Solved LSASS.exe Application Error

Status
Not open for further replies.
"Windows XP Repair" is a fake.
Never, ever click on ANYTHING, you're not familiar with.
Ask first, do later.

Do nothing else, but only what I asked you to do.
Proceed with all scans.
Complete, as many, as you can.
If you need to do it from Safe Mode with Networking to have better control over your computer, do so.
 
At the very beginning of this topic, I clearly said:

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running tools or applying updates other than those I suggest.
  • Keep updating me regarding your computer behavior, good, or bad.
 
I cannot even get to my regular desktop. I will try on Safe mode.

I also went ahead and continued my download of Avira rescue control disk incase i may need that later.
 
im doing what you said. YOU told me to download Avira Rescue Disc. And im doing it on a seperate computer.
 
You're here:
And i rebooted my computer and it started up and went straight to my desktop.
Click to expand...
We're ready to do some fixes.

Then, you clicked on a fake (instead of asking me first) and a disaster happened.

Let me know, if Avira CD will fix you up.
 
Ran avira rescue CD and rebooted and now im getting blue screens on startup...

Technical Info

STOP: 0X0000007B (0xF8c92528, 0xc000000, 0x00000000, 0x00000000)
 
That error often happens when some infection is still present.

Same issue, if starting in Safe Mode?

If so, give OTLPE CD another shot.
 
Actually no.

Boot from it and give me fresh log (follow instructions from my reply #2).
 
OTL LOG PART 1

OTL logfile created on: 6/19/2011 11:44:26 PM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 302.00 Mb Available Physical Memory | 59.00% Memory free
462.00 Mb Paging File | 344.00 Mb Available in Paging File | 75.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 29.47 Gb Free Space | 41.24% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.78 Gb Free Space | 95.46% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/03/18 11:11:02 | 000,947,528 | -H-- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/25 18:46:28 | 000,908,056 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/11/25 18:46:25 | 000,297,752 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/06/27 19:24:34 | 000,467,028 | ---- | M] (Atheros) [Disabled] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 14:54:52 | 000,360,547 | -H-- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2004/03/18 19:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | On_Demand] -- -- (RimUsb)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (nielprt)
DRV - File not found [Kernel | On_Demand] -- -- (NielGfx)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2011/05/29 12:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/26 13:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/12/18 14:58:52 | 000,011,336 | -H-- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/07 07:24:56 | 000,401,016 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusbu.sys -- (PRESONUS_AUDIOBOX_USB)
DRV - [2009/12/07 07:24:56 | 000,040,568 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusba.sys -- (PRESONUS_AUDIOBOX_WDM)
DRV - [2009/12/07 07:24:56 | 000,031,864 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusbm.sys -- (PRESONUS_AUDIOBOX_MIDI)
DRV - [2009/11/25 18:47:24 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/25 18:47:23 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/25 18:47:23 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/03/18 19:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/01 19:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 06:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2007/12/14 07:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 15:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8592

IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.weatherstudio.com/?src_id=352
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\JESSY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ieaddons.com/en/students
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://m.www.yahoo.com/ [binary data]
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oovoostart.com/?cfg=2-201-0-33NUP&engine_id=1&provider_id=1&product_id=201&country=US
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]


FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\OpinionSquare


Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (a4c3abe4) - {EAABFF34-C018-1663-DAE5-EADDB0233338} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Lindsay_Dawedeit_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKU\Administrator.D9KV7191_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport-] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Lindsay_Dawedeit_ON_C..\Run: [bpbMHutRXor] C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe (Sysinternals)
O4 - HKU\Administrator.D9KV7191_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O4 - HKU\Administrator.D9KV7191_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\Guest_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O4 - HKU\JESSY_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.D9KV7191_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JESSY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
OTL LOG PART 2

