I think it started with AntiVirus2009? [Solved]

Hi shaly777 ,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

There are a some things that I need to make clear to you, before we continue, that will help us both:

• Please read all of my instructions, in each post, before you continue with the fix. (If there is anything that you need clarified/don't understand, please ask)
• Please don't perform any steps/fixes with tools that I have not asked you to do. Many of the fixes require specific steps to be taken in a set order.
• Make sure that all of the logs/reports, that I ask for, get posted completely.
• Check out the information Here, if you are unsure how to send replies etc

OK, on with the fix:
Please download the following & save to your Desktop:
ComboFix from one of these locations:
Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop

• Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools
  
  
• Double click on ComboFix.exe & follow the prompts.
  
  
• As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  
  
• Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:




Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply.

Cheers,

sage5

(If there is anything that you need clarified/don't understand, please ask)

One quick question: In regards to disabling my avast & superantispyware...I'm not sure I fully understand what you are telling me to do. And so I just want to clarify.
I did right click on the icons on taskbar...but no option was listed for 'disable'. I have no problem completely uninstalling (temporarily) the SUPERantispyware. However I'd rather not uninstall avast! So.....can you tell me in a little more detail how to effectively disable avast? Sorry for my ignorance...but, that's why I am seeking help from GtoG!
Thank You!!

Hi shaly777 ,
To disable SuperAntiSpyware:
Go to the Disable Real-time Protection thread.

For aVast:
Check out This Thread, right at the top of the page.
Or for a more complete picture, download the appropriate manual, either the
aVast Home manual or the
aVast Professional manual & check out pages 20 & 21

Cheers,

sage5

Edited by sage5, 14 May 2009 - 03:37 PM.

Ok sage...the link that you sent me for the SUPERantispyware was no good...so I just uninstalled it (I hope I didn't screw up)
and if you think I should, I will RE-install it.
I do have malwarebytes though...is that the equivilent to SUPERanti? ....or no?

I disabled the avast (which I have now ENabled back...).
I ran the ComboFix and got the log Here it is:

