Solved Malware problems?

Here is the extras.txt:


OTL Extras logfile created on: 1/1/2011 3:12:53 PM - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 11.66 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 9.49 Gb Free Space | 35.71% Space Free | Partition Type: NTFS

Computer Name: PAUL-NRCW396W1E | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\Office14\msohtmed.exe" /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1 "
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [AddToPlaylistVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --playlist-enqueue "%1" ()
Directory [Browse with FastStone] -- "C:\Program Files\FastStone Image Viewer\FSViewer.exe" "%1" ()
Directory [Browse with XnView] -- "C:\Program Files\XnView\xnview.exe" "%1" File not found
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [PlayWithVLC] -- "C:\Program Files\VideoLAN\VLC\vlc.exe" --started-from-file --no-playlist-enqueue "%1" ()
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9303:UDP" = 9303:UDP:*:Enabled:SharePort Network USB Utility UDP Port
"1900:UDP" = 1900:UDP:LocalSubNetisabledxpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNetisabledxpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\system32\usmt\migwiz.exe" = C:\WINDOWS\system32\usmt\migwiz.exe:*:Enabled:Files and Settings Transfer Wizard -- (Microsoft Corporation)
"C:\Program Files\Opera\opera.exe" = C:\Program Files\Opera\opera.exe:*:Enabled:Opera Internet Browser -- File not found
"C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090525-1200\win32\x86\symphony.exe" = C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.0.20090525-1200\win32\x86\symphony.exe:*:Enabled:Lotus Symphony -- File not found
"C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\symphony.exe" = C:\Program Files\IBM\Lotus\Symphony\framework\rcp\eclipse\plugins\com.ibm.rcp.base_6.2.1.20090925-1604\win32\x86\symphony.exe:*:Enabled:Lotus Symphony -- File not found
"C:\Program Files\Microsoft Office\Office14\GROOVE.EXE" = C:\Program Files\Microsoft Office\Office14\GROOVE.EXE:*:Enabled:Microsoft SharePoint Workspace -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE" = C:\Program Files\Microsoft Office\Office14\ONENOTE.EXE:*:Enabled:Microsoft OneNote -- (Microsoft Corporation)
"C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE" = C:\Program Files\Microsoft Office\Office14\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook -- (Microsoft Corporation)
"C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe" = C:\Program Files\D-Link\SharePort\SharePort Network USB Utility.exe:*:Enabled:SharePort Network USB Utility -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Java\jre6\bin\java.exe" = C:\Program Files\Java\jre6\bin\java.exe:*:Enabled:Java(TM) Platform SE binary -- (Sun Microsystems, Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{01001202-5D65-445A-B3B4-3DCE72BA0C6C}" = Microsoft Encarta Encyclopedia Standard 2001
"{0394CDC8-FABD-4ed8-B104-03393876DFDF}" = Roxio Creator Tools
"{0456ebd7-5f67-4ab6-852e-63781e3f389c}" = Macromedia Flash Player
"{0D397393-9B50-4c52-84D5-77E344289F87}" = Roxio Creator Data
"{108A39BF-4ED1-4293-B11A-06BD521FB8F7}" = FreeOCR 3.0
"{15D9EB74-998E-4A04-B468-51C2E7B32182}" = Microsoft Picture It! Publishing 2001
"{17424F35-8B77-4ADF-BC63-BF9B81418539}" = Apple Application Support
"{1C15A21D-BF42-4CC3-B12C-B1C44475AC08}" = The e-Sword Users session starter edition (basic)
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{26A24AE4-039D-4CA4-87B4-2F83216020FF}" = Java(TM) 6 Update 23
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35E1EC43-D4FC-4E4A-AAB3-20DDA27E8BB0}" = Sonic Activation Module
"{379F9A64-4317-477A-BBC5-35466F8476B5}" = OpenOffice.org 3.2
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{52291FC0-33D3-4A18-9587-5115225545D8}_is1" = Google Chrome Backup 1.8.0.141
"{590D4F8F-98FE-47FA-AC2B-3F22FDCF7C09}" = ShareIns
"{612B9183-67A9-4B44-9877-2F059E35B86A}" = Broadcom 440x 10/100 Integrated Controller
"{619CDD8A-14B6-43a1-AB6C-0F4EE48CE048}" = Roxio Creator Copy
"{67880EA3-63C2-4143-88F4-51A21B516CBE}" = e-Sword
"{6845255F-15CC-4DD1-94D5-D38F370118B3}_is1" = Auslogics Duplicate File Finder
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6B9B0C6F-E5FA-4633-A640-AB98A272ECCA}" = Safari
"{6CF426B5-249C-40B1-8866-A74EA590F5A7}" = Ben's e-Sword Tool 2 Standard
"{7057ABC2-EFF3-4E43-9806-8BCB6EEA9FE6}" = Microsoft IntelliPoint 7.1
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{774088D4-0777-4D78-904D-E435B318F5D2}" = Microsoft Antimalware
"{77A776C4-D10F-416D-88F0-53F2D9DCD9B3}" = Microsoft Security Client
"{837b34e3-7c30-493c-8f6a-2b0f04e2912c}" = Microsoft Visual C++ 2005 Redistributable
"{83FFCFC7-88C6-41c6-8752-958A45325C82}" = Roxio Creator Audio
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8D273DE5-ABFA-4BD0-A9D7-EE9C971438C4}_is1" = PDF-Viewer
"{90140000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 14
"{90140000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2010
"{90140000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2010
"{90140000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2010
"{90140000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2010
"{90140000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2010
"{90140000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2010
"{90140000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2010
"{90140000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2010
"{90140000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2010
"{90140000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2010
"{90140000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2010
"{90140000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2010
"{90140000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2010
"{90140000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2010
"{90140000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2010
"{90140000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2010
"{91140000-0011-0000-0000-0000000FF1CE}" = Microsoft Office Professional Plus 2010
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{986A654F-F1E4-11DD-9FCA-005056C00008}" = Paragon Partition Managerâ„¢ 10.0 Personal
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A61EBA6E-B44A-48B4-B57B-0BAE80DA97CE}_is1" = Stalled Printer Repair 1.2
"{AC76BA86-7AD7-1033-7B44-AA0000000001}" = Adobe Reader X
"{B8E952E3-A823-443A-8493-39A0CCE0E3EB}" = HP Photo and Imaging 1.0 - Scanjet 3500c Series
"{BD3DCAB0-3FE5-44FB-90DA-EFB0A2CD1387}" = Works Synchronization
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C5A56577-49B4-331E-55DC-7143AFFAD108}" = ATI Catalyst Install Manager
"{C8B0680B-CDAE-4809-9F91-387B6DE00F7C}" = Roxio Creator DE
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1399216-81B2-457C-A0F7-73B9A2EF6902}" = PDFill PDF Editor with FREE Writer and Free Tools
"{D1725D54-279A-40C5-A70D-23C1785DB920}_is1" = AoA Audio Extractor
"{D639085F-4B6E-4105-9F37-A0DBB023E2FB}" = Roxio MyDVD DE
"{DE1AF137-C455-494A-A817-EFE44BCCFDEE}" = Works Upgrade
"{DF62D775-BB7C-4AFA-9CA4-DDA1C4855F28}" = Dell Mobile Broadband Card Utility
"{DF6A13C0-77DF-41FE-BD05-6D5201EB0CE7}_is1" = Auslogics Disk Defrag
"{F03C6A7C-1EA1-4336-B889-6A779C28CB65}" = Logos Church Management
"{FAF7F1D7-C0E7-47EA-8AAA-84E4F9EA3C94}" = Works Suite OS Pack
"{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022
"4569969E1360D2854474C661EF9B4D54F143EB16" = Windows Driver Package - Ricoh Company (rimsptsk) hdc (11/14/2006 6.00.01.04)
"7-Zip" = 7-Zip 4.65
"ActiveTouchMeetingClient" = WebEx
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Any Video Converter_is1" = Any Video Converter 3.0.3
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"Broadcom 802.11b Network Adapter" = Dell Wireless WLAN Card
"Clifford Adventure" = Clifford Thinking Adventures
"Clifford Reading" = Clifford Reading
"CNXT_MODEM_HDAUDIO_VEN_14F1&DEV_2BFA&SUBSYS_14F100C3" = Conexant HDA D110 MDC V.92 Modem
"CopernicDesktopSearch2" = Copernic Desktop Search - Professional
"CutePDF Writer Installation" = CutePDF Writer 2.8
"DVD Shrink_is1" = DVD Shrink 3.2
"FastStone Capture" = FastStone Capture 5.3
"FastStone Image Viewer" = FastStone Image Viewer 4.2
"FastStone MaxView" = FastStone MaxView 2.2
"GOM Player" = GOM Player
"Google Desktop" = Google Desktop
"GPL Ghostscript 8.64" = GPL Ghostscript 8.64
"ie8" = Windows Internet Explorer 8
"ImgBurn" = ImgBurn
"Indeo® Software" = Indeo® Software
"InfraRecorder" = InfraRecorder
"InstallShield_{F03C6A7C-1EA1-4336-B889-6A779C28CB65}" = Logos Church Management
"KLiteCodecPack_is1" = K-Lite Mega Codec Pack 6.4.0
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Microsoft Security Client" = Microsoft Security Essentials
"Moo0 DiskCleaner" = Moo0 DiskCleaner 1.03
"Mozilla Firefox (3.6.12)" = Mozilla Firefox (3.6.12)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NET Bible for e-Sword (version 9.x)2.0" = NET Bible for e-Sword (version 9.x)
"Office14.PROPLUSR" = Microsoft Office Professional Plus 2010
"QuickBible - NASB 1.0" = QuickBible - NASB 1.0
"QuickTime" = QuickTime
"Rainbow Fish and the Big Ocean Party" = Rainbow Fish and the Big Ocean Party
"SeaMonkey (2.0.11)" = SeaMonkey (2.0.11)
"Shockwave" = Shockwave
"SyncBack_is1" = SyncBack
"SynTPDeinstKey" = Synaptics Pointing Device Driver
"Tweak UI 2.10" = Tweak UI
"VLC media player" = VLC media player 1.1.4
"Wdf01009" = Microsoft Kernel-Mode Driver Framework Feature Pack 1.9
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Works2001Setup" = Microsoft Works 2001 Setup Launcher
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Google Chrome" = Google Chrome