========== Files/Folders - Created Within 30 Days ==========

[2011/06/19 18:28:27 | 000,000,000 | RH-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Recent
[2011/06/19 15:25:00 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Start Menu\Programs\Windows XP Repair
[2011/06/19 15:24:36 | 000,360,448 | -H-- | C] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\26074916.exe
[2011/06/19 15:14:32 | 000,444,416 | -H-- | C] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe
[2011/06/19 02:27:16 | 000,607,310 | RH-- | C] (Swearware) -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\dds.scr
[2011/06/19 02:08:10 | 000,039,984 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/06/19 02:08:10 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 02:01:58 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2011/06/19 01:55:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Malwarebytes
[2011/06/19 01:55:42 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/06/19 01:49:16 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Start Menu\Programs\Dell Inc
[2011/06/19 01:48:32 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\Deployment
[2011/06/19 01:42:14 | 000,000,000 | -H-D | C] -- C:\Program Files\SystemRequirementsLab
[2011/06/19 01:40:33 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2011/06/19 01:38:56 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Apple Computer
[2011/06/19 01:38:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Skype
[2011/06/19 01:38:11 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Atheros
[2011/06/19 01:26:06 | 000,135,168 | ---- | C] (Intel Corporation) -- C:\WINDOWS\System32\igfxres.dll
[2011/06/18 18:03:13 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/11 19:01:53 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\WinRAR
[2011/06/11 05:10:02 | 000,000,000 | -H-D | C] -- C:\Program Files\DBO_CT_TW
[2011/06/11 05:09:52 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\DragonBall Online
[2011/06/11 01:09:54 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\uTorrent
[2011/06/11 00:45:51 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Sun
[2011/06/10 23:07:45 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Macromedia
[2011/06/10 22:58:36 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\Adobe
[2011/05/26 14:47:49 | 000,000,000 | -HSD | C] -- C:\found.000
[2011/05/25 17:05:07 | 000,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2011/05/25 02:36:05 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My PSP Files
[2011/05/25 02:27:03 | 000,000,000 | -H-D | C] -- C:\Program Files\Adobe Download Assistant
[2011/05/25 02:25:53 | 000,000,000 | -H-D | C] -- C:\Program Files\Common Files\Adobe AIR
[2006/10/05 20:36:25 | 000,774,144 | -H-- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/19 17:58:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 15:32:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/19 15:25:04 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916
[2011/06/19 15:25:04 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916r
[2011/06/19 15:25:03 | 000,000,795 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\Windows XP Repair.lnk
[2011/06/19 15:24:47 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\26074916
[2011/06/19 15:24:36 | 000,360,448 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\26074916.exe
[2011/06/19 15:23:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/19 15:18:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/06/19 15:18:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/19 15:18:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/19 15:18:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/19 15:18:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpinionSquare
[2011/06/19 15:18:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WN111v2 Adapter
[2011/06/19 15:18:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mixxx
[2011/06/19 15:18:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/06/19 15:18:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/06/19 15:18:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/19 15:18:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DragonBall Online
[2011/06/19 15:18:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.1
[2011/06/19 15:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/19 15:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX860 series
[2011/06/19 15:18:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio
[2011/06/19 15:18:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/19 15:17:57 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/19 15:14:08 | 000,444,416 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe
[2011/06/19 15:04:20 | 077,861,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/19 15:01:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 14:59:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 14:59:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2863605548-1053128589-1952253785-1006.job
[2011/06/19 02:24:33 | 000,607,310 | RH-- | M] (Swearware) -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\dds.scr
[2011/06/19 01:42:22 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/12 00:50:57 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\773778630
[2011/06/11 04:28:18 | 000,004,500 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Gokubasedgod.bmp
[2011/06/11 01:09:38 | 000,114,636 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DBO_CT_TW_Setup.exe.torrent
[2011/06/10 17:52:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 20:06:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2863605548-1053128589-1952253785-1006.job
[2011/06/04 04:20:21 | 046,296,620 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DO DO X2 - instrumental.wav
[2011/06/04 00:37:31 | 003,455,269 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- Far Away .mp3
[2011/06/03 20:35:45 | 000,242,262 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\my last pic.BMP
[2011/06/03 20:18:01 | 003,692,948 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.wav
[2011/06/03 20:18:01 | 000,057,776 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.pk
[2011/06/03 20:17:59 | 003,080,590 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).wav
[2011/06/03 20:17:59 | 000,048,208 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).pk
[2011/06/03 20:17:57 | 002,124,644 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.wav
[2011/06/03 20:17:57 | 000,033,272 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.pk
[2011/06/03 20:17:56 | 000,028,240 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).pk
[2011/06/03 20:17:55 | 001,802,388 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).wav
[2011/06/03 20:17:54 | 000,032,704 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.pk
[2011/06/03 20:17:53 | 002,088,172 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.wav
[2011/06/03 20:16:54 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.wav
[2011/06/03 20:16:54 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.pk
[2011/06/03 20:16:42 | 000,039,760 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).pk
[2011/06/03 20:16:41 | 005,079,364 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).wav
[2011/06/03 20:16:39 | 005,079,364 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).wav
[2011/06/03 20:16:39 | 000,039,760 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).pk
[2011/06/03 20:16:37 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).wav
[2011/06/03 20:16:37 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).pk
[2011/06/03 20:16:25 | 007,322,348 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).wav
[2011/06/03 20:16:25 | 000,057,280 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).pk
[2011/06/03 20:16:23 | 000,057,280 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).pk
[2011/06/03 20:16:22 | 007,322,348 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).wav
[2011/06/03 20:16:21 | 000,055,184 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).pk
[2011/06/03 20:16:20 | 007,053,876 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).wav
[2011/06/03 20:16:18 | 007,053,876 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).wav
[2011/06/03 20:16:18 | 000,055,184 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).pk
[2011/06/03 20:16:16 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).pk
[2011/06/03 20:16:15 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).wav
[2011/06/03 20:16:03 | 002,319,788 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).wav
[2011/06/03 20:16:03 | 000,018,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).pk
[2011/06/03 20:16:02 | 002,960,148 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).wav
[2011/06/03 20:16:02 | 000,023,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).pk
[2011/06/03 20:16:00 | 007,046,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).wav
[2011/06/03 20:16:00 | 000,055,120 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).pk
[2011/06/03 20:15:57 | 005,073,336 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).wav
[2011/06/03 20:15:57 | 000,039,712 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).pk
[2011/06/03 20:15:56 | 000,039,712 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).pk
[2011/06/03 20:15:55 | 005,073,336 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).wav
[2011/06/03 20:15:54 | 000,025,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).pk
[2011/06/03 20:15:53 | 003,191,444 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).wav
[2011/06/03 20:15:52 | 003,191,444 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).wav
[2011/06/03 20:15:52 | 000,025,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).pk
[2011/06/03 20:15:50 | 002,960,148 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).wav
[2011/06/03 20:15:50 | 000,023,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).pk
[2011/06/03 20:15:48 | 007,046,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).wav
[2011/06/03 20:15:48 | 000,055,120 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).pk
[2011/06/03 20:15:35 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).wav
[2011/06/03 20:15:35 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).pk
[2011/06/03 20:15:21 | 000,031,848 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).pk
[2011/06/03 20:15:20 | 004,067,328 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).wav
[2011/06/03 20:15:19 | 004,067,328 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).wav
[2011/06/03 20:15:19 | 000,031,848 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).pk
[2011/06/03 20:15:17 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).wav
[2011/06/03 20:15:17 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).pk
[2011/06/03 20:15:02 | 003,652,492 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).wav
[2011/06/03 20:15:02 | 000,028,608 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).pk
[2011/06/03 20:15:00 | 003,652,492 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).wav
[2011/06/03 20:15:00 | 000,028,608 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).pk
[2011/06/03 14:31:10 | 006,907,218 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Tyga Ft. Chris Richardson - Far Away (Instrumental with Hook).mp3
[2011/06/01 19:11:52 | 002,640,631 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mac Miller-Donald Trump.mp3
[2011/05/29 12:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 21:41:03 | 000,070,304 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpjVTrPqPM.jpg
[2011/05/25 21:19:42 | 000,044,594 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpRG6OfsPM.jpg
[2011/05/25 20:47:22 | 050,593,864 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- My Last (cover).wav
[2011/05/25 00:18:41 | 000,990,563 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown (2).mp3
[2011/05/25 00:09:15 | 000,328,934 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).mp3
[2011/05/25 00:09:12 | 000,483,579 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.mp3
[2011/05/25 00:09:04 | 000,000,836 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown.mp3
[2011/05/25 00:08:51 | 000,506,567 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).mp3
[2011/05/24 23:35:12 | 004,180,459 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Good D.I.Y Acapella) - Big Sean ft. Chris Brown.mp3
[2011/05/21 19:35:10 | 008,059,088 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Hook).mp3
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/19 15:25:03 | 000,000,795 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\Windows XP Repair.lnk
[2011/06/19 15:25:03 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26074916
[2011/06/19 15:25:03 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26074916r
[2011/06/19 15:24:46 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\26074916
[2011/06/19 01:42:22 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/12 00:49:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\773778630
[2011/06/11 04:26:09 | 000,004,500 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Gokubasedgod.bmp
[2011/06/11 01:09:32 | 000,114,636 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DBO_CT_TW_Setup.exe.torrent
[2011/06/04 04:20:13 | 046,296,620 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DO DO X2 - instrumental.wav
[2011/06/03 20:29:13 | 000,242,262 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\my last pic.BMP
[2011/06/03 20:18:01 | 000,057,776 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.pk
[2011/06/03 20:18:00 | 003,692,948 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.wav
[2011/06/03 20:17:59 | 000,048,208 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).pk
[2011/06/03 20:17:58 | 003,080,590 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).wav
[2011/06/03 20:17:57 | 000,033,272 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.pk
[2011/06/03 20:17:56 | 002,124,644 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.wav
[2011/06/03 20:17:55 | 001,802,388 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).wav
[2011/06/03 20:17:55 | 000,028,240 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).pk
[2011/06/03 20:17:54 | 000,032,704 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.pk
[2011/06/03 20:17:53 | 002,088,172 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.wav
[2011/06/03 20:16:54 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.pk
[2011/06/03 20:16:42 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.wav
[2011/06/03 20:16:41 | 000,039,760 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).pk
[2011/06/03 20:16:40 | 005,079,364 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).wav
[2011/06/03 20:16:39 | 000,039,760 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).pk
[2011/06/03 20:16:38 | 005,079,364 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).wav
[2011/06/03 20:16:37 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).pk
[2011/06/03 20:16:25 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).wav
[2011/06/03 20:16:25 | 000,057,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).pk
[2011/06/03 20:16:23 | 007,322,348 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).wav
[2011/06/03 20:16:23 | 000,057,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).pk
[2011/06/03 20:16:21 | 007,322,348 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).wav
[2011/06/03 20:16:20 | 000,055,184 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).pk
[2011/06/03 20:16:19 | 007,053,876 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).wav
[2011/06/03 20:16:18 | 000,055,184 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).pk
[2011/06/03 20:16:17 | 007,053,876 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).wav
[2011/06/03 20:16:16 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).pk
[2011/06/03 20:16:04 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).wav
[2011/06/03 20:16:03 | 000,018,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).pk
[2011/06/03 20:16:02 | 002,319,788 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).wav
[2011/06/03 20:16:02 | 000,023,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).pk
[2011/06/03 20:16:01 | 002,960,148 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).wav
[2011/06/03 20:16:00 | 000,055,120 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).pk
[2011/06/03 20:15:58 | 007,046,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).wav
[2011/06/03 20:15:57 | 000,039,712 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).pk
[2011/06/03 20:15:56 | 005,073,336 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).wav
[2011/06/03 20:15:55 | 000,039,712 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).pk
[2011/06/03 20:15:54 | 005,073,336 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).wav
[2011/06/03 20:15:54 | 000,025,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).pk
[2011/06/03 20:15:53 | 003,191,444 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).wav
[2011/06/03 20:15:52 | 000,025,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).pk
[2011/06/03 20:15:51 | 003,191,444 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).wav
[2011/06/03 20:15:50 | 000,023,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).pk
[2011/06/03 20:15:49 | 002,960,148 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).wav
[2011/06/03 20:15:48 | 000,055,120 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).pk
[2011/06/03 20:15:44 | 007,046,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).wav
[2011/06/03 20:15:35 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).pk
[2011/06/03 20:15:21 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).wav
[2011/06/03 20:15:20 | 004,067,328 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).wav
[2011/06/03 20:15:20 | 000,031,848 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).pk
[2011/06/03 20:15:19 | 000,031,848 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).pk
[2011/06/03 20:15:18 | 004,067,328 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).wav
[2011/06/03 20:15:17 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).pk
[2011/06/03 20:15:03 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).wav
[2011/06/03 20:15:02 | 000,028,608 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).pk
[2011/06/03 20:15:01 | 003,652,492 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).wav
[2011/06/03 20:15:00 | 000,028,608 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).pk
[2011/06/03 20:14:58 | 003,652,492 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).wav
[2011/06/03 20:14:28 | 003,455,269 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- Far Away .mp3
[2011/06/03 14:31:10 | 006,907,218 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Tyga Ft. Chris Richardson - Far Away (Instrumental with Hook).mp3
[2011/06/01 19:11:52 | 002,640,631 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mac Miller-Donald Trump.mp3
[2011/05/25 21:29:28 | 000,070,304 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpjVTrPqPM.jpg
[2011/05/25 21:06:33 | 000,044,594 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpRG6OfsPM.jpg
[2011/05/25 20:40:22 | 050,593,864 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- My Last (cover).wav
[2011/05/25 02:26:49 | 000,001,204 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\hosts
[2011/05/25 00:18:34 | 000,990,563 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown (2).mp3
[2011/05/25 00:09:13 | 000,328,934 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).mp3
[2011/05/25 00:09:10 | 000,483,579 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.mp3
[2011/05/25 00:09:03 | 000,000,836 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown.mp3
[2011/05/25 00:08:47 | 000,506,567 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).mp3
[2011/05/24 23:35:12 | 004,180,459 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Good D.I.Y Acapella) - Big Sean ft. Chris Brown.mp3
[2011/05/24 20:17:50 | 006,703,756 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Setup.exe
[2011/05/24 20:17:50 | 000,015,609 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\H2O.nfo
[2011/05/24 20:17:50 | 000,002,255 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Heaven.nfo
[2011/05/24 20:17:50 | 000,000,575 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\file_id.diz
[2011/05/21 19:35:10 | 008,059,088 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Hook).mp3
[2011/05/04 22:49:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/09 19:02:48 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\AVRedirector.ini
[2011/03/09 19:02:48 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\AVRedirectorOff.ini
[2011/03/01 01:09:50 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2011/03/01 01:09:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2011/03/01 01:09:49 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2011/03/01 01:09:48 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2011/03/01 01:09:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2011/03/01 01:09:47 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2011/03/01 01:09:47 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2011/03/01 01:09:46 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2011/03/01 01:09:46 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2011/03/01 01:09:45 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2011/03/01 01:09:44 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2011/03/01 01:09:43 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2011/03/01 01:09:42 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2011/03/01 01:09:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2011/03/01 01:09:41 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2011/03/01 01:09:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2011/03/01 01:09:39 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2011/03/01 01:09:38 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2011/03/01 01:09:33 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2011/03/01 01:09:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2011/03/01 01:09:29 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2011/03/01 01:09:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2011/01/21 20:32:52 | 000,011,230 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\all
[2011/01/05 22:31:47 | 000,000,117 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\jagex_runescape_preferences2.dat
[2011/01/05 22:28:26 | 000,000,034 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\jagex_runescape_preferences.dat
[2009/12/29 23:01:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/11/25 15:20:56 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/27 19:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/06/26 01:03:50 | 000,005,632 | -H-- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/16 03:13:23 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2007/04/03 23:56:04 | 000,000,023 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\presets.ini
[2007/01/14 19:54:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/05 21:09:50 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/07 00:01:09 | 000,033,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/01 01:06:23 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2006/11/01 01:06:23 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/10/25 17:10:41 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\JESSY\Local Settings\Application Data\fusioncache.dat
[2006/10/25 11:32:54 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/10/25 11:32:54 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/10/05 21:16:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/05 20:05:35 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\JESSY\Application Data\PFP120JPR.{PB
[2006/10/05 20:05:35 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\JESSY\Application Data\PFP120JCM.{PB
[2006/05/24 02:01:14 | 000,000,436 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\IPH.BAK
[2006/05/23 19:08:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/25 19:15:23 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/01/21 19:56:10 | 000,002,620 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/18 21:21:48 | 000,000,139 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\fusioncache.dat
[2006/01/09 23:29:01 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/09 23:12:29 | 000,481,280 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2005/12/25 22:09:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/19 00:15:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/19 00:11:01 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/19 00:05:43 | 000,000,460 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/19 00:04:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/18 23:43:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/18 23:43:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/18 23:43:08 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,278,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,467,868 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,080,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/18 19:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 19:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2006/10/08 19:38:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\EA
[2006/09/29 03:09:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\FilmLoop
[2006/10/05 20:42:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\Smilebox
[2011/06/13 03:17:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\uTorrent