ComboFix 09-05-14.03 - shannon 05/14/2009 22:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.144 [GMT -5:00]
Running from: c:\documents and settings\shannon\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090514-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\danielle\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\shannon\Application Data\inst.exe
c:\documents and settings\shannon\Local Settings\Temporary Internet Files\Cpvff.stt
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\kilatape.dll
c:\windows\system32\pezatehe.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-10 23:41 . 2009-05-10 23:41 -------- d-----w c:\documents and settings\shannon\Application Data\Uniblue
2009-05-10 23:40 . 2009-05-10 23:40 -------- d-----w c:\program files\Uniblue
2009-05-10 23:39 . 2009-05-10 23:40 -------- dc-h--w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-05-08 18:39 . 2009-05-08 18:39 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-08 18:39 . 2009-05-15 03:09 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-08 18:39 . 2009-05-08 18:39 -------- d-----w c:\documents and settings\shannon\Application Data\SUPERAntiSpyware.com
2009-05-08 04:27 . 2009-05-08 04:28 -------- d-----w C:\GeekstoGo
2009-05-08 01:44 . 2009-05-08 01:46 -------- d-----w c:\program files\ERUNT-5-7-09
2009-05-06 23:03 . 2009-05-06 23:03 -------- d-----w c:\program files\Alwil Software
2009-05-06 18:53 . 2007-12-24 22:37 138384 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-06 18:51 . 2009-05-06 18:51 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-05 16:54 . 2009-05-05 16:54 -------- d-----w c:\documents and settings\danielle\Application Data\Malwarebytes
2009-05-05 16:54 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 16:54 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 16:54 . 2009-05-05 16:54 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 14:22 . 2009-05-03 14:22 -------- d-----w c:\program files\Bonjour
2009-05-01 20:55 . 2009-05-01 20:55 -------- d-----w C:\Cache
2009-04-29 21:17 . 2009-04-29 21:17 -------- d-----w c:\documents and settings\shannon\Application Data\Malwarebytes
2009-04-29 21:17 . 2009-04-29 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 12:18 . 2009-04-29 12:18 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-04-28 04:51 . 2009-04-28 17:00 -------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-04-28 01:46 . 2009-04-28 01:46 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-27 19:15 . 2009-04-28 14:29 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-27 16:27 . 2009-04-27 16:32 -------- d-----w c:\windows\system32\NtmsData
2009-04-26 05:31 . 2009-04-26 05:31 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
2009-04-25 19:40 . 2009-04-25 22:40 0 ----a-w c:\temp\clipstreamsa.dll
2009-04-25 16:41 . 2009-04-25 16:41 -------- d-----w c:\documents and settings\shannon\Local Settings\Application Data\Citrix
2009-04-25 16:41 . 2009-04-25 16:41 61224 ----a-w c:\documents and settings\shannon\GoToAssistDownloadHelper.exe
2009-04-24 21:57 . 2009-04-24 21:57 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-24 21:52 . 2009-05-04 15:46 46704 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 16:13 . 2009-04-24 16:13 -------- d-----w c:\documents and settings\shannon\Application Data\Logs
2009-04-24 16:07 . 2009-05-06 14:13 -------- d-----w C:\My Downloads
2009-04-24 12:02 . 2009-04-24 12:02 444 ----a-w c:\windows\system32\d3d8caps.dat
2009-04-23 11:51 . 2009-04-23 11:51 -------- d-----w c:\program files\Common Files\Scanner
2009-04-22 15:34 . 2009-04-22 15:34 -------- d-----w c:\documents and settings\shannon\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 17:23 . 2004-12-23 20:16 -------- d-----w c:\program files\Common Files\AOL
2009-05-07 00:12 . 2004-12-23 20:14 -------- d-----w c:\program files\McAfee.com
2009-04-29 12:11 . 2009-04-29 12:08 46704 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 15:00 . 2008-04-27 02:43 -------- d-----w c:\program files\Yahoo!
2009-04-24 21:56 . 2008-05-30 19:30 -------- d-----w c:\program files\LimeWire
2009-04-16 16:42 . 2009-02-10 02:03 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 14:32 . 2008-05-03 01:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 14:05 . 2008-06-11 02:42 -------- d-----w c:\program files\Norton Security Scan
2009-04-14 19:56 . 2004-12-23 20:03 -------- d-----w c:\program files\Java
2009-04-09 12:47 . 2008-05-14 03:25 -------- d-----w c:\program files\Symantec
2009-03-30 13:42 . 2008-05-30 19:39 -------- d-----w c:\program files\Google
2009-03-25 08:08 . 2009-03-25 08:08 -------- d-----w c:\program files\NOS
2009-03-09 10:19 . 2009-01-23 21:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 11:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 11:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-23 26112]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"HostManager"="c:\program files\Common Files\AOL\1227810304\ee\AOLSoftware.exe" [2006-04-13 50792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\shannon\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT-5-7-09\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-12-23 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-23 24576]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\SYSTEM32\\dwwin.exe"=
"c:\\Program Files\\Dell\\Support\\Alert\\bin\\DBGLogger.exe"=
"c:\\Program Files\\Common Files\\Dell\\EUSW\\DSLog.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/6/2009 6:03 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/6/2009 6:03 PM 20560]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 3:48 PM 602392]
S1 cvrwsogn;cvrwsogn;\??\c:\windows\system32\drivers\cvrwsogn.sys --> c:\windows\system32\drivers\cvrwsogn.sys [?]
S1 xweoqthr;xweoqthr;\??\c:\windows\system32\drivers\xweoqthr.sys --> c:\windows\system32\drivers\xweoqthr.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [3/25/2009 3:08 AM 33176]
.
Contents of the 'Scheduled Tasks' folder

2009-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
Trusted Zone: att.net
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: plaxo.com\www
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com\clientapps
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\shannon\Application Data\Mozilla\Firefox\Profiles\qqfrxqgt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.itsyourturn.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={CAFBA147-1782-CC91-1094-4543E1E922C4}&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 22:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????P???????????????X:??????????P???????x???????????x???????????????????x???? ??x???x???0???X??????|????@???x???????X???????4???????x???????????x??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2280)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-15 22:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-15 03:35

Pre-Run: 19,288,682,496 bytes free
Post-Run: 20,138,393,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

204 --- E O F --- 2009-05-13 19:59


It looks so very interesting...of course I don't really know what any of it means...but I do have a couple of items I keep noticing like DNSResponder; Apple something..(what are they?)
and a couple other things I see, like AOL & Symantec, I don't even use those anymore. McAfee either....should they still be in my system?
and also like I was curious about the deleted items...
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\kilatape.dll
c:\windows\system32\pezatehe.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
C:\xcrashdump.dat
Are these bugs? 'crashdump'? and 'kilatape'? they really even SOUND like they're up to no good!

Sorry if I ask too many questions, this is just so intriguing and while I have an EXPERT on the other end, I figured I better try to learn all I can!
THANK YOU!!!!!!!!!!......Is my PC in trouble or will we make it?
I look forward to your replies!

