- C:\WINDOWS\MOBK370.flt
[2011/06/11 17:09:11 | 000,000,040 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~17162020
[2011/06/11 16:48:37 | 000,480,256 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\All Users\Application Data\nmqkFApeDId.exe
[2 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/12 17:46:20 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\MBR.dat
[2011/06/11 18:30:12 | 000,000,795 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\McAfee Online Backup Status.lnk
[2011/06/11 18:24:27 | 000,000,248 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\PaperBack Swap.com.url
[2011/06/11 18:19:40 | 000,000,214 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\BookMooch Member Home (2).url
[2011/06/11 18:08:20 | 000,000,208 | ---- | C] () -- C:\Documents and Settings\Owner.Miguel\Desktop\Yahoo!.url
[2011/06/11 17:09:07 | 000,000,040 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~17162020
[2010/04/10 21:26:16 | 000,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2010/04/04 22:05:39 | 000,028,792 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/06/07 13:09:54 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2007/05/26 16:27:56 | 000,002,206 | ---- | C] () -- C:\WINDOWS\unins000.dat
[2007/05/16 08:47:50 | 000,001,774 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/03/28 13:19:15 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/03/17 18:22:59 | 000,010,752 | -H-- | C] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/08 21:08:45 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\instlsp.exe
[2006/11/08 15:47:14 | 000,000,135 | -H-- | C] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Application Data\fusioncache.dat
[2006/10/04 02:01:07 | 000,023,552 | ---- | C] () -- C:\WINDOWS\System32\jesterss.dll
[2006/10/04 01:46:48 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/10/04 01:46:05 | 000,000,004 | ---- | C] () -- C:\WINDOWS\Pix11.dat
[2006/10/04 01:41:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/10/04 01:15:28 | 000,125,796 | ---- | C] () -- C:\WINDOWS\System32\atiicdxx.dat
[2006/10/04 01:14:37 | 000,018,944 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/10/04 01:14:36 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/10/04 01:14:20 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/06/21 04:48:15 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/21 04:12:42 | 000,352,256 | ---- | C] () -- C:\WINDOWS\System32\HotlineClient.exe
[2006/06/17 04:44:22 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2006/06/17 04:37:18 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2006/06/17 04:24:58 | 000,001,280 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2006/06/17 04:24:57 | 000,000,519 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2006/06/17 04:23:25 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2006/06/17 04:23:22 | 000,445,044 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2006/06/17 04:23:22 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2006/06/17 04:23:22 | 000,072,754 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2006/06/17 04:23:22 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2006/06/17 04:23:20 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2006/06/17 04:23:20 | 000,005,151 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2006/06/17 04:23:20 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2006/06/17 04:23:19 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2006/06/17 04:23:19 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2006/06/17 04:23:16 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2006/06/17 04:23:08 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2006/06/16 21:31:45 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2006/06/16 21:30:47 | 000,159,544 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/05 23:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/06/15 02:00:00 | 000,077,321 | ---- | C] () -- C:\WINDOWS\unins000.exe
[1999/01/22 13:46:56 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Custom Scans ==========

< >

< MD5 for: WINLOGON.EX_ >
[2004/08/10 14:00:00 | 000,261,115 | ---- | M] () MD5=F41C4F5745589D0BB8268C02B71594CA -- C:\WINDOWS\I386\WINLOGON.EX_

< MD5 for: WINLOGON.EXE >
[2004/08/10 14:00:00 | 000,502,272 | ---- | M] (Microsoft Corporation) MD5=01C3346C241652F43AED8E2149881BFE -- C:\WINDOWS\$NtServicePackUninstall$\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\ServicePackFiles\i386\winlogon.exe
[2008/04/13 19:12:39 | 000,507,904 | ---- | M] (Microsoft Corporation) MD5=ED0EF0A136DEC83DF69F04118870003E -- C:\WINDOWS\system32\winlogon.exe