========== Purity Check ==========


< End of report >
 
It looks like on a top of an infection, we have important system file missing (volsnap.sys).

Re-run OTLPE scan, but this time....

Under the Custom Scan box paste this in:

/md5start
volsnap.sys
/md5stop
 
Possibly, you're doing something wrong....

  • Reboot your system using OTLPE CD you just created.
  • Your system should now display a REATOGO-X-PE desktop.
  • Depending on your type of internet connection, you should be able to get online as well so you can access this topic more easily.
  • Double-click on the OTLPE icon.
  • When asked Do you wish to load the remote registry, select Yes
  • When asked Do you wish to load remote user profile(s) for scanning, select Yes
  • Ensure the box Automatically Load All Remaining Users" is checked and press OK
  • OTL should now start.
  • Under the Custom Scan box paste this in:

    /md5start
    volsnap.sys
    /md5stop

  • Press Run Scan to start the scan.
  • When finished, the file will be saved in drive C:\OTL.txt
  • Copy this file to your USB drive if you do not have internet connection on this system
  • Please post the contents of the OTL.txt file in your reply.
 
Ok i think i did it right this time.

OTL logfile created on: 6/20/2011 2:08:39 AM - Run
OTLPE by OldTimer - Version 3.1.46.0 Folder = X:\Programs\OTLPE
Microsoft Windows XP Service Pack 3 (Version = 5.1.2600) - Type = SYSTEM
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 295.00 Mb Available Physical Memory | 58.00% Memory free
462.00 Mb Paging File | 336.00 Mb Available in Paging File | 73.00% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.46 Gb Total Space | 29.48 Gb Free Space | 41.26% Space Free | Partition Type: NTFS
Drive D: | 1.87 Gb Total Space | 1.78 Gb Free Space | 95.46% Space Free | Partition Type: FAT
Drive X: | 436.59 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: REATOGO | User Name: SYSTEM
Boot Mode: Normal | Scan Mode: All users
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days
Using ControlSet: ControlSet005

========== Win32 Services (SafeList) ==========

SRV - File not found [On_Demand] -- -- (AppMgmt)
SRV - [2011/03/18 11:11:02 | 000,947,528 | -H-- | M] () [On_Demand] -- C:\Program Files\AVG\AVG8\Toolbar\ToolbarBroker.exe -- (AVG Security Toolbar Service)
SRV - [2009/11/25 18:46:28 | 000,908,056 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgemc.exe -- (avg8emc)
SRV - [2009/11/25 18:46:25 | 000,297,752 | -H-- | M] (AVG Technologies CZ, s.r.o.) [Auto] -- C:\Program Files\AVG\AVG8\avgwdsvc.exe -- (avg8wd)
SRV - [2008/06/27 19:24:34 | 000,467,028 | ---- | M] (Atheros) [Disabled] -- C:\WINDOWS\system32\acs.exe -- (ACS)
SRV - [2008/02/27 14:54:52 | 000,360,547 | -H-- | M] (Atheros Communications, Inc.) [On_Demand] -- C:\Program Files\NETGEAR\WN111v2\jswpsapi.exe -- (jswpsapi)
SRV - [2005/06/21 16:19:38 | 000,491,520 | ---- | M] () [On_Demand] -- C:\WINDOWS\System32\dlcccoms.exe -- (dlcc_device)
SRV - [2004/03/18 19:55:48 | 000,065,536 | ---- | M] (HP) [On_Demand] -- C:\WINDOWS\system32\HPZipm12.exe -- (Pml Driver HPZ12)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand] -- -- (WDICA)
DRV - File not found [Kernel | On_Demand] -- -- (wanatw) WAN Miniport (ATW)
DRV - File not found [Kernel | Boot] -- -- (VolSnap)
DRV - File not found [Kernel | On_Demand] -- -- (RimUsb)
DRV - File not found [Kernel | On_Demand] -- -- (PDRFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDRELI)
DRV - File not found [Kernel | On_Demand] -- -- (PDFRAME)
DRV - File not found [Kernel | On_Demand] -- -- (PDCOMP)
DRV - File not found [Kernel | System] -- -- (PCIDump)
DRV - File not found [Kernel | Boot] -- -- (nielprt)
DRV - File not found [Kernel | On_Demand] -- -- (NielGfx)
DRV - File not found [Kernel | On_Demand] -- -- (MEMSWEEP2)
DRV - File not found [Kernel | System] -- -- (lbrtfdc)
DRV - File not found [Kernel | System] -- -- (Changer)
DRV - File not found [Kernel | On_Demand] -- -- (bvrp_pci)
DRV - [2011/05/29 12:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2010/05/26 13:45:04 | 000,018,816 | ---- | M] (Sophos Plc) [Kernel | System] -- C:\WINDOWS\system32\SAVRKBootTasks.sys -- (SAVRKBootTasks)
DRV - [2009/12/18 14:58:52 | 000,011,336 | -H-- | M] () [Kernel | On_Demand] -- C:\Program Files\SystemRequirementsLab\cpudrv.sys -- (cpudrv)
DRV - [2009/12/07 07:24:56 | 000,401,016 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusbu.sys -- (PRESONUS_AUDIOBOX_USB)
DRV - [2009/12/07 07:24:56 | 000,040,568 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusba.sys -- (PRESONUS_AUDIOBOX_WDM)
DRV - [2009/12/07 07:24:56 | 000,031,864 | R--- | M] (Ploytec GmbH) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\psabusbm.sys -- (PRESONUS_AUDIOBOX_MIDI)
DRV - [2009/11/25 18:47:24 | 000,108,552 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgtdix.sys -- (AvgTdiX)
DRV - [2009/11/25 18:47:23 | 000,335,240 | ---- | M] (AVG Technologies CZ, s.r.o.) [Kernel | System] -- C:\WINDOWS\System32\Drivers\avgldx86.sys -- (AvgLdx86)
DRV - [2009/11/25 18:47:23 | 000,027,784 | ---- | M] (AVG Technologies CZ, s.r.o.) [File_System | System] -- C:\WINDOWS\System32\Drivers\avgmfx86.sys -- (AvgMfx86)
DRV - [2009/03/18 19:35:40 | 000,026,176 | -H-- | M] (LogMeIn, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\hamachi.sys -- (hamachi)
DRV - [2008/10/01 19:45:52 | 000,057,440 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\jswscimd.sys -- (JSWSCIMD)
DRV - [2008/09/30 06:24:36 | 000,453,120 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\WN111v2.sys -- (WN111v2)
DRV - [2007/12/14 07:31:00 | 000,057,408 | ---- | M] (Atheros Communications, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\wsimd.sys -- (WSIMD)
DRV - [2004/09/17 16:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt)
DRV - [2003/11/17 23:59:20 | 000,212,224 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys -- (HSFHWBS2)
DRV - [2003/11/17 23:58:02 | 000,680,704 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys -- (winachsf)
DRV - [2003/11/17 23:56:26 | 001,042,432 | ---- | M] (Conexant Systems, Inc.) [Kernel | On_Demand] -- C:\WINDOWS\system32\drivers\HSF_DP.sys -- (HSF_DP)
DRV - [2003/07/24 15:10:34 | 000,017,149 | ---- | M] (Printing Communications Assoc., Inc. (PCAUSA)) [Kernel | On_Demand] -- C:\WINDOWS\system32\DNINDIS5.sys -- (DNINDIS5)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com
IE - HKLM\Software\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.com/customize/ie/defaults/cs/msgr7/*http://www.yahoo.com/ext/search/search.html
IE - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://start.facemoods.com/?a=ddr&s={searchTerms}&f=4


IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]
IE - HKU\.DEFAULT\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:8592

IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
IE - HKU\Administrator.D9KV7191_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Guest_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.myspace.com/
IE - HKU\Guest_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://my.weatherstudio.com/?src_id=352
IE - HKU\JESSY_ON_C\Software\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKU\JESSY_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ieaddons.com/en/students
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = http://m.www.yahoo.com/ [binary data]
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.oovoostart.com/?cfg=2-201-0-33NUP&engine_id=1&provider_id=1&product_id=201&country=US
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,Start Page Restore = http://www.google.com/
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = local
IE - HKU\Lindsay_Dawedeit_ON_C\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = socks=127.0.0.1:4021

IE - HKU\LocalService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]

IE - HKU\NetworkService_ON_C\Software\Microsoft\Internet Explorer\Main,XMLHTTP_UUID_Default = 36 AE 3A 04 E0 FD D8 46 91 AE 5E 70 C8 31 61 B1 [binary data]


FF - HKLM\software\mozilla\Firefox\extensions\\{6E19037A-12E3-4295-8915-ED48BC341614}: C:\Program Files\OpinionSquare


Hosts file not found
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O2 - BHO: (Skype Plug-In) - {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (a4c3abe4) - {EAABFF34-C018-1663-DAE5-EADDB0233338} - File not found
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O3 - HKU\Lindsay_Dawedeit_ON_C\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O4 - HKLM..\Run: [AVG8_TRAY] C:\Program Files\AVG\AVG8\avgtray.exe (AVG Technologies CZ, s.r.o.)
O4 - HKLM..\Run: [DLCCCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.DLL ()
O4 - HKLM..\Run: [dlccmon.exe] C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe (Dell)
O4 - HKU\Administrator.D9KV7191_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Guest_ON_C..\Run: [DellSupport-] C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
O4 - HKU\Lindsay_Dawedeit_ON_C..\Run: [bpbMHutRXor] C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe (Sysinternals)
O4 - HKU\Administrator.D9KV7191_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O4 - HKU\Administrator.D9KV7191_ON_C..\RunOnce: [FlashPlayerUpdate] C:\WINDOWS\system32\Macromed\Flash\FlashUtil10c.exe (Adobe Systems, Inc.)
O4 - HKU\Guest_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O4 - HKU\JESSY_ON_C..\RunOnce: [avg_spchecker] C:\Program Files\AVG\AVG8\Notification\SPChecker.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Administrator.D9KV7191_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Guest_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\JESSY_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\LocalService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\NetworkService_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O9 - Extra Button: Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O9 - Extra 'Tools' menuitem : Skype Plug-In - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwave/cabs/director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {55027008-315F-4F45-BBC3-8BE119764741} http://www.slide.com/uploader/SlideImageUploader.cab (Slide Image Uploader Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} http://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab (SysInfo Class)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab (Shockwave Flash Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.254.254 192.168.254.254
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - C:\Program Files\AVG\AVG8\Toolbar\IEToolbar.dll ()
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Handler\skype-ie-addon-data {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files\Skype\Toolbars\Internet Explorer\skypeieplugin.dll (Skype Technologies S.A.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O24 - Desktop WallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O24 - Desktop BackupWallPaper: C:\WINDOWS\Web\Wallpaper\Bliss.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 15:04:08 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2006/03/24 07:06:41 | 000,000,053 | R--- | M] () - X:\AUTORUN.INF -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*
 