Hi shaly777 ,

and also like I was curious about the deleted items...
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\kilatape.dll
c:\windows\system32\pezatehe.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
C:\xcrashdump.dat
Are these bugs? 'crashdump'? and 'kilatape'? they really even SOUND like they're up to no good!

Answer: Those files you listed are all issues that ComboFix has removed.

but I do have a couple of items I keep noticing like DNSResponder; Apple something..(what are they?)

Answer: They are both parts of a past install of iTunes, which seems to have been removed (Yes/No)

On with the fix:

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
  PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
  SRV - (Automatic LiveUpdate Scheduler [Auto | Stopped]) -- File not found
  SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
  SRV - (LiveUpdate [On_Demand | Stopped]) -- File not found
  SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
  SRV - (McShield [Unknown | Stopped]) -- File not found
  SRV - (McSysmon [On_Demand | Stopped]) -- File not found
  O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
  O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - Reg Error: Key error. File not found
  O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - Reg Error: Key error. File not found
  O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
  O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen9.exe (Reg Error: Key error.)
  O20 - AppInit_DLLs: (c:\windows\system32\tovebogi.dll) - c:\windows\system32\tovebogi.dll File not found
  
  :Services
  LiveUpdate
  LiveUpdate Notice Ex
  McShield
  McSysmon
  cvrwsogn
  xweoqthr
  
  :Reg
  
  :Files
  C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
  C:\DOCUME~1\shannon\My Documents\Fonts\fonts\crackman.zip
  c:\documents and settings\shannon\Application Data\McAfee
  c:\temp\clipstreamsa.dll
  c:\program files\Common Files\AOL
  c:\program files\McAfee.com
  c:\program files\Common Files\Symantec Shared
  c:\program files\Norton Security Scan
  c:\program files\Symantec
  c:\windows\system32\drivers\xweoqthr.sys
  c:\windows\system32\drivers\cvrwsogn.sys
  
  :Commands
  [purity]
  [emptytemp]
  [resethosts]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post a new OTL2 log

By the way, please resist the use of other fonts, bold text & colours, I just require the information.
We use them to draw your attention to important parts of the log

Cheers,

sage5

Here ya go....Thanks!!



========== OTLISTIT ==========
Process explorer.exe killed successfully!
Process PIFSvc.exe killed successfully!
Process PIFSvc.exe killed successfully!

Service\Driver Automatic LiveUpdate Scheduler deleted successfully.
File File not found not found.
Service\Driver LiveUpdate Notice Service stopped successfully.
Service\Driver LiveUpdate Notice Service deleted successfully.
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe moved successfully.

Service\Driver LiveUpdate deleted successfully.
File File not found not found.

Service\Driver LiveUpdate Notice Ex deleted successfully.
File File not found not found.
Service\Driver McShield not found.
Service\Driver key McShield deleted successfully.
File File not found not found.