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 12/26/2010 10:03:46 AM | Computer Name = PAUL-NRCW396W1E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0x80070003, P2 moac, P3 cachereset, P4 3.0.8107.0,
P5 unspecified, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 12/29/2010 12:03:39 AM | Computer Name = PAUL-NRCW396W1E | Source = Windows Search Service | ID = 3013
Description = The entry <D:\MY DOCUMENTS\HISTORY US A\AOC AND CONSTITUTION\CONSTITUTION
READINGS.DOC> in the hash map cannot be updated. Context: Application, SystemIndex
Catalog Details: A device attached to the system is not functioning. (0x8007001f)


Error - 12/31/2010 3:08:09 PM | Computer Name = PAUL-NRCW396W1E | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.5512, faulting
module explorer.exe, version 6.0.2900.5512, fault address 0x000238f8.

Error - 12/31/2010 3:51:38 PM | Computer Name = PAUL-NRCW396W1E | Source = Windows Search Service | ID = 7040
Description = The search service has detected corrupted data files in the index.
The service will attempt to automatically correct this problem by rebuilding the
index. Context: Windows Application, SystemIndex Catalog Details: 0xc0041801 (0xc0041801)


Error - 12/31/2010 3:51:41 PM | Computer Name = PAUL-NRCW396W1E | Source = Windows Search Service | ID = 3029
Description = The plug-in in <Search.TripoliIndexer> cannot be initialized. Context:
Windows Application, SystemIndex Catalog Details: The content index cannot be read.
(0xc0041800)

Error - 12/31/2010 3:51:41 PM | Computer Name = PAUL-NRCW396W1E | Source = Windows Search Service | ID = 3028
Description = The gatherer object cannot be initialized. Context: Windows Application,
SystemIndex Catalog Details: The content index cannot be read. (0xc0041800)

Error - 12/31/2010 3:51:41 PM | Computer Name = PAUL-NRCW396W1E | Source = Windows Search Service | ID = 3058
Description = The application cannot be initialized. Context: Windows Application

Details:
The
content index cannot be read. (0xc0041800)

Error - 12/31/2010 6:48:08 PM | Computer Name = PAUL-NRCW396W1E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 0, P2 moaccapability, P3 3.0.8107.0, P4
1, P5 1, P6 unspecified, P7 unspecified, P8 NIL, P9 NIL, P10 NIL.

Error - 12/31/2010 7:05:18 PM | Computer Name = PAUL-NRCW396W1E | Source = Application Error | ID = 1000
Description = Faulting application safari.exe, version 5.33.19.4, faulting module
ntdll.dll, version 5.1.2600.5755, fault address 0x0001b21a.

Error - 1/1/2011 5:11:32 PM | Computer Name = PAUL-NRCW396W1E | Source = MPSampleSubmission | ID = 5000
Description = EventType mptelemetry, P1 80240022, P2 processdownloadresults, P3
download, P4 3.0.8107.0, P5 mpsigdwn.dll, P6 3.0.8107.0, P7 microsoft security essentials
(edb4fa23-53b8-4afa-8c5d-99752cca7094), P8 NIL, P9 NIL, P10 NIL.

[ System Events ]
Error - 12/31/2010 7:24:23 PM | Computer Name = PAUL-NRCW396W1E | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/31/2010 7:24:36 PM | Computer Name = PAUL-NRCW396W1E | Source = atapi | ID = 262153
Description = The device, \Device\Ide\IdePort0, did not respond within the timeout
period.

Error - 12/31/2010 11:08:28 PM | Computer Name = PAUL-NRCW396W1E | Source = Service Control Manager | ID = 7034
Description = The MBAMService service terminated unexpectedly. It has done this
1 time(s).

Error - 1/1/2011 2:12:53 PM | Computer Name = PAUL-NRCW396W1E | Source = Service Control Manager | ID = 7034
Description = The Dell Wireless WLAN Tray Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/1/2011 4:38:35 PM | Computer Name = PAUL-NRCW396W1E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 1/1/2011 4:38:58 PM | Computer Name = PAUL-NRCW396W1E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdPPM Fips MpFilter

Error - 1/1/2011 5:11:24 PM | Computer Name = PAUL-NRCW396W1E | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3003.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 1/1/2011 5:11:24 PM | Computer Name = PAUL-NRCW396W1E | Source = Microsoft Antimalware | ID = 2001
Description = %%860 has encountered an error trying to update signatures. New Signature
Version: Previous Signature Version: 1.95.3003.0 Update Source: %%859 Update Stage:
%%853 Source Path: http://www.microsoft.com Signature Type: %%800 Update Type: %%803

User:
NT AUTHORITY\SYSTEM Current Engine Version: Previous Engine Version: 1.1.6402.0 Error
code: 0x80240022 Error description: The program can't check for definition updates.


Error - 1/1/2011 6:10:10 PM | Computer Name = PAUL-NRCW396W1E | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
AmdPPM Fips MpFilter

Error - 1/1/2011 6:11:25 PM | Computer Name = PAUL-NRCW396W1E | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments " " in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}


< End of report >

 

Here is the OTL.txt file:


OTL logfile created on: 1/1/2011 3:12:53 PM - Run 1
OTL by OldTimer - Version 3.2.20.0 Folder = C:\Documents and Settings\Paul\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 72.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 88.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 29.30 Gb Total Space | 11.66 Gb Free Space | 39.81% Space Free | Partition Type: NTFS
Drive D: | 26.58 Gb Total Space | 9.49 Gb Free Space | 35.71% Space Free | Partition Type: NTFS

Computer Name: PAUL-NRCW396W1E | User Name: Paul | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/01/01 15:11:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
PRC - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe
PRC - [2010/12/20 18:08:56 | 000,443,728 | ---- | M] (Malwarebytes Corporation) -- C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe
PRC - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2008/04/13 16:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (SafeList) ==========