========== Files - Modified Within 30 Days ==========

[2011/06/19 17:58:42 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/19 15:32:03 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/19 15:25:04 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916
[2011/06/19 15:25:04 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916r
[2011/06/19 15:25:03 | 000,000,795 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\Windows XP Repair.lnk
[2011/06/19 15:24:47 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\26074916
[2011/06/19 15:24:36 | 000,360,448 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\26074916.exe
[2011/06/19 15:23:14 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/06/19 15:18:23 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\WinRAR
[2011/06/19 15:18:21 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup
[2011/06/19 15:18:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Skype
[2011/06/19 15:18:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\QuickTime
[2011/06/19 15:18:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\OpinionSquare
[2011/06/19 15:18:19 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\NETGEAR WN111v2 Adapter
[2011/06/19 15:18:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Mixxx
[2011/06/19 15:18:17 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Microsoft Office
[2011/06/19 15:18:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\JDownloader
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/06/19 15:18:14 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\HP
[2011/06/19 15:18:12 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Games
[2011/06/19 15:18:09 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\DragonBall Online
[2011/06/19 15:18:08 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Cool Edit Pro 2.1
[2011/06/19 15:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CCleaner
[2011/06/19 15:18:07 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Canon MX860 series
[2011/06/19 15:18:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\CamStudio
[2011/06/19 15:18:00 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools
[2011/06/19 15:17:57 | 000,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Start Menu\Programs\Accessories
[2011/06/19 15:14:08 | 000,444,416 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe
[2011/06/19 15:04:20 | 077,861,148 | ---- | M] () -- C:\WINDOWS\System32\drivers\Avg\incavi.avm
[2011/06/19 15:01:32 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/06/19 14:59:51 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/19 14:59:48 | 000,000,300 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeLogonTaskS-1-5-21-2863605548-1053128589-1952253785-1006.job
[2011/06/19 02:24:33 | 000,607,310 | RH-- | M] (Swearware) -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\dds.scr
[2011/06/19 01:42:22 | 000,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/12 00:50:57 | 000,000,097 | ---- | M] () -- C:\WINDOWS\System32\773778630
[2011/06/11 04:28:18 | 000,004,500 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Gokubasedgod.bmp
[2011/06/11 01:09:38 | 000,114,636 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DBO_CT_TW_Setup.exe.torrent
[2011/06/10 17:52:28 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/06/08 20:06:00 | 000,000,308 | ---- | M] () -- C:\WINDOWS\tasks\RealUpgradeScheduledTaskS-1-5-21-2863605548-1053128589-1952253785-1006.job
[2011/06/04 04:20:21 | 046,296,620 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DO DO X2 - instrumental.wav
[2011/06/04 00:37:31 | 003,455,269 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- Far Away .mp3
[2011/06/03 20:35:45 | 000,242,262 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\my last pic.BMP
[2011/06/03 20:18:01 | 003,692,948 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.wav
[2011/06/03 20:18:01 | 000,057,776 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.pk
[2011/06/03 20:17:59 | 003,080,590 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).wav
[2011/06/03 20:17:59 | 000,048,208 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).pk
[2011/06/03 20:17:57 | 002,124,644 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.wav
[2011/06/03 20:17:57 | 000,033,272 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.pk
[2011/06/03 20:17:56 | 000,028,240 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).pk
[2011/06/03 20:17:55 | 001,802,388 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).wav
[2011/06/03 20:17:54 | 000,032,704 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.pk
[2011/06/03 20:17:53 | 002,088,172 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.wav
[2011/06/03 20:16:54 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.wav
[2011/06/03 20:16:54 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.pk
[2011/06/03 20:16:42 | 000,039,760 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).pk
[2011/06/03 20:16:41 | 005,079,364 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).wav
[2011/06/03 20:16:39 | 005,079,364 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).wav
[2011/06/03 20:16:39 | 000,039,760 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).pk
[2011/06/03 20:16:37 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).wav
[2011/06/03 20:16:37 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).pk
[2011/06/03 20:16:25 | 007,322,348 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).wav
[2011/06/03 20:16:25 | 000,057,280 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).pk
[2011/06/03 20:16:23 | 000,057,280 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).pk
[2011/06/03 20:16:22 | 007,322,348 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).wav
[2011/06/03 20:16:21 | 000,055,184 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).pk
[2011/06/03 20:16:20 | 007,053,876 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).wav
[2011/06/03 20:16:18 | 007,053,876 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).wav
[2011/06/03 20:16:18 | 000,055,184 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).pk
[2011/06/03 20:16:16 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).pk
[2011/06/03 20:16:15 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).wav
[2011/06/03 20:16:03 | 002,319,788 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).wav
[2011/06/03 20:16:03 | 000,018,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).pk
[2011/06/03 20:16:02 | 002,960,148 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).wav
[2011/06/03 20:16:02 | 000,023,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).pk
[2011/06/03 20:16:00 | 007,046,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).wav
[2011/06/03 20:16:00 | 000,055,120 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).pk
[2011/06/03 20:15:57 | 005,073,336 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).wav
[2011/06/03 20:15:57 | 000,039,712 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).pk
[2011/06/03 20:15:56 | 000,039,712 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).pk
[2011/06/03 20:15:55 | 005,073,336 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).wav
[2011/06/03 20:15:54 | 000,025,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).pk
[2011/06/03 20:15:53 | 003,191,444 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).wav
[2011/06/03 20:15:52 | 003,191,444 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).wav
[2011/06/03 20:15:52 | 000,025,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).pk
[2011/06/03 20:15:50 | 002,960,148 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).wav
[2011/06/03 20:15:50 | 000,023,200 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).pk
[2011/06/03 20:15:48 | 007,046,008 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).wav
[2011/06/03 20:15:48 | 000,055,120 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).pk
[2011/06/03 20:15:35 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).wav
[2011/06/03 20:15:35 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).pk
[2011/06/03 20:15:21 | 000,031,848 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).pk
[2011/06/03 20:15:20 | 004,067,328 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).wav
[2011/06/03 20:15:19 | 004,067,328 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).wav
[2011/06/03 20:15:19 | 000,031,848 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).pk
[2011/06/03 20:15:17 | 076,151,852 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).wav
[2011/06/03 20:15:17 | 000,343,276 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).pk
[2011/06/03 20:15:02 | 003,652,492 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).wav
[2011/06/03 20:15:02 | 000,028,608 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).pk
[2011/06/03 20:15:00 | 003,652,492 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).wav
[2011/06/03 20:15:00 | 000,028,608 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).pk
[2011/06/03 14:31:10 | 006,907,218 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Tyga Ft. Chris Richardson - Far Away (Instrumental with Hook).mp3
[2011/06/01 19:11:52 | 002,640,631 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mac Miller-Donald Trump.mp3
[2011/05/29 12:11:30 | 000,039,984 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/05/25 21:41:03 | 000,070,304 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpjVTrPqPM.jpg
[2011/05/25 21:19:42 | 000,044,594 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpRG6OfsPM.jpg
[2011/05/25 20:47:22 | 050,593,864 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- My Last (cover).wav
[2011/05/25 00:18:41 | 000,990,563 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown (2).mp3
[2011/05/25 00:09:15 | 000,328,934 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).mp3
[2011/05/25 00:09:12 | 000,483,579 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.mp3
[2011/05/25 00:09:04 | 000,000,836 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown.mp3
[2011/05/25 00:08:51 | 000,506,567 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).mp3
[2011/05/24 23:35:12 | 004,180,459 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Good D.I.Y Acapella) - Big Sean ft. Chris Brown.mp3
[2011/05/21 19:35:10 | 008,059,088 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Hook).mp3
[9 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\Desktop\*.tmp -> ]
[1 C:\Documents and Settings\Lindsay Dawedeit\*.tmp files -> C:\Documents and Settings\Lindsay Dawedeit\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/19 15:25:03 | 000,000,795 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\Windows XP Repair.lnk
[2011/06/19 15:25:03 | 000,000,216 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26074916
[2011/06/19 15:25:03 | 000,000,152 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\~26074916r
[2011/06/19 15:24:46 | 000,000,336 | -H-- | C] () -- C:\Documents and Settings\All Users\Application Data\26074916
[2011/06/19 01:42:22 | 000,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2011/06/12 00:49:52 | 000,000,097 | ---- | C] () -- C:\WINDOWS\System32\773778630
[2011/06/11 04:26:09 | 000,004,500 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Gokubasedgod.bmp
[2011/06/11 01:09:32 | 000,114,636 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DBO_CT_TW_Setup.exe.torrent
[2011/06/04 04:20:13 | 046,296,620 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\DO DO X2 - instrumental.wav
[2011/06/03 20:29:13 | 000,242,262 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\my last pic.BMP
[2011/06/03 20:18:01 | 000,057,776 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.pk
[2011/06/03 20:18:00 | 003,692,948 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2.wav
[2011/06/03 20:17:59 | 000,048,208 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).pk
[2011/06/03 20:17:58 | 003,080,590 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).wav
[2011/06/03 20:17:57 | 000,033,272 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.pk
[2011/06/03 20:17:56 | 002,124,644 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.wav
[2011/06/03 20:17:55 | 001,802,388 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).wav
[2011/06/03 20:17:55 | 000,028,240 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).pk
[2011/06/03 20:17:54 | 000,032,704 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.pk
[2011/06/03 20:17:53 | 002,088,172 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 4.wav
[2011/06/03 20:16:54 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.pk
[2011/06/03 20:16:42 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down.wav
[2011/06/03 20:16:41 | 000,039,760 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).pk
[2011/06/03 20:16:40 | 005,079,364 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (3).wav
[2011/06/03 20:16:39 | 000,039,760 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).pk
[2011/06/03 20:16:38 | 005,079,364 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (3).wav
[2011/06/03 20:16:37 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).pk
[2011/06/03 20:16:25 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (2).wav
[2011/06/03 20:16:25 | 000,057,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).pk
[2011/06/03 20:16:23 | 007,322,348 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (4).wav
[2011/06/03 20:16:23 | 000,057,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).pk
[2011/06/03 20:16:21 | 007,322,348 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (4).wav
[2011/06/03 20:16:20 | 000,055,184 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).pk
[2011/06/03 20:16:19 | 007,053,876 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (5).wav
[2011/06/03 20:16:18 | 000,055,184 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).pk
[2011/06/03 20:16:17 | 007,053,876 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (5).wav
[2011/06/03 20:16:16 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).pk
[2011/06/03 20:16:04 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (3).wav
[2011/06/03 20:16:03 | 000,018,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).pk
[2011/06/03 20:16:02 | 002,319,788 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (6).wav
[2011/06/03 20:16:02 | 000,023,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).pk
[2011/06/03 20:16:01 | 002,960,148 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (7).wav
[2011/06/03 20:16:00 | 000,055,120 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).pk
[2011/06/03 20:15:58 | 007,046,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (8).wav
[2011/06/03 20:15:57 | 000,039,712 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).pk
[2011/06/03 20:15:56 | 005,073,336 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (9).wav
[2011/06/03 20:15:55 | 000,039,712 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).pk
[2011/06/03 20:15:54 | 005,073,336 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (10).wav
[2011/06/03 20:15:54 | 000,025,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).pk
[2011/06/03 20:15:53 | 003,191,444 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (7).wav
[2011/06/03 20:15:52 | 000,025,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).pk
[2011/06/03 20:15:51 | 003,191,444 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (6).wav
[2011/06/03 20:15:50 | 000,023,200 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).pk
[2011/06/03 20:15:49 | 002,960,148 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (8).wav
[2011/06/03 20:15:48 | 000,055,120 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).pk
[2011/06/03 20:15:44 | 007,046,008 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (9).wav
[2011/06/03 20:15:35 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).pk
[2011/06/03 20:15:21 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (4).wav
[2011/06/03 20:15:20 | 004,067,328 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).wav
[2011/06/03 20:15:20 | 000,031,848 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (10).pk
[2011/06/03 20:15:19 | 000,031,848 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).pk
[2011/06/03 20:15:18 | 004,067,328 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (11).wav
[2011/06/03 20:15:17 | 000,343,276 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).pk
[2011/06/03 20:15:03 | 076,151,852 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mix Down (5).wav
[2011/06/03 20:15:02 | 000,028,608 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).pk
[2011/06/03 20:15:01 | 003,652,492 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (11).wav
[2011/06/03 20:15:00 | 000,028,608 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).pk
[2011/06/03 20:14:58 | 003,652,492 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (12).wav
[2011/06/03 20:14:28 | 003,455,269 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- Far Away .mp3
[2011/06/03 14:31:10 | 006,907,218 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Tyga Ft. Chris Richardson - Far Away (Instrumental with Hook).mp3
[2011/06/01 19:11:52 | 002,640,631 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mac Miller-Donald Trump.mp3
[2011/05/25 21:29:28 | 000,070,304 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpjVTrPqPM.jpg
[2011/05/25 21:06:33 | 000,044,594 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\phpRG6OfsPM.jpg
[2011/05/25 20:40:22 | 050,593,864 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\JayRez- My Last (cover).wav
[2011/05/25 02:26:49 | 000,001,204 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\hosts
[2011/05/25 00:18:34 | 000,990,563 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown (2).mp3
[2011/05/25 00:09:13 | 000,328,934 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 2 (2).mp3
[2011/05/25 00:09:10 | 000,483,579 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3.mp3
[2011/05/25 00:09:03 | 000,000,836 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Mixdown.mp3
[2011/05/25 00:08:47 | 000,506,567 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Track 3 (2).mp3
[2011/05/24 23:35:12 | 004,180,459 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Good D.I.Y Acapella) - Big Sean ft. Chris Brown.mp3
[2011/05/24 20:17:50 | 006,703,756 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Setup.exe
[2011/05/24 20:17:50 | 000,015,609 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\H2O.nfo
[2011/05/24 20:17:50 | 000,002,255 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\Heaven.nfo
[2011/05/24 20:17:50 | 000,000,575 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\file_id.diz
[2011/05/21 19:35:10 | 008,059,088 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\My Documents\My Last (Hook).mp3
[2011/05/04 22:49:05 | 000,000,056 | -H-- | C] () -- C:\WINDOWS\System32\ezsidmv.dat
[2011/03/09 19:02:48 | 000,002,496 | ---- | C] () -- C:\WINDOWS\System32\AVRedirector.ini
[2011/03/09 19:02:48 | 000,001,248 | ---- | C] () -- C:\WINDOWS\System32\AVRedirectorOff.ini
[2011/03/01 01:09:50 | 000,638,976 | ---- | C] () -- C:\WINDOWS\System32\dlccpmui.dll
[2011/03/01 01:09:50 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlccinsr.dll
[2011/03/01 01:09:49 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccins.dll
[2011/03/01 01:09:48 | 000,372,736 | ---- | C] () -- C:\WINDOWS\System32\dlccih.exe
[2011/03/01 01:09:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlccvs.dll
[2011/03/01 01:09:47 | 000,368,640 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.exe
[2011/03/01 01:09:47 | 000,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlccpplc.dll
[2011/03/01 01:09:46 | 000,483,328 | ---- | C] () -- C:\WINDOWS\System32\dlcclmpm.dll
[2011/03/01 01:09:46 | 000,413,696 | ---- | C] () -- C:\WINDOWS\System32\dlcccomm.dll
[2011/03/01 01:09:45 | 001,134,592 | ---- | C] () -- C:\WINDOWS\System32\dlccusb1.dll
[2011/03/01 01:09:44 | 000,770,048 | ---- | C] () -- C:\WINDOWS\System32\dlcchbn3.dll
[2011/03/01 01:09:43 | 000,491,520 | ---- | C] () -- C:\WINDOWS\System32\dlcccoms.exe
[2011/03/01 01:09:42 | 000,704,512 | ---- | C] () -- C:\WINDOWS\System32\dlcccomc.dll
[2011/03/01 01:09:42 | 000,155,648 | ---- | C] () -- C:\WINDOWS\System32\dlccprox.dll
[2011/03/01 01:09:41 | 001,183,744 | ---- | C] () -- C:\WINDOWS\System32\dlccserv.dll
[2011/03/01 01:09:39 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcccu.dll
[2011/03/01 01:09:39 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcccur.dll
[2011/03/01 01:09:38 | 000,430,080 | ---- | C] () -- C:\WINDOWS\System32\dlccutil.dll
[2011/03/01 01:09:33 | 000,176,128 | ---- | C] () -- C:\WINDOWS\System32\dlccinsb.dll
[2011/03/01 01:09:33 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcccub.dll
[2011/03/01 01:09:29 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlccjswr.dll
[2011/03/01 01:09:23 | 000,065,536 | ---- | C] () -- C:\WINDOWS\System32\dlcccfg.dll
[2011/01/21 20:32:52 | 000,011,230 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\all
[2011/01/05 22:31:47 | 000,000,117 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\jagex_runescape_preferences2.dat
[2011/01/05 22:28:26 | 000,000,034 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\jagex_runescape_preferences.dat
[2009/12/29 23:01:40 | 000,000,256 | ---- | C] () -- C:\WINDOWS\System32\pool.bin
[2009/11/25 15:20:56 | 000,000,118 | ---- | C] () -- C:\WINDOWS\System32\MRT.INI
[2008/06/27 19:18:04 | 000,262,216 | ---- | C] () -- C:\WINDOWS\System32\IPTests.dll
[2007/06/26 01:03:50 | 000,005,632 | -H-- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2007/04/16 03:13:23 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\Guest\Local Settings\Application Data\fusioncache.dat
[2007/04/03 23:56:04 | 000,000,023 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\presets.ini
[2007/01/14 19:54:46 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2007/01/05 21:09:50 | 000,002,301 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/07 00:01:09 | 000,033,280 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/11/01 01:06:23 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat.temp
[2006/11/01 01:06:23 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/10/25 17:10:41 | 000,000,128 | -H-- | C] () -- C:\Documents and Settings\JESSY\Local Settings\Application Data\fusioncache.dat
[2006/10/25 11:32:54 | 000,104,279 | ---- | C] () -- C:\WINDOWS\hpoins04.dat
[2006/10/25 11:32:54 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat
[2006/10/05 21:16:33 | 000,004,096 | ---- | C] () -- C:\WINDOWS\d3dx.dat
[2006/10/05 20:05:35 | 000,061,678 | -H-- | C] () -- C:\Documents and Settings\JESSY\Application Data\PFP120JPR.{PB
[2006/10/05 20:05:35 | 000,012,358 | -H-- | C] () -- C:\Documents and Settings\JESSY\Application Data\PFP120JCM.{PB
[2006/05/24 02:01:14 | 000,000,436 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\IPH.BAK
[2006/05/23 19:08:15 | 000,000,028 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/02/25 19:15:23 | 000,000,297 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2006/01/21 19:56:10 | 000,002,620 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/01/18 21:21:48 | 000,000,139 | -H-- | C] () -- C:\Documents and Settings\Lindsay Dawedeit\Local Settings\Application Data\fusioncache.dat
[2006/01/09 23:29:01 | 000,000,130 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/09 23:12:29 | 000,481,280 | ---- | C] () -- C:\WINDOWS\System32\aswBoot.exe
[2005/12/25 22:09:12 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2005/12/19 00:15:58 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/12/19 00:11:01 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/12/19 00:05:43 | 000,000,460 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/12/19 00:04:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/12/18 23:43:26 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2005/12/18 23:43:10 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll
[2005/12/18 23:43:08 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/08/10 15:12:05 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/08/10 15:07:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2004/08/10 15:02:15 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/10 15:01:18 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2004/08/10 14:57:52 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/10 14:57:15 | 000,278,152 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/10 14:51:21 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/10 14:51:20 | 000,467,868 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2004/08/10 14:51:20 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2004/08/10 14:51:20 | 000,080,238 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2004/08/10 14:51:20 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2004/08/10 14:51:18 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2004/08/10 14:51:17 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2004/08/10 14:51:16 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2004/08/10 14:51:12 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2004/08/10 14:51:11 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2004/08/10 14:51:05 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2004/08/10 14:50:56 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2004/04/18 19:43:46 | 000,147,456 | ---- | C] () -- C:\WINDOWS\System32\ssleay32.dll
[2004/04/18 19:43:44 | 000,651,264 | ---- | C] () -- C:\WINDOWS\System32\libeay32.dll