< %Temp%\smtmp\*.* /s >
[2008/08/28 17:35:23 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\desktop.ini
[2007/03/23 10:36:24 | 000,001,992 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
[2007/04/04 20:57:18 | 000,002,439 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
[2008/08/28 17:35:23 | 000,001,563 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
[2006/06/17 04:41:25 | 000,000,398 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
[2007/10/05 20:45:00 | 000,001,507 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
[2008/05/06 15:32:41 | 000,001,810 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
[2008/08/04 21:24:05 | 000,001,830 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
[2006/06/17 04:39:09 | 000,000,150 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\desktop.ini
[2007/10/05 20:45:00 | 000,001,466 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Media Center.lnk
[2007/03/23 10:36:24 | 000,001,990 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Access.lnk
[2007/03/23 10:36:24 | 000,002,030 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel.lnk
[2007/03/23 10:36:24 | 000,001,998 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft FrontPage.lnk
[2006/10/04 01:49:35 | 000,001,004 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Money 2006.lnk
[2006/10/04 01:49:01 | 000,001,775 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
[2007/03/23 10:36:24 | 000,002,046 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Outlook.lnk
[2007/03/23 10:36:24 | 000,002,002 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft PowerPoint.lnk
[2011/03/26 18:56:06 | 000,002,479 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Word.lnk
[2006/10/04 01:49:01 | 000,001,701 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
[2006/06/17 04:36:43 | 000,001,986 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
[2011/04/27 16:52:12 | 000,001,854 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Safari.lnk
[2010/08/24 22:04:15 | 000,001,077 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Live ID.lnk
[2006/06/17 04:37:22 | 000,000,609 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
[2006/06/17 04:39:09 | 000,000,786 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
[2006/10/04 01:46:21 | 000,000,621 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Wireless SecureEasySetup.lnk
[2008/11/14 13:53:55 | 000,001,498 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator (2).lnk
[2006/11/16 23:53:29 | 000,001,498 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
[2006/06/17 04:37:22 | 000,000,188 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Accessories\desktop.ini
[2010/06/01 01:00:22 | 000,001,515 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
[2008/08/28 17:35:11 | 000,001,585 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
[2006/06/17 04:37:22 | 000,000,879 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
[2010/06/01 01:00:23 | 000,001,520 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
[2006/06/17 04:37:22 | 000,000,090 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
[2008/08/28 17:38:10 | 000,000,516 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
[2006/06/17 04:37:22 | 000,000,786 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
[2010/06/01 01:00:23 | 000,001,757 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
[2010/06/01 01:00:23 | 000,001,640 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
[2010/06/01 01:00:23 | 000,001,646 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
[2008/08/28 17:38:10 | 000,001,656 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
[2006/06/17 04:37:22 | 000,000,146 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
[2010/06/01 01:00:23 | 000,001,528 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
[2007/10/05 20:45:02 | 000,001,528 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
[2007/10/05 20:45:02 | 000,001,478 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center.lnk
[2006/10/04 01:39:20 | 000,001,838 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\CyberLink Setting.lnk
[2010/06/01 01:00:23 | 000,001,532 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
[2007/10/05 20:45:02 | 000,001,521 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
[2006/06/17 04:41:25 | 000,000,757 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
[2010/06/01 01:00:23 | 000,001,532 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
[2007/10/05 20:45:03 | 000,001,572 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
[2010/06/01 01:00:23 | 000,001,591 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
[2010/06/01 01:00:23 | 000,001,753 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
[2006/06/17 04:39:01 | 000,001,070 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
[2010/06/01 01:00:23 | 000,001,616 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
[2006/06/17 04:36:54 | 000,001,582 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
[2007/10/05 20:45:03 | 000,001,602 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
[2010/06/01 01:00:23 | 000,001,596 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