MOD - [2011/01/01 15:11:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
MOD - [2010/08/23 08:12:02 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.6028_x-ww_61e65202\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Auto | Stopped] -- C:\ComboFix\PEV.cfx -- (PEVSystemStart)
SRV - File not found [On_Demand | Stopped] -- C:\WINDOWS\System32\appmgmts.dll -- (AppMgmt)
SRV - [2010/12/30 19:04:52 | 000,030,192 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe -- (GoogleDesktopManager-051210-111108)
SRV - [2010/12/20 18:08:58 | 000,363,344 | ---- | M] (Malwarebytes Corporation) [Auto | Running] -- C:\Program Files\Malwarebytes' Anti-Malware\mbamservice.exe -- (MBAMService)
SRV - [2010/11/11 12:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/03/25 09:25:22 | 030,969,208 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Microsoft Office\Office14\GROOVE.EXE -- (Microsoft SharePoint Workspace Audit Service)
SRV - [2004/10/22 02:24:18 | 000,073,728 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Roxio\Roxio MyDVD DE\InstallShield\Driver\1050\Intel 32\IDriverT.exe -- (IDriverT)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\DRIVERS\sxuptp.sys -- (sxuptp)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\WINDOWS\System32\Drivers\DlinkUDSMBus.sys -- (DlinkUDSMBus)
DRV - File not found [Kernel | On_Demand | Stopped] -- C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys -- (catchme)
DRV - [2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) [File_System | On_Demand | Running] -- C:\WINDOWS\system32\drivers\mbam.sys -- (MBAMProtector)
DRV - [2009/12/15 09:14:43 | 000,082,380 | ---- | M] (Oak Technology Inc.) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\AFS2K.SYS -- (AFS2K)
DRV - [2009/09/29 13:06:46 | 000,040,560 | ---- | M] (Paragon Software Group) [Kernel | Boot | Running] -- C:\WINDOWS\system32\DRIVERS\hotcore3.sys -- (hotcore3)
DRV - [2009/08/28 09:33:50 | 000,228,784 | ---- | M] (Synaptics Incorporated) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\SynTP.sys -- (SynTP)
DRV - [2009/06/26 16:21:02 | 001,956,352 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\VX3000.sys -- (VX3000)
DRV - [2009/01/13 23:14:01 | 003,455,488 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\ati2mtag.sys -- (ati2mtag)
DRV - [2008/04/13 09:45:12 | 000,060,032 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\USBAUDIO.sys -- (usbaudio) USB Audio Driver (WDM)
DRV - [2008/04/13 08:36:05 | 000,144,384 | ---- | M] (Windows (R) Server 2003 DDK provider) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\hdaudbus.sys -- (HDAudBus)
DRV - [2007/05/10 10:24:34 | 001,222,840 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2007/04/16 21:46:00 | 000,033,792 | ---- | M] (Advanced Micro Devices) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\AmdPPM.sys -- (AmdPPM)
DRV - [2007/03/16 18:10:56 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/11/21 04:25:44 | 000,045,568 | R--- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/11/15 00:16:24 | 000,032,256 | ---- | M] (REDC) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2006/04/10 09:46:36 | 000,018,560 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\PCASp50.sys -- (PCASp50)
DRV - [2006/03/27 15:02:06 | 000,074,752 | ---- | M] (Novatel Wireless Inc) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\NWADIenum.sys -- (NWADI)
DRV - [2005/07/22 11:02:12 | 001,035,008 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_DPV.sys -- (HSF_DPV)
DRV - [2005/07/22 11:01:08 | 000,201,600 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSFHWAZL.sys -- (HSFHWAZL)
DRV - [2005/07/22 11:01:00 | 000,717,952 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2004/04/19 15:01:00 | 000,006,656 | ---- | M] () [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\gflmouhid.sys -- (genmcmnUSB)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = 1A BC 81 80 5B A4 CB 01 [binary data]
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}:6.0.20
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}:6.0.21
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}:6.0.22
FF - prefs.js..extensions.enabledItems: jqs@sun.com:1.0
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}:6.0.23

FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/12/31 11:23:57 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.12\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/12/08 11:45:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Components: C:\Program Files\SeaMonkey\components [2010/12/17 22:25:27 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\SeaMonkey 2.0.11\extensions\\Plugins: C:\Program Files\SeaMonkey\plugins [2010/12/17 22:25:27 | 000,000,000 | ---D | M]

[2010/11/26 14:16:48 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions
[2010/11/20 21:17:50 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Extensions\{92650c4d-4b8e-4d2a-b7eb-24ecf4f6b63a}
[2010/12/31 11:24:24 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tmw6ygs5.default\extensions
[2010/12/19 15:41:49 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Paul\Application Data\Mozilla\Firefox\Profiles\tmw6ygs5.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/12/28 05:38:15 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Paul\Application Data\Mozilla\SeaMonkey\Profiles\zxfkukqc.default\extensions
[2010/11/22 13:10:50 | 000,000,000 | ---D | M] (Flashblock) -- C:\Documents and Settings\Paul\Application Data\Mozilla\SeaMonkey\Profiles\zxfkukqc.default\extensions\{3d7eb24f-2740-49df-8937-200b1cc08f8a}
[2010/11/22 13:10:51 | 000,000,000 | ---D | M] ( "SeaTab X ") -- C:\Documents and Settings\Paul\Application Data\Mozilla\SeaMonkey\Profiles\zxfkukqc.default\extensions\{e84f2cf7-7745-4be8-89d4-1549d97ca45c}
[2010/11/27 06:02:56 | 000,000,000 | ---D | M] (JavaScript Debugger) -- C:\Documents and Settings\Paul\Application Data\Mozilla\SeaMonkey\Profiles\zxfkukqc.default\extensions\{f13b157f-b174-47e7-a34d-4815ddfdfeb8}
[2010/11/27 06:02:56 | 000,000,000 | ---D | M] (DOM Inspector) -- C:\Documents and Settings\Paul\Application Data\Mozilla\SeaMonkey\Profiles\zxfkukqc.default\extensions\inspector@mozilla.org
[2010/12/29 04:10:54 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/15 14:09:23 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0020-ABCDEFFEDCBA}
[2010/10/03 21:20:44 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2010/11/09 17:13:26 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0022-ABCDEFFEDCBA}
[2010/12/24 12:48:29 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA}
[2010/04/15 14:09:04 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2010/11/12 18:53:06 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[1999/12/31 16:00:00 | 000,166,680 | ---- | M] (Tracker Software Products Ltd.) -- C:\Program Files\Mozilla Firefox\plugins\npPDFXCviewNPPlugin.dll

O1 HOSTS File: ([2002/09/03 08:34:19 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O2 - BHO: (Office Document Cache Handler) - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Copernic Desktop Search - Professional Toolbar) - {45CFEF3A-ADC2-4CC8-BF74-CD0B92908570} - C:\Program Files\Copernic Desktop Search - Pro\Toolbar\ToolbarContainer101000325.dll (Copernic Inc.)
O3 - HKLM\..\Toolbar: (no name) - {4A1C6093-14F9-44D7-860E-5D265CFCA9D9} - No CLSID value found.
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\Office14\EXCEL.EXE (Microsoft Corporation)
O8 - Extra context menu item: Se&nd to OneNote - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra 'Tools' menuitem : Encarta Encyclopedia - {2FDEF853-0759-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_ENC.HTM ()
O9 - Extra Button: Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra 'Tools' menuitem : Define - {5DA9DE80-097A-11D4-A92E-006097DBED37} - C:\Program Files\Common Files\Microsoft Shared\Reference 2001\A\ERS_DEF.HTM ()
O9 - Extra Button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll (Microsoft Corporation)
O9 - Extra Button: PDFill PDF Editor - {FB858B22-55E2-413f-87F5-30ADC5552151} - C:\Program Files\PlotSoft\PDFill\DownloadPDF.exe (PlotSoft LLC)
O15 - HKCU\..Trusted Domains: localhost ([]http in Local intranet)
O15 - HKCU\..Trusted Ranges: GD ([http] in Local intranet)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1260845174850 (WUWebControl Class)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-0016-0000-0023-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_23-windows-i586.cab (Java Plug-in 1.6.0_23)
O16 - DPF: {DE22A7AB-A739-4C58-AD52-21F9CD6306B7} http://download.microsoft.com/download/7/E/6/7E6A8567-DFE4-4624-87C3-163549BE2704/clearadj.cab (CTAdjust Class)
O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\System32\ati2evxx.dll (ATI Technologies Inc.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Paul\Application Data\FastStone\FSIV\FSViewerWallPaper.bmp
O28 - HKLM ShellExecuteHooks: {56F9679E-7826-4C84-81F3-532071A8BCC5} - C:\Program Files\Windows Desktop Search\MsnlNamespaceMgr.dll (Microsoft Corporation)
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 0
O32 - AutoRun File - [2009/12/14 18:38:48 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk /k *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: AppMgmt - C:\WINDOWS\System32\appmgmts.dll File not found
NetSvcs: Ias - File not found
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