========== LOP Check ==========

[2006/10/08 19:38:43 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\EA
[2006/09/29 03:09:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\FilmLoop
[2006/10/05 20:42:15 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\JESSY\Application Data\Smilebox
[2011/06/13 03:17:22 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\Lindsay Dawedeit\Application Data\uTorrent

========== Purity Check ==========



========== Custom Scans ==========



< MD5 for: VOLSNAP.SYS >
[2008/04/13 14:41:01 | 000,052,352 | ---- | M] (Microsoft Corporation) MD5=4C8FCB5CC53AAB716D810740FE59D025 -- C:\WINDOWS\ServicePackFiles\i386\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\i386\volsnap.sys
[2004/08/04 07:00:00 | 000,052,352 | -H-- | M] (Microsoft Corporation) MD5=EE4660083DEBA849FF6C485D944B379B -- C:\WINDOWS\$NtServicePackUninstall$\volsnap.sys
< End of report >
 
Very good :)

Do this on the computer you are posting from:
Copy the text in the codebox below:


Code: 
:OTL
O2 - BHO: (a4c3abe4) - {EAABFF34-C018-1663-DAE5-EADDB0233338} - File not found
O4 - HKU\Lindsay_Dawedeit_ON_C..\Run: [bpbMHutRXor] C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe (Sysinternals)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDesktop = 1
O7 - HKU\Lindsay_Dawedeit_ON_C\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
[2011/06/19 15:25:04 | 000,000,216 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916
[2011/06/19 15:25:04 | 000,000,152 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\~26074916r
[2011/06/19 15:25:03 | 000,000,795 | -H-- | M] () -- C:\Documents and Settings\Lindsay Dawedeit\Desktop\Windows XP Repair.lnk
[2011/06/19 15:24:47 | 000,000,336 | -H-- | M] () -- C:\Documents and Settings\All Users\Application Data\26074916
[2011/06/19 15:24:36 | 000,360,448 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\26074916.exe
[2011/06/19 15:14:08 | 000,444,416 | -H-- | M] (Sysinternals) -- C:\Documents and Settings\All Users\Application Data\bpbMHutRXor.exe


:Services

:Reg

:Files
C:\Windows\system32\DRIVERS\volsnap.sys|C:\WINDOWS\ServicePackFiles\i386\volsnap.sys /replace

:Commands
[purity]

Open Notepad and paste it.
Save the document as Fix.txt on to a USB flash drive


On the infected computer the following...

Run OTLPE

  • Insert USB stick and find the file Fix.txt. Drag the file Fix.txt and drop it under the Custom Scans/Fixes box at the bottom.
    • (The content of Fix.txt should appear in the box)
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log produced (you'll need to transfer it with USB stick)
  • Attempt to reboot normally into Windows.
 