[2006/06/17 04:41:25 | 000,000,545 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
[2007/10/05 20:45:04 | 000,001,592 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
[2007/10/05 20:45:04 | 000,001,590 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
[2006/06/18 23:29:11 | 000,001,107 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
[2006/06/18 23:29:11 | 000,001,158 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
[2007/10/05 20:45:04 | 000,001,591 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
[2007/03/23 10:36:51 | 000,001,109 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Server Extensions Administrator.lnk
[2007/10/05 20:45:04 | 000,001,602 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
[2006/10/04 02:01:02 | 000,001,678 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Broadcom Wireless\Broadcom Wireless Utility.lnk
[2006/10/04 01:55:24 | 000,001,837 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Catalyst Control Center.lnk
[2006/10/04 01:55:24 | 000,001,897 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Help.lnk
[2006/10/04 01:55:24 | 000,001,857 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Advanced\Catalyst Control Center - Advanced.lnk
[2006/10/04 01:55:24 | 000,001,887 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Advanced\Catalyst Control Center - Basic.lnk
[2006/10/04 01:55:24 | 000,001,851 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Advanced\Restart Runtime.lnk
[2006/10/04 01:39:07 | 000,001,760 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\CyberLink DVD Solution.lnk
[2006/10/04 01:39:07 | 000,001,911 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Online Registration.lnk
[2006/10/04 01:39:44 | 000,001,909 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Online Registration.lnk
[2006/10/04 01:39:45 | 000,001,751 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Power2Go Express.lnk
[2006/10/04 01:39:45 | 000,001,702 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Power2Go Online Help.lnk
[2006/10/04 01:39:44 | 000,001,702 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Power2Go.lnk
[2006/10/04 01:39:45 | 000,001,686 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Readme.lnk
[2006/10/04 01:39:45 | 000,001,677 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\System Diagnostics.lnk
[2006/10/04 01:39:45 | 000,001,723 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Uninstall Power2Go.lnk
[2006/10/04 01:39:20 | 000,001,702 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\CyberLink PowerDVD.lnk
[2006/10/04 01:39:20 | 000,001,909 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\On-Line Registration.lnk
[2006/10/04 01:39:20 | 000,001,702 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\PowerDVD Help.lnk
[2006/10/04 01:39:20 | 000,001,686 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\Readme.lnk
[2006/10/04 01:39:20 | 000,001,677 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\System Diagnostic.lnk
[2006/10/04 01:39:20 | 000,001,723 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\Uninstall PowerDVD.lnk
[2006/10/04 01:44:23 | 000,001,444 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\- More Games -.lnk
[2006/06/17 04:37:22 | 000,000,798 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Games\desktop.ini
[2007/04/18 14:30:18 | 000,001,522 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
[2006/10/04 01:44:23 | 000,002,088 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Gateway Games.lnk
[2007/10/05 20:45:05 | 000,001,520 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
[2006/06/17 04:37:22 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
[2006/06/17 04:37:22 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
[2006/06/17 04:37:22 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
[2006/06/17 04:37:22 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
[2006/06/17 04:37:22 | 000,000,913 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
[2007/10/05 20:45:05 | 000,001,515 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
[2006/06/17 04:37:22 | 000,000,885 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
[2007/04/18 14:31:21 | 000,001,491 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
[2010/06/01 01:00:24 | 000,001,502 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
[2011/06/04 16:28:13 | 000,001,810 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Garmin\Training Center.lnk
[2006/10/04 01:49:10 | 000,000,065 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Gateway Documentation\desktop.ini
[2006/02/15 18:00:39 | 018,352,481 | -H-- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Gateway Documentation\Hardware Reference.pdf
[2006/01/24 14:05:53 | 015,433,474 | -H-- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Gateway Documentation\User Guide.pdf
[2006/10/04 01:44:23 | 000,002,088 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\- Gateway Game Console -.lnk
[2006/10/04 01:44:21 | 000,001,782 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\FATE.lnk
[2006/10/04 01:44:22 | 000,001,814 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\Polar Golfer.lnk