Drivers32: msacm.ac3acm - C:\WINDOWS\System32\ac3acm.acm (fccHandler)
Drivers32: msacm.divxa32 - C:\WINDOWS\System32\msaud32_divx.acm (Microsoft Corporation)
Drivers32: msacm.iac2 - C:\WINDOWS\system32\iac25_32.ax (Ligos Corporation)
Drivers32: msacm.l3acm - C:\WINDOWS\System32\l3codeca.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.l3fhg - C:\WINDOWS\System32\mp3fhg.acm (Fraunhofer Institut Integrierte Schaltungen IIS)
Drivers32: msacm.sl_anet - C:\WINDOWS\System32\sl_anet.acm (Sipro Lab Telecom Inc.)
Drivers32: msacm.trspch - C:\WINDOWS\System32\tssoft32.acm (DSP GROUP, INC.)
Drivers32: MSVideo8 - C:\WINDOWS\System32\vfwwdm32.dll (Microsoft Corporation)
Drivers32: vidc.cvid - C:\WINDOWS\System32\iccvid.dll (Radius Inc.)
Drivers32: VIDC.FFDS - C:\WINDOWS\System32\ff_vfw.dll ()
Drivers32: vidc.iv31 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv32 - C:\WINDOWS\System32\ir32_32.dll (Ligos Corporation)
Drivers32: vidc.iv41 - C:\WINDOWS\System32\ir41_32.ax (Ligos Corporation)
Drivers32: vidc.iv50 - C:\WINDOWS\System32\ir50_32.dll (Ligos Corporation)
Drivers32: vidc.tscc - C:\WINDOWS\System32\tsccvid.dll (TechSmith Corporation)
Drivers32: VIDC.XVID - C:\WINDOWS\System32\xvidvfw.dll ()
Drivers32: VIDC.YV12 - C:\WINDOWS\System32\yv12vfw.dll (www.helixcommunity.org)
Drivers32: VIDC.YVU9 - C:\WINDOWS\System32\iyvu9_32.dll ()

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (16902109354000384)