Ok I ran the fix and booted with no problem, thanks. However the only thing on my desktop now is Internet Explorer and Recycle Bin. And when I go to the start menu it shows no programs.
However I have AVG and Skype running on startup.
What is also weird is it seems that everything on my USB was erased too... so I do not have the log I saved.
Also my screen resolution is still low but I suppose thats a whole different problem.
 
The most important things is....you're able to boot.
Now we'll try to fix all other issues.

Let's see, if we can recover your missing features.
Download and run UnHide
Let me know, if it worked.
 
True and that worked that problem out. my start button list is still a bit off but everything else is back where its supposed to be. Thanks
 
Sorry I was not able to get on yesterday. Here are the Logs.

-----MALWARE BYTES LOG----
Malwarebytes' Anti-Malware 1.51.0.1200
www.malwarebytes.org

Database version: 6893

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

6/21/2011 3:26:15 AM
mbam-log-2011-06-21 (03-26-15).txt

Scan type: Quick scan
Objects scanned: 234886
Time elapsed: 34 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 1
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\ActiveDesktop\NoChangingWallPaper (PUM.Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
 
-----GMER LOG----

GMER 1.0.15.15640 - http://www.gmer.net
Rootkit scan 2011-06-22 23:09:46
Windows 5.1.2600 Service Pack 3 Harddisk0\DR0 -> \Device\Ide\IdePort0 WDC_WD800BB-75JHC0 rev.06.01C06
Running: mgtk0wc4.exe; Driver: C:\DOCUME~1\LINDSA~1\LOCALS~1\Temp\uwlyapob.sys


---- Kernel code sections - GMER 1.0.15 ----

init C:\WINDOWS\system32\drivers\senfilt.sys entry point in "init" section [0xF7AEAF80]

---- User code sections - GMER 1.0.15 ----

.text C:\WINDOWS\System32\svchost.exe[856] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00CB000A
.text C:\WINDOWS\System32\svchost.exe[856] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00CC000A
.text C:\WINDOWS\System32\svchost.exe[856] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00CA000C
.text C:\WINDOWS\System32\svchost.exe[856] ole32.dll!CoCreateInstance 7750057E 5 Bytes JMP 00D8000A
.text C:\WINDOWS\Explorer.EXE[1208] ntdll.dll!NtProtectVirtualMemory 7C90D6EE 5 Bytes JMP 00BD000A
.text C:\WINDOWS\Explorer.EXE[1208] ntdll.dll!NtWriteVirtualMemory 7C90DFAE 5 Bytes JMP 00BE000A
.text C:\WINDOWS\Explorer.EXE[1208] ntdll.dll!KiUserExceptionDispatcher 7C90E47C 5 Bytes JMP 00B7000C

---- Devices - GMER 1.0.15 ----

AttachedDevice \Driver\Tcpip \Device\Ip avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\Tcp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort0 8375F39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdePort1 8375F39B
Device \Driver\atapi -> DriverStartIo \Device\Ide\IdeDeviceP1T0L0-e 8375F39B

AttachedDevice \Driver\Tcpip \Device\Udp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)
AttachedDevice \Driver\Tcpip \Device\RawIp avgtdix.sys (AVG Network connection watcher/AVG Technologies CZ, s.r.o.)

Device \FileSystem\Fastfat \Fat EB907D20

AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation)

Device \Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-75JHC0______________________06.01C06#5&2a84b1a5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found

---- Registry - GMER 1.0.15 ----

Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{47629D4B-2AD3-4e50-B716-A66C15C63153}\InprocServer32@cd042efbbd7f7af1647644e76e06692b 0xE2 0x63 0x26 0xF1 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{604BB98A-A94F-4a5c-A67C-D8D3582C741C}\InprocServer32@bca643cdc5c2726b20d2ecedcc62c59b 0x71 0x3B 0x04 0x66 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{684373FB-9CD8-4e47-B990-5A4466C16034}\InprocServer32@2c81e34222e8052573023a60d06dd016 0x7A 0x45 0x05 0xFD ...
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{74554CCD-F60F-4708-AD98-D0152D08C8B9}\InprocServer32@2582ae41fb52324423be06337561aa48 0x86 0x8C 0x21 0x01 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{7EB537F9-A916-4339-B91B-DED8E83632C0}\InprocServer32@caaeda5fd7a9ed7697d9686d4b818472 0xE9 0x02 0x6C 0xFA ...
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{948395E8-7A56-4fb1-843B-3E52D94DB145}\InprocServer32@a4a1bcf2cc2b8bc3716b74b2b4522f5d 0xB0 0x18 0xED 0xA7 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{AC3ED30B-6F1A-4bfc-A4F6-2EBDCCD34C19}\InprocServer32@4d370831d2c43cd13623e232fed27b7b 0xFB 0xA7 0x78 0xE6 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{DE5654CA-EB84-4df9-915B-37E957082D6D}\InprocServer32@1d68fe701cdea33e477eb204b76f993d 0x01 0x3A 0x48 0xFC ...
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{E39C35E8-7488-4926-92B2-2F94619AC1A5}\InprocServer32@1fac81b91d8e3c5aa4b0a51804d844a3 0xF6 0x0F 0x4E 0x58 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{EACAFCE5-B0E2-4288-8073-C02FF9619B6F}\InprocServer32@f5f62a6129303efb32fbe080bb27835b 0x37 0xA4 0xAA 0xC3 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{F8F02ADD-7366-4186-9488-C21CB8B3DCEC}\InprocServer32@fd4e2e1a3940b94dceb5a6a021f2e3c6 0xE3 0x0E 0x66 0xD5 ...
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ThreadingModel Apartment
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@ C:\WINDOWS\system32\OLE32.DLL
Reg HKLM\SOFTWARE\Classes\CLSID\{FEE45DE2-A467-4bf9-BF2D-1411304BCD84}\InprocServer32@8a8aec57dd6508a385616fbc86791ec2 0x6C 0x43 0x2D 0x1E ...

---- Disk sectors - GMER 1.0.15 ----

Disk \Device\Harddisk0\DR0 TDL4@MBR code has been found <-- ROOTKIT !!!
Disk \Device\Harddisk0\DR0 sector 00: rootkit-like behavior