[2006/10/04 01:44:22 | 000,001,830 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\Tradewinds.lnk
[2011/05/25 19:38:12 | 000,001,733 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk
[2011/06/11 08:28:35 | 000,001,814 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
[2011/06/11 08:28:35 | 000,001,554 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
[2011/03/07 19:19:14 | 000,000,459 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\McAfee Online Backup\desktop.ini
[2011/03/07 19:19:14 | 000,000,146 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\McAfee Online Backup\Online Help.url
[2011/06/11 15:46:43 | 000,001,607 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\McAfee\McAfee Internet Security.lnk
[2006/10/04 01:46:01 | 000,001,878 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Editor.lnk
[2006/10/04 01:46:11 | 000,001,755 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Library.lnk
[2006/10/04 01:46:11 | 000,001,833 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Photo Story 3.1.lnk
[2007/03/23 10:36:24 | 000,001,958 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Access Snapshot Viewer.lnk
[2007/03/23 10:36:24 | 000,001,902 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Language Settings.lnk
[2007/03/23 10:36:24 | 000,002,008 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Shortcut Bar.lnk
[2006/10/04 01:49:01 | 000,001,543 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
[2006/10/04 01:49:01 | 000,001,901 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
[2006/10/04 01:49:01 | 000,001,647 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
[2006/10/04 01:49:01 | 000,001,689 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
[2006/10/04 01:49:01 | 000,001,671 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
[2006/10/04 01:49:01 | 000,001,707 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
[2006/10/04 01:49:01 | 000,001,691 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
[2006/10/04 01:49:01 | 000,000,832 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
[2006/10/04 01:48:15 | 000,001,096 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\MSN Encarta Plus\MSN Encarta Plus.lnk
[2006/10/04 01:46:48 | 000,001,666 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Napster Music Service-START 30-day trial\Napster Music Service-START 30-day trial.lnk
[2010/12/24 18:16:29 | 000,001,802 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
[2010/12/24 18:16:29 | 000,001,812 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
[2010/12/24 18:16:29 | 000,001,802 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
[2010/12/24 18:16:30 | 000,001,639 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
[2006/10/04 01:47:37 | 000,000,543 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
[2006/10/04 01:47:37 | 000,000,547 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
[2006/10/04 01:47:37 | 000,000,720 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
[2006/10/04 01:47:39 | 000,000,778 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Setup.lnk
[2006/10/04 01:47:37 | 000,000,701 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
[2006/10/04 01:47:37 | 000,000,870 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Uninstaller.lnk
[2006/10/04 01:47:37 | 000,000,725 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
[2010/10/18 18:02:59 | 000,001,878 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
[2008/05/06 15:32:41 | 000,001,757 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Startup\Adobe Reader Speed Launch.lnk
[2011/03/07 19:19:14 | 000,000,193 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\1\Programs\Startup\desktop.ini
[2007/03/23 10:36:24 | 000,001,725 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Startup\Microsoft Office.lnk
[2006/06/17 04:36:43 | 000,001,082 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Audio Converter.lnk
[2006/06/17 04:36:43 | 000,000,897 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows CD Label Maker.lnk
[2006/06/17 04:36:43 | 000,000,979 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Dancer.lnk
[2006/06/17 04:36:43 | 000,001,032 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Party Mode.lnk
[2011/04/27 16:52:12 | 000,001,854 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Apple Safari.lnk
[2006/11/08 15:47:28 | 000,000,170 | -HS- | M] () -- C:\Documents and Settings\Owner.Miguel\Local Settings\Temp\smtmp\2\desktop.ini
[2006/10/04 01:44:23 | 000,000,746 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Gateway Games.lnk
[2011/05/11 22:13:15 | 000,000,815 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
[2007/10/05 20:45:06 | 000,001,478 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Media Center.lnk
[2006/10/04 01:44:20 | 000,002,104 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Play Games.lnk
[2006/06/17 04:46:25 | 000,000,079 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
[2007/04/26 10:58:44 | 000,000,800 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
[2011/06/11 08:28:35 | 000,001,542 | -H-- | M] () -- C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\4\iTunes.lnk