========== Files/Folders - Created Within 30 Days ==========

[2011/01/01 15:11:24 | 000,602,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2011/01/01 14:27:55 | 002,277,376 | ---- | C] (Topala Software Solutions) -- C:\Documents and Settings\Paul\Desktop\siw.exe
[2011/01/01 13:04:40 | 127,353,979 | ---- | C] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\OTLPENet.exe
[2011/01/01 12:12:39 | 000,000,000 | --SD | C] -- C:\ComboFix
[2011/01/01 10:11:58 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/01/01 10:09:48 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/01/01 10:09:48 | 000,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/01/01 10:09:48 | 000,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/01/01 10:09:48 | 000,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/01/01 10:09:40 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/01/01 10:09:11 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/01/01 09:52:43 | 001,345,624 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul\Desktop\TDSSKiller.exe
[2010/12/31 14:53:16 | 000,446,464 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\TFC.exe
[2010/12/31 11:24:32 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Copernic
[2010/12/31 00:32:31 | 000,000,000 | ---D | C] -- C:\Program Files\Copernic Desktop Search - Pro
[2010/12/31 00:31:31 | 009,143,320 | ---- | C] (Copernic Inc.) -- C:\Documents and Settings\Paul\Desktop\CopernicDesktopSearch-Professional-EN-3.4.0.26.exe
[2010/12/30 17:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Copernic
[2010/12/30 17:14:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Copernic
[2010/12/28 21:32:57 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\Tariff Docs
[2010/12/26 06:03:06 | 000,000,000 | ---D | C] -- C:\Program Files\Microsoft Security Client
[2010/12/24 20:41:15 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Search
[2010/12/24 20:41:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Identities
[2010/12/24 20:41:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2010/12/23 23:05:39 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\New Folder
[2010/12/23 00:59:33 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Desktop\1815 Maps
[2010/12/21 21:15:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Malwarebytes
[2010/12/13 10:36:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\System Tools
[2010/12/08 14:53:21 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Start Menu\Programs\Natalie
[2010/12/08 11:45:49 | 000,086,016 | ---- | C] (MindVision) -- C:\WINDOWS\unvise32qt.exe
[2010/12/08 11:45:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2010/12/08 11:44:35 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\QuickTime
[2010/12/08 11:44:29 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/12/08 11:43:10 | 000,000,000 | ---D | C] -- C:\Program Files\emme
[2010/12/05 19:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Apple Computer
[2010/12/05 19:24:26 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Application Data\Apple Computer
[2010/12/05 19:24:05 | 000,000,000 | ---D | C] -- C:\Program Files\Safari
[2010/12/05 19:24:05 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2010/12/05 19:23:32 | 000,000,000 | ---D | C] -- C:\Program Files\Common Files\Apple
[2010/12/05 19:23:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Paul\Local Settings\Application Data\Apple
[2010/12/05 19:23:13 | 000,000,000 | ---D | C] -- C:\Program Files\Apple Software Update
[2010/12/05 19:23:13 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple
[2 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Paul\Desktop\*.tmp files -> C:\Documents and Settings\Paul\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/01/01 15:11:40 | 000,000,666 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\siw_init.xml
[2011/01/01 15:11:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2011/01/01 14:45:50 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2011/01/01 14:43:01 | 000,000,974 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2147006213-682003330-1004UA.job
[2011/01/01 14:38:39 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\RKUnhookerLE.EXE
[2011/01/01 14:33:26 | 000,002,485 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Gmail.lnk
[2011/01/01 14:29:31 | 000,466,212 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/01/01 14:29:31 | 000,079,770 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/01/01 14:29:25 | 002,034,788 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\ScreenShot09.tif
[2011/01/01 14:28:24 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/01/01 14:28:03 | 002,277,376 | ---- | M] (Topala Software Solutions) -- C:\Documents and Settings\Paul\Desktop\siw.exe
[2011/01/01 14:24:04 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/01/01 14:05:08 | 004,012,260 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Paul.exe
[2011/01/01 13:11:07 | 127,353,979 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\OTLPENet.exe
[2011/01/01 13:05:33 | 000,002,519 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Microsoft Word 2010.lnk
[2011/01/01 12:40:17 | 000,780,283 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\rkill.com
[2011/01/01 12:19:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2011/01/01 11:17:16 | 000,026,624 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Reagan Doctrine.doc
[2011/01/01 11:02:59 | 000,087,796 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Economic Optimism_ Yes, I’ll Take That Bet - Findings - NYTimes.pdf
[2011/01/01 10:08:30 | 000,034,304 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Please download ComboFix from.doc
[2011/01/01 09:52:18 | 001,232,020 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\tdsskiller.zip
[2011/01/01 09:28:09 | 002,787,328 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\dft32_v416_b00.iso
[2011/01/01 07:58:14 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\WWI Casualties.doc
[2011/01/01 07:55:39 | 000,000,162 | -H-- | M] () -- C:\Documents and Settings\Paul\Desktop\~$I Casualties.doc
[2011/01/01 07:00:47 | 001,679,360 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Woodrow Wilson.ppt
[2010/12/31 21:43:00 | 000,000,922 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-73586283-2147006213-682003330-1004Core.job
[2010/12/31 21:42:36 | 000,212,038 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\taylor_map.jpg
[2010/12/31 19:30:28 | 000,164,903 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\woodrow-wilson.jpg
[2010/12/31 19:26:03 | 000,163,909 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\The_Gap_in_the_Bridge.gif
[2010/12/31 19:25:01 | 000,274,529 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\The-league-of-nations.jpg
[2010/12/31 16:09:10 | 000,624,128 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\dds.scr
[2010/12/31 16:08:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\MBRCheck.exe
[2010/12/31 16:06:07 | 000,062,464 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\GMER 1.doc
[2010/12/31 14:58:11 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\154nruub.exe
[2010/12/31 14:53:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\TFC.exe
[2010/12/30 13:35:14 | 000,415,095 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\3296842855_42c2ce0948_b.jpg
[2010/12/30 13:35:00 | 000,133,309 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\3296842855_42c2ce0948.jpg
[2010/12/30 13:34:40 | 000,020,606 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\hb-standoff.jpg
[2010/12/30 13:34:17 | 000,077,098 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\MexicanStandoff.jpg
[2010/12/30 10:00:31 | 000,115,358 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\College Degree Inflation.pdf
[2010/12/29 16:48:09 | 000,016,816 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\tweety-bird.jpg
[2010/12/29 10:09:10 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Sun Bowl.doc
[2010/12/29 04:50:28 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Lippmann.doc
[2010/12/29 04:43:43 | 000,043,520 | ---- | M] () -- D:\My Documents\Pronunciation Key.xls
[2010/12/29 04:12:34 | 012,408,757 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\The_truth_about_the_Treaty.pdf
[2010/12/29 04:07:21 | 000,083,545 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\KenanGOP Won Cold War.pdf
[2010/12/28 18:21:00 | 000,116,224 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Kennan's course.doc
[2010/12/28 16:15:36 | 000,023,552 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\call target for epipen, aaa batteries; small *****.doc
[2010/12/28 13:35:23 | 000,021,317 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Critique of Containment.pdf
[2010/12/27 22:09:47 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\10 files in new folder
[2010/12/27 22:09:19 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\50 emails in inbox
[2010/12/27 22:09:06 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\fix natalie's art kit
[2010/12/27 18:44:41 | 000,000,000 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\call Tracy Marsh
[2010/12/27 18:21:30 | 000,024,064 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Looking at a map of the German Confederation.doc
[2010/12/27 17:17:07 | 000,063,174 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Three.jpg
[2010/12/27 15:26:02 | 000,026,112 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Notes from Millenium.doc
[2010/12/26 06:04:28 | 000,001,945 | ---- | M] () -- C:\WINDOWS\epplauncher.mif
[2010/12/25 09:47:44 | 000,046,080 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Louis XIV.doc
[2010/12/25 07:24:40 | 122,811,025 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\A_cyclopedia_of_commerce_and_commercial.pdf
[2010/12/24 23:37:52 | 000,436,552 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2010/12/24 23:17:00 | 001,427,952 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Colbert1666.jpg
[2010/12/24 20:48:46 | 000,033,280 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Alphabet.doc
[2010/12/24 20:40:33 | 000,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2010/12/24 19:57:17 | 000,014,621 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Louis XIV and the Creation of the French nation.docx
[2010/12/23 23:24:52 | 000,085,856 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Berlin_Conference_1878.jpg
[2010/12/23 23:19:47 | 002,086,877 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Berlinkongressen_1878,_Nordisk_familjebok.png
[2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2010/12/20 18:08:40 | 000,020,952 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul\Desktop\TDSSKiller.exe
[2010/12/12 04:29:51 | 000,097,384 | -H-- | M] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/12/12 04:29:39 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/12/11 14:58:52 | 000,063,809 | ---- | M] () -- D:\My Documents\1-100 Chart.pdf
[2010/12/08 11:45:48 | 000,028,672 | ---- | M] () -- C:\WINDOWS\System32\qttask.exe
[2010/12/08 11:44:46 | 000,000,361 | ---- | M] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010/12/03 20:13:06 | 000,025,088 | ---- | M] () -- D:\My Documents\Politics of Appeasing Hitler.doc
[2 D:\My Documents\*.tmp files -> D:\My Documents\*.tmp -> ]
[1 C:\Documents and Settings\Paul\Desktop\*.tmp files -> C:\Documents and Settings\Paul\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/01/01 15:11:40 | 000,000,666 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\siw_init.xml
[2011/01/01 14:38:38 | 000,133,632 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\RKUnhookerLE.EXE
[2011/01/01 14:29:25 | 002,034,788 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\ScreenShot09.tif
[2011/01/01 14:05:07 | 004,012,260 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Paul.exe
[2011/01/01 12:40:14 | 000,780,283 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\rkill.com
[2011/01/01 11:17:16 | 000,026,624 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Reagan Doctrine.doc
[2011/01/01 11:02:57 | 000,087,796 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Economic Optimism_ Yes, I’ll Take That Bet - Findings - NYTimes.pdf
[2011/01/01 10:12:05 | 000,000,211 | ---- | C] () -- C:\Boot.bak
[2011/01/01 10:12:01 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/01/01 10:09:48 | 000,256,512 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/01/01 10:09:48 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/01/01 10:09:48 | 000,089,088 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/01/01 10:09:48 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/01/01 10:09:48 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/01/01 10:08:29 | 000,034,304 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Please download ComboFix from.doc
[2011/01/01 09:52:17 | 001,232,020 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\tdsskiller.zip
[2011/01/01 09:28:07 | 002,787,328 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\dft32_v416_b00.iso
[2011/01/01 07:55:39 | 000,000,162 | -H-- | C] () -- C:\Documents and Settings\Paul\Desktop\~$I Casualties.doc
[2011/01/01 07:55:38 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\WWI Casualties.doc
[2010/12/31 21:42:36 | 000,212,038 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\taylor_map.jpg
[2010/12/31 19:30:28 | 000,164,903 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\woodrow-wilson.jpg
[2010/12/31 19:26:03 | 000,163,909 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\The_Gap_in_the_Bridge.gif
[2010/12/31 19:25:01 | 000,274,529 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\The-league-of-nations.jpg
[2010/12/31 16:09:06 | 000,624,128 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\dds.scr
[2010/12/31 16:08:26 | 000,080,384 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\MBRCheck.exe
[2010/12/31 16:06:06 | 000,062,464 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\GMER 1.doc
[2010/12/31 14:58:08 | 000,296,448 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\154nruub.exe
[2010/12/31 00:31:31 | 001,421,422 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\CDS-QuickStart-Guide.pdf
[2010/12/30 13:35:14 | 000,415,095 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\3296842855_42c2ce0948_b.jpg
[2010/12/30 13:35:00 | 000,133,309 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\3296842855_42c2ce0948.jpg
[2010/12/30 13:34:40 | 000,020,606 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\hb-standoff.jpg
[2010/12/30 13:34:17 | 000,077,098 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\MexicanStandoff.jpg
[2010/12/30 13:19:37 | 001,679,360 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Woodrow Wilson.ppt
[2010/12/30 10:00:29 | 000,115,358 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\College Degree Inflation.pdf
[2010/12/29 16:48:09 | 000,016,816 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\tweety-bird.jpg
[2010/12/29 10:06:50 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Sun Bowl.doc
[2010/12/29 04:12:27 | 012,408,757 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\The_truth_about_the_Treaty.pdf
[2010/12/29 04:07:20 | 000,083,545 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\KenanGOP Won Cold War.pdf
[2010/12/28 19:08:19 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Lippmann.doc
[2010/12/28 13:35:23 | 000,021,317 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Critique of Containment.pdf
[2010/12/28 13:33:55 | 000,116,224 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Kennan's course.doc
[2010/12/27 22:09:47 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\10 files in new folder
[2010/12/27 22:09:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\fix natalie's art kit
[2010/12/27 22:09:06 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\50 emails in inbox
[2010/12/27 18:44:41 | 000,000,000 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\call Tracy Marsh
[2010/12/27 18:21:30 | 000,024,064 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Looking at a map of the German Confederation.doc
[2010/12/27 18:13:40 | 000,023,552 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\call target for epipen, aaa batteries; small *****.doc
[2010/12/27 17:17:07 | 000,063,174 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Three.jpg
[2010/12/26 21:08:39 | 000,026,112 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Notes from Millenium.doc
[2010/12/26 06:04:28 | 000,001,945 | ---- | C] () -- C:\WINDOWS\epplauncher.mif
[2010/12/25 09:47:25 | 000,046,080 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Louis XIV.doc
[2010/12/25 07:23:28 | 122,811,025 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\A_cyclopedia_of_commerce_and_commercial.pdf
[2010/12/24 23:16:55 | 001,427,952 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Colbert1666.jpg
[2010/12/24 20:48:45 | 000,033,280 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Alphabet.doc
[2010/12/24 19:57:17 | 000,014,621 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Louis XIV and the Creation of the French nation.docx
[2010/12/23 23:24:52 | 000,085,856 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Berlin_Conference_1878.jpg
[2010/12/23 23:19:47 | 002,086,877 | ---- | C] () -- C:\Documents and Settings\Paul\Desktop\Berlinkongressen_1878,_Nordisk_familjebok.png
[2010/12/12 04:29:39 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/12/12 04:29:39 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/12/11 14:58:51 | 000,063,809 | ---- | C] () -- D:\My Documents\1-100 Chart.pdf
[2010/12/08 11:45:48 | 000,028,672 | ---- | C] () -- C:\WINDOWS\System32\qttask.exe
[2010/12/08 11:44:45 | 000,000,361 | ---- | C] () -- C:\WINDOWS\System32\QuickTime.qtp
[2010/12/08 11:44:01 | 000,019,173 | ---- | C] () -- C:\WINDOWS\emmeUS.wri
[2010/11/25 06:56:05 | 000,106,496 | R--- | C] () -- C:\WINDOWS\System32\VSHP1018.DLL
[2010/11/20 21:47:23 | 000,029,696 | ---- | C] () -- C:\Documents and Settings\Paul\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2010/11/20 09:36:52 | 000,056,320 | ---- | C] () -- C:\WINDOWS\System32\iyvu9_32.dll
[2010/09/29 21:25:27 | 000,002,272 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/09/21 17:14:25 | 000,000,038 | ---- | C] () -- C:\WINDOWS\avisplitter.ini
[2010/09/21 17:14:20 | 000,790,528 | ---- | C] () -- C:\WINDOWS\System32\xvidcore.dll
[2010/09/21 17:14:20 | 000,134,144 | ---- | C] () -- C:\WINDOWS\System32\xvidvfw.dll
[2010/09/21 17:14:19 | 000,108,032 | ---- | C] () -- C:\WINDOWS\System32\ff_vfw.dll
[2010/09/01 15:26:42 | 000,087,552 | ---- | C] () -- C:\WINDOWS\System32\cpwmon2k.dll
[2010/06/03 17:31:57 | 000,176,235 | ---- | C] () -- C:\WINDOWS\System32\Primomonnt.dll
[2010/05/08 19:59:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\CR.ini
[2010/05/05 18:58:55 | 000,000,091 | ---- | C] () -- C:\WINDOWS\CBP.INI
[2010/04/17 08:10:01 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2010/04/02 07:34:51 | 000,000,165 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2010/02/18 14:30:29 | 000,000,037 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2010/02/12 17:16:53 | 000,002,828 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2010/02/12 17:16:53 | 000,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\888E2F9FB6.sys
[2010/02/11 19:07:29 | 000,001,890 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/02/11 19:07:29 | 000,000,056 | RHS- | C] () -- C:\WINDOWS\System32\B69F2F8E88.sys
[2010/02/03 21:54:05 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/12/22 07:51:28 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2009/12/22 07:51:25 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2009/12/16 20:56:45 | 000,000,214 | ---- | C] () -- C:\WINDOWS\HP_48BitScanUpdatePatch.ini
[2009/12/15 00:45:09 | 000,165,376 | ---- | C] () -- C:\WINDOWS\System32\unrar.dll
[2009/12/14 10:29:36 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2009/06/26 16:21:02 | 000,015,498 | ---- | C] () -- C:\WINDOWS\VX3000.ini
[2008/01/15 04:31:00 | 000,000,530 | ---- | C] () -- C:\WINDOWS\System32\tx14_ic.ini
[2007/09/27 10:51:02 | 000,020,698 | ---- | C] () -- C:\WINDOWS\System32\idxcntrs.ini
[2007/09/27 10:48:48 | 000,030,628 | ---- | C] () -- C:\WINDOWS\System32\gsrvctr.ini
[2007/09/27 10:48:28 | 000,031,698 | ---- | C] () -- C:\WINDOWS\System32\gthrctr.ini
[2006/11/29 11:08:27 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/09/20 22:02:32 | 000,520,192 | ---- | C] () -- C:\WINDOWS\System32\CddbPlaylist2Roxio.dll
[2006/09/20 22:02:32 | 000,204,800 | ---- | C] () -- C:\WINDOWS\System32\CddbFileTaggerRoxio.dll
[2004/04/19 15:01:00 | 000,006,656 | ---- | C] () -- C:\WINDOWS\System32\drivers\gflmouhid.sys
[2000/07/07 13:49:30 | 000,069,120 | ---- | C] () -- C:\WINDOWS\System32\LTDLL.DLL
[2000/03/25 18:00:00 | 000,030,208 | ---- | C] () -- C:\WINDOWS\System32\clcd32.dll
[1999/09/20 12:43:10 | 000,006,784 | ---- | C] () -- C:\WINDOWS\System32\clcd16.dll
[1999/03/09 23:23:00 | 000,222,928 | ---- | C] () -- C:\WINDOWS\System32\lobas09.dll
[1998/01/13 11:52:30 | 000,047,104 | ---- | C] () -- C:\WINDOWS\System32\lotrn13.dll
[1997/11/13 23:23:00 | 000,031,008 | ---- | C] () -- C:\WINDOWS\System32\ivtrn09.dll
[1994/07/25 01:23:00 | 000,014,928 | ---- | C] () -- C:\WINDOWS\System32\wingen.drv