---- EOF - GMER 1.0.15 ----
 
----DDS LOG 1----

.
DDS (Ver_2011-06-12.02) - NTFSx86
Internet Explorer: 8.0.6001.18702
Run by Lindsay Dawedeit at 23:14:14 on 2011-06-22
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.234 [GMT -7:00]
.
AV: AVG Anti-Virus Free *Enabled/Updated* {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spool\DRIVERS\W32X86\3\DLCCserv.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Google\Update\GoogleUpdate.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\hkcmd.exe
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\system32\dlcccoms.exe
C:\Documents and Settings\Lindsay Dawedeit\Desktop\mgtk0wc4.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.oovoostart.com/?cfg=2-201-0-33NUP&engine_id=1&provider_id=1&product_id=201&country=US
uDefault_Page_URL = hxxp://ieaddons.com/en/students
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mDefault_Page_URL = hxxp://www.yahoo.com
mStart Page = hxxp://www.yahoo.com
uInternet Settings,ProxyServer = socks=127.0.0.1:4021
uInternet Settings,ProxyOverride = local
mSearchAssistant = hxxp://start.facemoods.com/?a=ddr&s={searchTerms}&f=4
mURLSearchHooks: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - c:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll
BHO: AVG Safe Search: {3ca2f312-6f6e-4b53-a66e-4e65e497c8c0} - c:\program files\avg\avg8\avgssie.dll
BHO: AVG Security Toolbar BHO: {a3bc75a2-1f87-4686-aa43-5347d756017c} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
BHO: Skype Plug-In: {ae805869-2e5c-4ed4-8f7b-f1f7851a4497} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.6.6209.1142\swg.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
TB: AVG Security Toolbar: {ccc7a320-b3ca-4199-b1a6-9f516dd69829} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar_32.dll
EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [swg] "c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe"
uRun: [Skype] "c:\program files\skype\phone\Skype.exe" /nosplash /minimized
mRun: [AVG8_TRAY] c:\progra~1\avg\avg8\avgtray.exe
mRun: [QuickTime Task] "c:\program files\quicktime\qttask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [dlccmon.exe] "c:\program files\dell photo aio printer 924\dlccmon.exe"
mRun: [DLCCCATS] rundll32 c:\windows\system32\spool\drivers\w32x86\3\DLCCtime.dll,_RunDLLEntry@16
mRun: [IgfxTray] c:\windows\system32\igfxtray.exe
mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe
mRun: [Persistence] c:\windows\system32\igfxpers.exe
mRun: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office12\EXCEL.EXE/3000
IE: Google Sidewiki... - c:\program files\google\google toolbar\component\GoogleToolbarDynamic_mui_en_D183CA64F05FDD98.dll/cmsidewiki.html
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~4\office12\ONBttnIE.dll
IE: {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - {898EA8C8-E7FF-479B-8935-AEC46303B9E5} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~4\office12\REFIEBAR.DLL
DPF: {166B1BCA-3F9C-11CF-8075-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} - c:\program files\yahoo!\common\Yinsthelper.dll
DPF: {55027008-315F-4F45-BBC3-8BE119764741} - hxxp://www.slide.com/uploader/SlideImageUploader.cab
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_17-windows-i586.cab
DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - hxxp://content.systemrequirementslab.com.s3.amazonaws.com/global/bin/srldetect_intel_4.4.24.0.cab
DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://download.macromedia.com/pub/shockwave/cabs/flash/swflash.cab
Filter: text/html - {fddeb10c-be9a-4c4f-ab1b-df353fd36a67} -
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - c:\program files\avg\avg8\toolbar\IEToolbar.dll
Handler: cetihpz - {CF184AD3-CDCB-4168-A3F7-8E447D129300} - c:\program files\hp\hpcoretech\comp\hpuiprot.dll
Handler: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - c:\program files\avg\avg8\avgpp.dll
Handler: skype-ie-addon-data - {91774881-D725-4E58-B298-07617B9B86A8} - c:\program files\skype\toolbars\internet explorer\skypeieplugin.dll
Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - c:\progra~1\common~1\skype\SKYPE4~1.DLL
Notify: avgrsstarter - avgrsstx.dll
Notify: igfxcui - igfxdev.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
.
============= SERVICES / DRIVERS ===============
.
R1 AvgLdx86;AVG Free AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2009-11-25 335240]
R1 AvgMfx86;AVG Free On-access Scanner Minifilter Driver x86;c:\windows\system32\drivers\avgmfx86.sys [2007-7-30 27784]
R1 AvgTdiX;AVG Free8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2009-11-25 108552]
R1 SAVRKBootTasks;Boot Tasks Driver;c:\windows\system32\SAVRKBootTasks.sys [2011-3-28 18816]
R2 DLCCCustomerConnect;DLCCCustomerConnect;c:\windows\system32\spool\drivers\w32x86\3\dlccserv.exe [2011-2-28 57344]
R3 JSWSCIMD;jswscimd Service;c:\windows\system32\drivers\jswscimd.sys [2008-10-1 57440]
S0 nielprt;Nielsen Patch Service;c:\windows\system32\drivers\nielprt.sys --> c:\windows\system32\drivers\nielprt.sys [?]
S2 avg8emc;AVG Free8 E-mail Scanner;c:\progra~1\avg\avg8\avgemc.exe [2009-11-25 908056]
S2 clr_optimization_v4.0.30319_32;Microsoft .NET Framework NGEN v4.0.30319_X86;c:\windows\microsoft.net\framework\v4.0.30319\mscorsvw.exe [2010-3-18 130384]
S2 gupdate;Google Update Service (gupdate);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 AVG Security Toolbar Service;AVG Security Toolbar Service;c:\program files\avg\avg8\toolbar\ToolbarBroker.exe [2011-1-6 947528]
S3 cpudrv;cpudrv;c:\program files\systemrequirementslab\cpudrv.sys [2009-12-18 11336]
S3 DNINDIS5;DNINDIS5 NDIS Protocol Driver;c:\windows\system32\DNINDIS5.sys [2003-7-24 17149]
S3 gupdatem;Google Update Service (gupdatem);c:\program files\google\update\GoogleUpdate.exe [2010-2-13 135664]
S3 jswpsapi;Jumpstart Wifi Protected Setup;c:\program files\netgear\wn111v2\jswpsapi.exe [2008-2-27 360547]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [2011-6-18 39984]
S3 MEMSWEEP2;MEMSWEEP2;\??\c:\windows\system32\5.tmp --> c:\windows\system32\5.tmp [?]
S3 NielGfx;Nielsen USB GFX;c:\windows\system32\drivers\nielgfx.sys --> c:\windows\system32\drivers\nielgfx.sys [?]
S3 PRESONUS_AUDIOBOX_MIDI;Presonus AudioBox WDM MIDI Device;c:\windows\system32\drivers\psabusbm.sys [2011-3-21 31864]
S3 PRESONUS_AUDIOBOX_USB;Presonus AudioBox USB driver;c:\windows\system32\drivers\psabusbu.sys [2011-3-21 401016]
S3 PRESONUS_AUDIOBOX_WDM;Presonus AudioBox USB WDM;c:\windows\system32\drivers\psabusba.sys [2011-3-21 40568]
S3 WN111v2;NETGEAR WN111v2 USB2.0 Wireless Card Service;c:\windows\system32\drivers\WN111v2.sys [2008-9-30 453120]
S3 WPFFontCache_v0400;Windows Presentation Foundation Font Cache 4.0.0.0;c:\windows\microsoft.net\framework\v4.0.30319\wpf\WPFFontCache_v0400.exe [2010-3-18 753504]
S4 avg8wd;AVG Free8 WatchDog;c:\progra~1\avg\avg8\avgwdsvc.exe [2009-11-25 297752]
.
=============== Created Last 30 ================
.
2011-06-21 05:20:01 52352 ----a-w- c:\windows\system32\drivers\volsnap.sys
2011-06-19 06:08:10 39984 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-06-19 05:55:42 -------- d-----w- c:\documents and settings\lindsay dawedeit\application data\Malwarebytes
2011-06-19 05:55:42 -------- d-----w- c:\documents and settings\all users\application data\Malwarebytes
2011-06-19 05:48:32 -------- d-----w- c:\documents and settings\lindsay dawedeit\local settings\application data\Deployment
2011-06-19 05:42:14 -------- d-----w- c:\program files\SystemRequirementsLab
2011-06-19 05:38:11 -------- d-----w- c:\documents and settings\all users\application data\Atheros
2011-06-19 05:26:06 135168 ----a-w- c:\windows\system32\igfxres.dll
2011-06-18 22:03:13 -------- d-----w- C:\_OTL
2011-06-12 18:48:51 0 ----a-w- c:\documents and settings\lindsay dawedeit\dkjujdsdwh.tmp
2011-06-11 09:10:02 -------- d-----w- c:\program files\DBO_CT_TW
2011-06-11 05:09:54 -------- d-----w- c:\documents and settings\lindsay dawedeit\application data\uTorrent
2011-06-10 22:11:09 -------- d-----w- c:\windows\system32\wbem\repository\FS
2011-06-10 22:11:09 -------- d-----w- c:\windows\system32\wbem\Repository
2011-05-26 18:47:49 -------- d-sh--w- C:\found.000
2011-05-25 21:05:07 -------- d-----w- c:\windows\ie8
2011-05-25 06:27:03 -------- d-----w- c:\program files\Adobe Download Assistant
.
==================== Find3M ====================
.
2006-10-06 00:36:18 774144 ----a-w- c:\program files\RngInterstitial.dll
.
=================== ROOTKIT ====================
.
Stealth MBR rootkit/Mebroot/Sinowal/TDL4 detector 0.4.2 by Gmer, http://www.gmer.net
Windows 5.1.2600 Disk: WDC_WD800BB-75JHC0 rev.06.01C06 -> Harddisk0\DR0 -> \Device\Ide\IdePort0 P0T0L0-3
.
device: opened successfully
user: MBR read successfully
.
Disk trace:
called modules: ntoskrnl.exe CLASSPNP.SYS disk.sys >>UNKNOWN [0x8375F555]<<
_asm { PUSH EBP; MOV EBP, ESP; PUSH ECX; MOV EAX, [EBP+0x8]; CMP EAX, [0x837657b0]; MOV EAX, [0x8376582c]; PUSH EBX; PUSH ESI; MOV ESI, [EBP+0xc]; MOV EBX, [ESI+0x60]; PUSH EDI; JNZ 0x20; MOV [EBP+0x8], EAX; }
1 nt!IofCallDriver[0x804E37D5] -> \Device\Harddisk0\DR0[0x83792AB8]
3 CLASSPNP[0xF88C7FD7] -> nt!IofCallDriver[0x804E37D5] -> [0x836FFBC8]
\Driver\atapi[0x837CB320] -> IRP_MJ_CREATE -> 0x8375F555
kernel: MBR read successfully
_asm { MOV AX, 0x0; MOV SS, AX; MOV SP, 0x7c00; MOV DS, AX; CLD ; MOV CX, 0x80; MOV SI, SP; MOV DI, 0x600; MOV ES, AX; REP MOVSD ; JMP FAR 0x0:0x62d; }
detected disk devices:
\Device\Ide\IdeDeviceP0T0L0-3 -> \??\IDE#DiskWDC_WD800BB-75JHC0______________________06.01C06#5&2a84b1a5&0&0.0.0#{53f56307-b6bf-11d0-94f2-00a0c91efb8b} device not found
detected hooks:
\Driver\atapi DriverStartIo -> 0x8375F39B
user & kernel MBR OK
Warning: possible TDL3 rootkit infection !
.
============= FINISH: 23:15:42.68 ===============
 
Status
Not open for further replies.

Similar threads

E
I have been taken over by a software called Astanda using XML to Log everything and roaming to an SQL server.
Replies
0
Views
476
eriksnyman1
E
bruno167573
What should i do?
Replies
15
Views
183
bruno167573
bruno167573
Squid Surprise
Threadripper 7980x Build - occasional black screen?
Replies
5
Views
195
Squid Surprise
Squid Surprise

Latest posts

Back