< >

< End of report >

HEre is OTL.

#7 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 12 June 2011 - 08:46 PM

Hi wilma1313,

Glad to hear your computer is still doing fine. :thumbup:

Looks like we cross posted, please disregard my last post. We'll catch up one step at a time.

We'll do a little fix that should restore the missing items and have a look for a couple of more files.

First

Double click on OTL.exe

Under the Custom Scans/Fixes box at the bottom, paste in the following
Do Not copy the word CODE
please note the fix starts with the :

:Services

:Files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
ipconfig /flushdns /c

:Commands
[createrestorepoint]

Then click the Run Fix button at the top

Let the program run unhindered
Please save the resulting log to be posted in your next reply.

Please post the OTL fix log.

Next

OTL should still be open, if not please open it.

click the None button near the top (it may looked greyed out, this will make for a much shorter log)
In the window under Custom Scans/Fixes copy and paste the following

/md5start
user32.*
volsnap.*
/md5stop
Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.

When the scan completes, it will open a notepad window, OTL.Txt. Please post this log.

To attach the zipped file (MBR.dat):

Under the lower right hand corner of the reply box you will see a box named "manage current attachments"
under that is a browse box and an upload box
click the browse button to navigate to the location of the file and click on it
click the upload button
Once the file has been up loaded it will appear in the manage current attachments box
click the arrow and click on the green + sign

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#8 wilma1313

Silver Member

Authentic Member
386 posts

Posted 13 June 2011 - 07:33 PM

Here are the otl logs. I have no problem attaching files (I think), hopefully what i did to make MBR.dat zipped is correct - i don't think I've ever zipped.
have a good night

========== SERVICES/DRIVERS ==========
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\New Office Document.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Open Office Document.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Set Program Access and Defaults.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Windows Catalog.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Windows Update.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Adobe Reader 7.0.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Apple Software Update.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Media Center.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Access.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Excel.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft FrontPage.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Money 2006.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office PowerPoint Viewer 2003.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Outlook.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft PowerPoint.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Word.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\MSN.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Safari.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Live ID.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Messenger.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Movie Maker.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Wireless SecureEasySetup.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator (2).lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Calculator.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Paint.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Remote Desktop Connection.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\WordPad.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\Accessibility Wizard.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Accessibility\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\HyperTerminal.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Connections.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Network Setup Wizard.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\New Connection Wizard.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Communications\Wireless Network Setup Wizard.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Sound Recorder.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Entertainment\Volume Control.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\Media Center\Media Center Programs\CyberLink Setting.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Backup.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Character Map.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Cleanup.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Disk Defragmenter.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Files and Settings Transfer Wizard.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\Scheduled Tasks.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Information.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Accessories\System Tools\System Restore.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Component Services.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Computer Management.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Data Sources (ODBC).lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Event Viewer.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Local Security Policy.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Configuration.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Microsoft .NET Framework 1.1 Wizards.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Performance.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Server Extensions Administrator.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Administrative Tools\Services.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Broadcom Wireless\Broadcom Wireless Utility.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Catalyst Control Center.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Help.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Advanced\Catalyst Control Center - Advanced.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Advanced\Catalyst Control Center - Basic.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Catalyst Control Center\Advanced\Restart Runtime.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\CyberLink DVD Solution.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Online Registration.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Online Registration.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Power2Go Express.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Power2Go Online Help.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Power2Go.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Readme.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\System Diagnostics.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\Power2Go\Uninstall Power2Go.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\CyberLink PowerDVD.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\On-Line Registration.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\PowerDVD Help.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\Readme.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\System Diagnostic.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\CyberLink DVD Solution\PowerDVD\Uninstall PowerDVD.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\- More Games -.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Freecell.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Gateway Games.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Hearts.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Backgammon.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Checkers.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Hearts.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Reversi.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Internet Spades.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Minesweeper.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Pinball.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Solitaire.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Games\Spider Solitaire.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Garmin\Training Center.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Documentation\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Documentation\Hardware Reference.pdf
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Documentation\User Guide.pdf
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\- Gateway Game Console -.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\FATE.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\Polar Golfer.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Gateway Games\Tradewinds.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Google Earth\Uninstall Google Earth Plug-in.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\iTunes\About iTunes.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\iTunes\iTunes.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\McAfee\McAfee Internet Security.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\McAfee Online Backup\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\McAfee Online Backup\Online Help.url
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Editor.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Digital Image Starter Edition 2006 Library.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Digital Image Starter Edition 2006\Microsoft Photo Story 3.1.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Access Snapshot Viewer.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Language Settings.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Office Tools\Microsoft Office Shortcut Bar.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Getting Started.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Calendar.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Database.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Portfolio.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Spreadsheet.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Task Launcher.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Microsoft Works Word Processor.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Microsoft Works\Windows Address Book.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\MSN Encarta Plus\MSN Encarta Plus.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Napster Music Service-START 30-day trial\Napster Music Service-START 30-day trial.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\About QuickTime.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\PictureViewer.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\QuickTime Player.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\QuickTime\Uninstall QuickTime.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Help.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer License Agreement.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer ReadMe.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Setup.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Subscription.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer Uninstaller.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Real\RealPlayer\RealPlayer.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Skype\Skype.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Startup\Adobe Reader Speed Launch.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Startup\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Startup\Microsoft Office.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Audio Converter.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows CD Label Maker.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Dancer.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\1\Programs\Windows Digital Media Enhancements\Windows Party Mode.lnk
148 File(s) copied
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Apple Safari.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\desktop.ini
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Gateway Games.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Launch Internet Explorer Browser.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Media Center.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Play Games.lnk
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Show Desktop.scf
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\2\Windows Media Player.lnk
8 File(s) copied
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
C:\DOCUME~1\OWNER~1.MIG\LOCALS~1\Temp\smtmp\4\iTunes.lnk
1 File(s) copied
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.txt deleted successfully.
< ipconfig /flushdns /c >
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.bat deleted successfully.
C:\Documents and Settings\Owner.Miguel\Desktop\infectio\cmd.txt deleted successfully.
========== COMMANDS ==========
Restore point Set: OTL Restore Point (0)