========== LOP Check ==========

[2010/11/21 21:13:36 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\backup
[2010/02/25 20:32:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Borland
[2010/12/31 11:24:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Copernic
[2010/01/12 15:02:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\createpart
[2010/01/12 14:53:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\explauncher
[2010/01/12 14:53:35 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\launcher
[2010/07/05 22:00:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Masters ITC
[2010/04/01 17:27:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\mergeparts
[2010/03/07 19:41:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSScanAppDataDir
[2010/07/22 18:44:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Nitro PDF
[2010/02/25 07:59:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Novatel Wireless
[2009/12/15 09:51:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlotSoft
[2010/01/12 14:53:47 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\redistpart
[2010/03/07 19:42:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SSScanAppDataDir
[2010/06/17 15:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/11/23 09:52:12 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2010/05/20 15:16:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\VirtualizedApplications
[2010/01/16 21:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WORDsearch
[2010/11/30 22:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Auslogics
[2010/11/20 22:33:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Contaware
[2010/12/30 17:14:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Copernic
[2010/11/22 16:55:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\ImgBurn
[2010/11/27 08:25:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\KompoZer
[2010/11/27 08:14:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\kompozer.net
[2010/11/27 10:56:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Nitro PDF
[2010/11/22 17:16:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\OpenOffice.org
[2010/12/24 20:41:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Desktop Search
[2010/12/24 20:41:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Paul\Application Data\Windows Search

========== Purity Check ==========

 

Here is the OTL.txt file, part 2 (it was too long to include in one post):


========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2009/12/14 18:38:48 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/11/21 06:16:37 | 000,000,211 | ---- | M] () -- C:\Boot.bak
[2011/01/01 12:19:08 | 000,000,327 | RHS- | M] () -- C:\boot.ini
[2004/08/03 23:00:00 | 000,260,272 | RHS- | M] () -- C:\cmldr
[2009/12/14 18:38:48 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2010/06/30 15:39:41 | 000,000,383 | ---- | M] () -- C:\config.xml
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1028.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1031.txt
[2007/11/07 08:00:40 | 000,010,134 | ---- | M] () -- C:\eula.1033.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1036.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1040.txt
[2007/11/07 08:00:40 | 000,000,118 | ---- | M] () -- C:\eula.1041.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.1042.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.2052.txt
[2007/11/07 08:00:40 | 000,017,734 | ---- | M] () -- C:\eula.3082.txt
[2007/11/07 08:00:40 | 000,001,110 | ---- | M] () -- C:\globdata.ini
[2007/11/07 08:03:18 | 000,562,688 | ---- | M] (Microsoft Corporation) -- C:\install.exe
[2007/11/07 08:00:40 | 000,000,843 | ---- | M] () -- C:\install.ini
[2007/11/07 08:03:18 | 000,076,304 | ---- | M] (Microsoft Corporation) -- C:\install.res.1028.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.1031.dll
[2007/11/07 08:03:18 | 000,091,152 | ---- | M] (Microsoft Corporation) -- C:\install.res.1033.dll
[2007/11/07 08:03:18 | 000,097,296 | ---- | M] (Microsoft Corporation) -- C:\install.res.1036.dll
[2007/11/07 08:03:18 | 000,095,248 | ---- | M] (Microsoft Corporation) -- C:\install.res.1040.dll
[2007/11/07 08:03:18 | 000,081,424 | ---- | M] (Microsoft Corporation) -- C:\install.res.1041.dll
[2007/11/07 08:03:18 | 000,079,888 | ---- | M] (Microsoft Corporation) -- C:\install.res.1042.dll
[2007/11/07 08:03:18 | 000,075,792 | ---- | M] (Microsoft Corporation) -- C:\install.res.2052.dll
[2007/11/07 08:03:18 | 000,096,272 | ---- | M] (Microsoft Corporation) -- C:\install.res.3082.dll
[2009/12/14 18:38:48 | 000,000,000 | RHS- | M] () -- C:\IO.SYS
[2009/12/14 18:38:48 | 000,000,000 | RHS- | M] () -- C:\MSDOS.SYS
[2009/12/14 18:59:03 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2009/12/14 19:26:33 | 000,250,048 | RHS- | M] () -- C:\ntldr
[2011/01/01 10:35:05 | 000,077,460 | ---- | M] () -- C:\OTL.Txt
[2011/01/01 14:23:57 | 2145,386,496 | -HS- | M] () -- C:\pagefile.sys
[2010/02/26 10:51:04 | 000,000,170 | ---- | M] () -- C:\setup.log
[2011/01/01 09:53:22 | 000,038,168 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_01.01.2011_09.52.49_log.txt
[2011/01/01 09:54:42 | 000,038,168 | ---- | M] () -- C:\TDSSKiller.2.4.12.0_01.01.2011_09.54.02_log.txt
[2007/11/07 08:00:40 | 000,005,686 | ---- | M] () -- C:\vcredist.bmp
[2007/11/07 08:09:22 | 001,442,522 | ---- | M] () -- C:\VC_RED.cab
[2007/11/07 08:12:28 | 000,232,960 | ---- | M] () -- C:\VC_RED.MSI