OTL by OldTimer - Version 3.2.24.0 log created on 06132011_201257

OTL logfile created on: 6/13/2011 8:20:24 PM - Run 3
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Owner.Miguel\Desktop\infectio
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.30 Gb Available Physical Memory | 69.25% Memory free
3.72 Gb Paging File | 3.04 Gb Available in Paging File | 81.59% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 142.20 Gb Total Space | 97.72 Gb Free Space | 68.72% Space Free | Partition Type: NTFS
Drive D: | 6.83 Gb Total Space | 4.83 Gb Free Space | 70.71% Space Free | Partition Type: FAT32

Computer Name: MIGUEL | User Name: Owner | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: Off | File Age = 30 Days

========== Custom Scans ==========

< MD5 for: USER32.DL_ >
[2004/08/10 14:00:00 | 000,263,547 | ---- | M] () MD5=5BF86149AB9EA650050375F25D0FA0C2 -- C:\WINDOWS\I386\USER32.DL_

< MD5 for: USER32.DLL >
[2005/03/02 20:19:56 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=1800F293BCCC8EDE8A70E12B88D80036 -- C:\WINDOWS\$hf_mig$\KB890859\SP2QFE\user32.dll
[2007/03/08 10:48:36 | 000,578,048 | ---- | M] (Microsoft Corporation) MD5=7AA4F6C00405DFC4B70ED4214E7D687B -- C:\WINDOWS\$hf_mig$\KB925902\SP2QFE\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\ServicePackFiles\i386\user32.dll
[2008/04/13 19:12:08 | 000,578,560 | ---- | M] (Microsoft Corporation) MD5=B26B135FF1B9F60C9388B4A7D16F600B -- C:\WINDOWS\system32\user32.dll
[2007/03/08 10:36:28 | 000,577,536 | ---- | M] (Microsoft Corporation) MD5=B409909F6E2E8A7067076ED748ABF1E7 -- C:\WINDOWS\$NtServicePackUninstall$\user32.dll
[2005/03/02 20:09:30 | 000,577,024 | ---- | M] (Microsoft Corporation) MD5=DE2DB164BBB35DB061AF0997E4499054 -- C:\WINDOWS\$NtUninstallKB925902$\user32.dll

< MD5 for: VOLSNAP.IN_ >
[2004/08/10 14:00:00 | 000,000,698 | ---- | M] () MD5=03FF8C24B69C1FC99663DF3908FBEBA4 -- C:\WINDOWS\I386\VOLSNAP.IN_

< MD5 for: VOLSNAP.INF >
[2004/08/10 14:00:00 | 000,001,095 | ---- | M] () MD5=1C43F4D998567C9D2463E18669F33A3C -- C:\WINDOWS\inf\volsnap.inf

< MD5 for: VOLSNAP.PNF >
[2006/10/04 01:29:12 | 000,004,964 | ---- | M] () MD5=BBD419C37F5A4538BC14BEAB41DAE841 -- C:\WINDOWS\inf\volsnap.PNF

< MD5 for: VOLSNAP.SY_ >
[2004/08/10 14:00:00 | 000,025,390 | ---- | M] () MD5=E021CFE0CAD70AC0F44999A892CBB9C5 -- C:\WINDOWS\I386\VOLSNAP.SY_

< MD5 for: VOLSNAP.SYS >
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2008/04/13 13:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\system32\drivers\volsnap.sys
[2004/08/10 14:00:00 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys

< >

< End of report >

MBR.zip 560bytes 368 downloads

#9 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 13 June 2011 - 11:46 PM

Hi wilma1313,

You did fine.

Please read through the instructions to familarize youself with what to expect when the tool runs.

It is vitally important that combofix is renamed before it is even started to download

Please download ComboFix from Link 1or Link 2 to your Desktop.