< %systemroot%\Fonts\*.com >
[2006/04/18 15:39:28 | 000,026,040 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont
[2006/06/29 14:53:56 | 000,026,489 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont
[2006/04/18 15:39:28 | 000,029,779 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont
[2006/06/29 14:58:52 | 000,030,808 | ---- | M] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont

< %systemroot%\Fonts\*.dll >

< %systemroot%\Fonts\*.ini >
[2009/12/14 18:38:27 | 000,000,067 | -HS- | M] () -- C:\WINDOWS\Fonts\desktop.ini

< %systemroot%\Fonts\*.ini2 >

< %systemroot%\Fonts\*.exe >

< %systemroot%\system32\spool\prtprocs\w32x86\*.* >
[2008/07/06 04:06:10 | 000,089,088 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\filterpipelineprintproc.dll
[2006/07/28 09:00:00 | 000,049,152 | R--- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\IMFPRINT.DLL
[2007/04/09 13:23:54 | 000,028,552 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\mdippr.dll
[2006/10/26 19:56:12 | 000,033,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\msonpppr.dll
[2008/07/06 02:50:03 | 000,597,504 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\printfilterpipelinesvc.exe
[2007/12/10 08:00:00 | 000,057,344 | ---- | M] (Zenographics, Inc.) -- C:\WINDOWS\system32\spool\prtprocs\w32x86\ZIMFPRNT.DLL

< %systemroot%\REPAIR\*.bak1 >

< %systemroot%\REPAIR\*.ini >

< %systemroot%\system32\*.jpg >

< %systemroot%\*.jpg >

< %systemroot%\*.png >

< %systemroot%\*.scr >

< %systemroot%\*._sy >

< %APPDATA%\Adobe\Update\*.* >

< %ALLUSERSPROFILE%\Favorites\*.* >

< %APPDATA%\Microsoft\*.* >

< %PROGRAMFILES%\*.* >

< %APPDATA%\Update\*.* >

< %systemroot%\*. /mp /s >

< %systemroot%\System32\config\*.sav >
[2009/12/14 10:27:10 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2009/12/14 10:27:10 | 000,602,112 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2009/12/14 10:27:09 | 000,417,792 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %PROGRAMFILES%\bak. /s >

< %systemroot%\system32\bak. /s >

< %ALLUSERSPROFILE%\Start Menu\*.lnk /x >
[2009/12/14 19:30:49 | 000,000,272 | -HS- | M] () -- C:\Documents and Settings\All Users\Start Menu\desktop.ini

< %systemroot%\system32\config\systemprofile\*.dat /x >

< %systemroot%\*.config >

< %systemroot%\system32\*.db >

< %APPDATA%\Microsoft\Internet Explorer\Quick Launch\*.lnk /x >
[2010/11/20 21:14:38 | 000,000,060 | -HS- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\desktop.ini
[2010/11/20 21:14:38 | 000,000,079 | ---- | M] () -- C:\Documents and Settings\Paul\Application Data\Microsoft\Internet Explorer\Quick Launch\Show Desktop.scf

< %USERPROFILE%\Desktop\*.exe >
[2010/12/31 14:58:11 | 000,296,448 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\154nruub.exe
[2010/09/07 15:52:16 | 009,143,320 | ---- | M] (Copernic Inc.) -- C:\Documents and Settings\Paul\Desktop\CopernicDesktopSearch-Professional-EN-3.4.0.26.exe
[2010/12/30 19:04:40 | 002,014,704 | ---- | M] (Google) -- C:\Documents and Settings\Paul\Desktop\GoogleDesktopSetup.exe
[2010/12/31 16:08:26 | 000,080,384 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\MBRCheck.exe
[2011/01/01 15:11:26 | 000,602,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\OTL.exe
[2011/01/01 13:11:07 | 127,353,979 | ---- | M] (Igor Pavlov) -- C:\Documents and Settings\Paul\Desktop\OTLPENet.exe
[2011/01/01 14:05:08 | 004,012,260 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\Paul.exe
[2011/01/01 14:38:39 | 000,133,632 | ---- | M] () -- C:\Documents and Settings\Paul\Desktop\RKUnhookerLE.EXE
[2011/01/01 14:28:03 | 002,277,376 | ---- | M] (Topala Software Solutions) -- C:\Documents and Settings\Paul\Desktop\siw.exe
[2010/12/16 09:47:52 | 001,345,624 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Paul\Desktop\TDSSKiller.exe
[2010/12/31 14:53:18 | 000,446,464 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Paul\Desktop\TFC.exe
[1 C:\Documents and Settings\Paul\Desktop\*.tmp files -> C:\Documents and Settings\Paul\Desktop\*.tmp -> ]

< %PROGRAMFILES%\Common Files\*.* >

< %systemroot%\*.src >
[2009/06/26 16:21:02 | 000,013,023 | ---- | M] () -- C:\WINDOWS\VX3000.src

< %systemroot%\install\*.* >

< %systemroot%\system32\DLL\*.* >

< %systemroot%\system32\HelpFiles\*.* >

< %systemroot%\system32\rundll\*.* >

< %systemroot%\winn32\*.* >

< %systemroot%\Java\*.* >

< %systemroot%\system32\test\*.* >

< %systemroot%\system32\Rundll32\*.* >

< %systemroot%\AppPatch\Custom\*.* >

< %APPDATA%\Roaming\Microsoft\Windows\Recent\*.lnk /x >

< %PROGRAMFILES%\PC-Doctor\Downloads\*.* >

< %PROGRAMFILES%\Internet Explorer\*.tmp >

< %PROGRAMFILES%\Internet Explorer\*.dat >

< %USERPROFILE%\My Documents\*.exe >

< %USERPROFILE%\*.exe >

< %systemroot%\ADDINS\*.* >
[2002/09/03 08:33:22 | 000,000,791 | ---- | M] () -- C:\WINDOWS\addins\fxsext.ecf

< %systemroot%\assembly\*.bak2 >

< %systemroot%\Config\*.* >

< %systemroot%\REPAIR\*.bak2 >

< %systemroot%\SECURITY\Database\*.sdb /x >

< %systemroot%\SYSTEM\*.bak2 >

< %systemroot%\Web\*.bak2 >

< %systemroot%\Driver Cache\*.* >

< %PROGRAMFILES%\Mozilla Firefox\0*.exe >

< %ProgramFiles%\Microsoft Common\*.* >

< %ProgramFiles%\TinyProxy. >

< %USERPROFILE%\Favorites\*.url /x >
[2010/11/20 21:14:38 | 000,000,122 | -HS- | M] () -- C:\Documents and Settings\Paul\Favorites\Desktop.ini

< %systemroot%\system32\*.bk >

< %systemroot%\*.te >

< %systemroot%\system32\system32\*.* >

< %ALLUSERSPROFILE%\*.dat /x >

< %systemroot%\system32\drivers\*.rmv >

< dir /b "%systemroot%\system32\*.exe" | find /i " " /c >
Clifford Uninstall.exe

< dir /b "%systemroot%\*.exe" | find /i " " /c >

< %PROGRAMFILES%\Microsoft\*.* >

< %systemroot%\System32\Wbem\proquota.exe >

< %PROGRAMFILES%\Mozilla Firefox\*.dat >

< %USERPROFILE%\Cookies\*.txt /x >
[2011/01/01 14:45:45 | 000,032,768 | ---- | M] () -- C:\Documents and Settings\Paul\Cookies\index.dat

< %SystemRoot%\system32\fonts\*.* >

< %systemroot%\system32\winlog\*.* >

< %systemroot%\system32\Language\*.* >

< %systemroot%\system32\Settings\*.* >

< %systemroot%\system32\*.quo >

< %SYSTEMROOT%\AppPatch\*.exe >

< %SYSTEMROOT%\inf\*.exe >
[2007/06/26 22:10:26 | 000,317,440 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\inf\unregmp2.exe

< %SYSTEMROOT%\Installer\*.exe >

< %systemroot%\system32\config\*.bak2 >

< %systemroot%\system32\Computers\*.* >

< %SystemRoot%\system32\Sound\*.* >

< %SystemRoot%\system32\SpecialImg\*.* >

< %SystemRoot%\system32\code\*.* >

< %SystemRoot%\system32\draft\*.* >

< %SystemRoot%\system32\MSSSys\*.* >

< %ProgramFiles%\Javascript\*.* >

< %systemroot%\pchealth\helpctr\System\*.exe /s >

< %systemroot%\Web\*.exe >

< %systemroot%\system32\msn\*.* >

< %systemroot%\system32\*.tro >

< %AppData%\Microsoft\Installer\msupdates\*.* >

< %ProgramFiles%\Messenger\*.* >
[2008/04/13 16:11:51 | 000,033,792 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\custsat.dll
[2002/09/03 08:39:47 | 000,004,821 | ---- | M] () -- C:\Program Files\Messenger\logowin.gif
[2002/08/20 12:32:18 | 000,007,047 | ---- | M] () -- C:\Program Files\Messenger\lvback.gif
[2002/08/20 12:32:22 | 000,000,807 | ---- | M] () -- C:\Program Files\Messenger\mailtmpl.txt
[2008/05/02 06:01:49 | 000,083,968 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgsc.dll
[2008/04/13 09:30:28 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msgslang.dll
[2008/04/13 16:12:28 | 001,695,232 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
[2002/08/20 15:08:38 | 000,069,663 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgsin.exe
[2002/09/03 08:49:05 | 000,002,882 | ---- | M] () -- C:\Program Files\Messenger\newalert.wav
[2002/09/03 08:49:07 | 000,006,156 | ---- | M] () -- C:\Program Files\Messenger\newemail.wav
[2002/09/03 08:51:10 | 000,006,160 | ---- | M] () -- C:\Program Files\Messenger\online.wav
[2002/08/20 12:32:20 | 000,004,454 | ---- | M] () -- C:\Program Files\Messenger\type.wav
[2004/07/17 11:41:06 | 000,115,981 | ---- | M] () -- C:\Program Files\Messenger\xpmsgr.chm

< %systemroot%\system32\systhem32\*.* >

< %systemroot%\system\*.exe >

< HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\Windows\WindowsUpdate\AU >

< HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\ Auto Update\Results\Install|LastSuccessTime /rs >


========== Alternate Data Streams ==========

@Alternate Data Stream - 76 bytes -> D:\My Documents\oilprice1947.gif:Roxio EMC Stream
@Alternate Data Stream - 167 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EEDA5B17
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE

< End of report >

 

No I'm sure its NOT working properly. the windows start menu can't find it in the Program Files directory--I sure as heck didn't uninstall that.

I'll get on the other stuff right away.

 

The newest OTL log:


All processes killed
========== OTL ==========
Service PEVSystemStart stopped successfully!
Service PEVSystemStart deleted successfully!
File C:\ComboFix\PEV.cfx not found.
Service catchme stopped successfully!
Service catchme deleted successfully!
File C:\DOCUME~1\Paul\LOCALS~1\Temp\catchme.sys not found.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{4A1C6093-14F9-44D7-860E-5D265CFCA9D9} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{4A1C6093-14F9-44D7-860E-5D265CFCA9D9}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Ranges\GD\\http deleted successfully.
File Animation Java Classes file://C:\WINDOWS\Java\classes\dajava.cab not found.
Starting removal of ActiveX control DirectAnimation Java Classes
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\DirectAnimation Java Classes\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\DirectAnimation Java Classes\ not found.
File oft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab not found.
Starting removal of ActiveX control Microsoft XML Parser for Java
Registry error reading value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\DownloadInformation\\INF .
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Microsoft XML Parser for Java\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Microsoft XML Parser for Java\ not found.
D:\My Documents\~WRL0003.tmp deleted successfully.
D:\My Documents\~WRL1407.tmp deleted successfully.
C:\Documents and Settings\Paul\Desktop\~WRL1703.tmp deleted successfully.
C:\Documents and Settings\All Users\Application Data\888E2F9FB6.sys moved successfully.
C:\WINDOWS\system32\B69F2F8E88.sys moved successfully.
ADS D:\My Documents\oilprice1947.gif:Roxio EMC Stream deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:EEDA5B17 deleted successfully.
ADS C:\Documents and Settings\All Users\Application Data\TEMP:8CE646EE deleted successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
========== COMMANDS ==========

[EMPTYTEMP]

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 23698 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Paul
->Temp folder emptied: 930565912 bytes
->Temporary Internet Files folder emptied: 225684 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 96268757 bytes
->Apple Safari cache emptied: 14336 bytes
->Flash cache emptied: 343 bytes

User: Temp
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
%systemroot%\System32\dllcache .tmp files removed: 0 bytes
%systemroot%\System32\drivers .tmp files removed: 0 bytes
Windows Temp folder emptied: 65692 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 0 bytes
RecycleBin emptied: 8024520 bytes

Total Files Cleaned = 987.00 mb


[EMPTYFLASH]

User: All Users

User: Default User

User: LocalService

User: NetworkService

User: Paul
->Flash cache emptied: 0 bytes

User: Temp

Total Flash Files Cleaned = 0.00 mb


OTL by OldTimer - Version 3.2.20.0 log created on 01012011_155048

Files\Folders moved on Reboot...
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\OICE_D3FD5B35-DD1E-462B-B4F7-2B58DADB2032.0\9EEBB1BA. not found!
File\Folder C:\Documents and Settings\Paul\Local Settings\Temp\OICE_1B67EA77-FB1A-428C-9779-E763E01D897C.0\38162C3B. not found!
C:\WINDOWS\temp\Perflib_Perfdata_c64.dat moved successfully.

Registry entries deleted on Reboot...

 

Security Check log:

Results of screen317's Security Check version 0.99.7
Windows XP Service Pack 3
Internet Explorer 8
``````````````````````````````
Antivirus/Firewall Check:
Windows Firewall Enabled!
Microsoft Security Essentials
```````````````````````````````
Anti-malware/Other Utilities Check:
Malwarebytes' Anti-Malware
Moo0 DiskCleaner 1.03
Java(TM) 6 Update 23
Out of date Java installed!
Adobe Flash Player 10.1.53.64
Adobe Reader X
Mozilla Firefox (3.6.12) Firefox Out of Date!
````````````````````````````````
Process Check:
objlist.exe by Laurent
Windows Defender MSMpEng.exe
Malwarebytes' Anti-Malware mbamservice.exe
Malwarebytes' Anti-Malware mbamgui.exe
Microsoft Security Client Antimalware MsMpEng.exe
``````````End of Log````````````

 

ESET scan gave me no log--said there were no infected files.

OK I have a few questions. From a few posts at teh other antimalware website in your sig, I gather that you don't feel that Norton is any bettter at malware prevention than other programs.

I'm wondering--
(A) was this in fact a rootkit? Can you give me a specific name/id for the type I got?
(B) Rootkits are very hard for av programs to detect, correct?
(C) If so, then I shouldn't just ditch MSSE because it failed me, because other av programs would have done so as well--correct?

If so, I'll just reinstall MSSE; but I'd rather not set myself up by using an inferior product, so if there's a better av I'd rather use that one.

 

Will do, but just to clarify--do teh logs indicate that teh computer was clean all along--or that it was infected with something, and got cleaned up?

The reason being, that I first got into this thread b/c I was having problems with desktop search programs working, and I was actually (in a way) hoping that the problem was malware. I just did a Samsung HDD diagnostic on the hdd and it said that there were no errors, so I'm hoping that the problem has been taken care of....

 

I have MooDiskCleaner that I've used for several months. I take it that the temp file cleaner you gave me is better? Moo cleans out browser cache, recycle bin, and a few temp file locations as well as flash cookies.

 

Well after all this I reinstalled Google Desktop and it was then able to index all of my files. So we did something right!

Seriously--although I've occasionally had indexing problems before, I've never seen restore points like that refuse to work, and a major (security) app simply dissappear as well, so something was amok.