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved directly to your desktop**

If you are using Firefox, make sure that your download settings are as follows:
-Tools->Options->Main tab
-Set to "Always ask me where to Save the files".
During the download, before you save it to your desktop, rename Combofix to jgh.exe

It is important you rename Combofix during the download, but not after.
Please do not rename Combofix to other names, but only to the one indicated.
Close any open browsers.
Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix

-----------------------------------------------------------

Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.

-----------------------------------------------------------

Double click on ComboFix.exe (jgh.exe in your case) & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Notes:

1.Do not mouse-click Combofix's window while it is running. That may cause it to stall.
2. ComboFix may reset a number of Internet Explorer's settings, including making I-E the default browser.
3. CF disconnects your machine from the internet. The connection is automatically restored before CF completes its run. If CF runs into difficulty and terminates prematurely, the connection can be manually restored by restarting your machine.

Please post back with

combofix log

How is the computer?

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#10 wilma1313

Silver Member

Authentic Member
386 posts

Posted 14 June 2011 - 08:11 PM

That did not work out well at all. I renamed and downloaded combofix, no problem. Turned off his virus and software pgm. First time I tried to run it froze so I used task manager to stop combofix. Second time I got an error message that said: Error opening file for writing C:/32788R22FWJFW/iexplore.exe. I was given the options to abort, retry, or ignore. i aborted and redid with the same results. I retried with same results. I tried to run it again and it shut the puter down. The computer is back up now, but seems frozen, hopefully it will stop that. My plan is to get his virus/firewall back on and go to bed. Please tell me what to do next. thanks.

Advertisements

Register to Remove

#11 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 15 June 2011 - 06:46 AM

Hi wilma1313,

Looks like McAfee may have been still active, sometimes it's very difficult to completely disable it. Let's try it this way.

Please read through the instructions to familarize youself with what to expect when the tool runs.

If you are able to delete the copy of combofix you have please delete it from your desktop.

Reboot the computer into Safe Mode with Networking by

Restart your computer
After hearing your computer beep once during startup, but before the Windows icon appears, tap the F8 key continually;
Instead of Windows loading as normal, a menu with options should appear;
Select the option, to run Windows in Safe Mode with Networking, then press "Enter".
Choose your usual account.

If you were unable to delete combofix previously please do so now by right clicking it's icon and selecting delete.

Download a new copy renaming it like before from Link 1or Link 2 to your Desktop.

The instructions for running it are the same except for your Security programs.

You will not be able to disable your security programs in Safe Mode but they will not be running and you will not have access to the interfaces. If combofix reboots your computer please reboot back into Safe Mode and let it finish running. Once the log is saved please boot back to normal Windows and post the log.

Thanks

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#12 wilma1313

Silver Member

Authentic Member
386 posts

Posted 15 June 2011 - 04:54 PM

since combofix shut the computer down, now when we start it none of the programs will load. It freezes during start up. Any suggestions?

#13 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 15 June 2011 - 05:24 PM

Hi wilma1313, Did you try booting into safe mode?

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

#14 wilma1313

Silver Member

Authentic Member
386 posts

Posted 15 June 2011 - 06:32 PM

At that point I could not do anything with it, but I got it. I deleted combofix and booted into safemode. I can't access the internet from safemode so can't download combofix from there....what next? thanks

#15 oldman960

Forum God

Retired Classroom Teacher
14,770 posts

Posted 16 June 2011 - 12:34 AM

Hi wilma1313,

We'll get a new copy of Combofix and another file in normal windows then run combofix in Safe Mode.

Download this file Pro and save it to your desktop.

Download a new copy of combofix renamimg it as before and save it to your desktop.

Please review these instructions as we will be running combofix in a different manner.

Boot into Safe Mode.

Please note you will not be able to disable your Security Programs while in safe mode. For this reason Should combofix reboot your computer please reboot back into Safe Mode and let it finish running. Once the log is saved please boot back to normal Windows and post the log.

To run combofix

With your left mouse button, drag the file you previously saved to your desktop onto the combofix icon as shown below. This will start combofix so don't do anything else.

(click the image to animate)

Follow the prompts to install the Recovery Console. Once the Recovery Console is installed you will be asked to continue scanning for malware, click Yes

Microsoft MVP 2011-2015

Threads will be closed if no response after 5 days.

Body Background

skin color theme