Service\Driver McSysmon deleted successfully.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7F30B62-8269-41AF-9539-B2697FA7D77E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7F30B62-8269-41AF-9539-B2697FA7D77E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng deleted successfully.
File "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" not found.
Starting removal of ActiveX control {15589FA1-C456-11CE-BF01-00AA0055595A}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
========== SERVICES/DRIVERS ==========
Service\Driver LiveUpdate not found.
Service\Driver LiveUpdate not found.
Service\Driver LiveUpdate Notice Ex not found.
Service\Driver LiveUpdate Notice Ex not found.
Service\Driver McShield not found.
Service\Driver McShield not found.
Service\Driver McSysmon not found.
Service\Driver McSysmon not found.
Service\Driver McSysmon not found.
Service\Driver cvrwsogn deleted successfully.
Service\Driver McSysmon not found.
Service\Driver xweoqthr deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe not found.
C:\DOCUME~1\shannon\My Documents\Fonts\fonts\crackman.zip moved successfully.
c:\documents and settings\shannon\Application Data\McAfee\Supportability\MVTLogs\Results moved successfully.
c:\documents and settings\shannon\Application Data\McAfee\Supportability\MVTLogs moved successfully.
c:\documents and settings\shannon\Application Data\McAfee\Supportability moved successfully.
c:\documents and settings\shannon\Application Data\McAfee moved successfully.
LoadLibrary failed for c:\temp\clipstreamsa.dll
c:\temp\clipstreamsa.dll NOT unregistered.
c:\temp\clipstreamsa.dll moved successfully.
c:\program files\Common Files\AOL\System Information moved successfully.
c:\program files\Common Files\AOL\Loader moved successfully.
c:\program files\Common Files\AOL\Launch moved successfully.
c:\program files\Common Files\AOL\IPHSend moved successfully.
c:\program files\Common Files\AOL\Backup\ACS\Rollback moved successfully.
c:\program files\Common Files\AOL\Backup\ACS\Current\US moved successfully.
c:\program files\Common Files\AOL\Backup\ACS\Current moved successfully.
c:\program files\Common Files\AOL\Backup\ACS moved successfully.
c:\program files\Common Files\AOL\Backup moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\pt moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\ja moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\fr-CA moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\fr moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\es-US moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\es moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\en-GB moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\en-CA moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\en moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\de moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale moved successfully.
c:\program files\Common Files\AOL\AOLDiag moved successfully.
c:\program files\Common Files\AOL\ACS moved successfully.
c:\program files\Common Files\AOL\ACF moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlDispatcher\ver4_2_6_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlDispatcher moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlData\ver1_4_14_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlData moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\uiPlugins\ver2_2_5_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\uiPlugins moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Window pane moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Main window moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\List view window moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\History content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Fwd_Back button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\drop-down button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Content window moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Column moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Browser controls_small moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Browser controls moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\3 pieces button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework\ver2_30_7_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework\ver2_30_7_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework\ver2_30_7_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate\ver1_14_4_2\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate\ver1_14_4_2\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate\ver1_14_4_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\security\ver1_0_6_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\security moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\script\ver1_3_2_4 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\script moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\preferences\ver3_4_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\preferences moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\os\ver4_2_6_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\os moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\notification\ver3_12_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\notification moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\miniXML\ver1_4_4_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\miniXML moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\metrics\ver3_6_13_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\metrics moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\localStorage\ver4_5_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\localStorage moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityInformation\ver4_3_3_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityInformation moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\theme moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\content\aam moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\http\ver1_17_2_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\http moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\htmlRenderer\ver1_0_14_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\htmlRenderer moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\feeds\ver2_0_2_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\feeds moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\favoritesExporter\ver2_1_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\favoritesExporter moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\enhancedFavorites\ver1_3_3_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\enhancedFavorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection\ver5_5_1_4\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection\ver5_5_1_4\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection\ver5_5_1_4 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\compression\ver2_3_1_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\compression moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes\tabs_dark moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes\navbuttons_glass_white moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes\navbuttons_glass moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\feeds moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\favorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets\mail moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets\html moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets\feeds moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\spyzapper moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\settings moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\panels\history moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\panels\favorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\panels moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\gadgets moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\favorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\TabScroll moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\SuperTwisty moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\InputFields moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\FontToolbar moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\DarkTwisty moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\content\dialog moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\content\aolHelpBox moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyrenderer\ver1_4_26_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyrenderer moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\bfts\ver2_13_3_3\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\bfts\ver2_13_3_3 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\bfts moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\basics\ver6_4_7_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\basics moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\authentication\ver4_0_0_21 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\authentication moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services moved successfully.
c:\program files\Common Files\AOL\1227810304\ee moved successfully.
c:\program files\Common Files\AOL\1227810304 moved successfully.
c:\program files\Common Files\AOL moved successfully.
c:\program files\McAfee.com\Personal Firewall\data\summary moved successfully.
c:\program files\McAfee.com\Personal Firewall\data\style\RED moved successfully.
c:\program files\McAfee.com\Personal Firewall\data\style moved successfully.
c:\program files\McAfee.com\Personal Firewall\data moved successfully.
c:\program files\McAfee.com\Personal Firewall\Archive moved successfully.
c:\program files\McAfee.com\Personal Firewall moved successfully.
c:\program files\McAfee.com moved successfully.
c:\program files\Common Files\Symantec Shared\VirusDefs\20090328.003 moved successfully.
c:\program files\Common Files\Symantec Shared\VirusDefs moved successfully.
c:\program files\Common Files\Symantec Shared\Support Controls moved successfully.
c:\program files\Common Files\Symantec Shared\SPManifests moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01 moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09 moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} moved successfully.
c:\program files\Common Files\Symantec Shared\PIF moved successfully.
c:\program files\Common Files\Symantec Shared\Help moved successfully.
c:\program files\Common Files\Symantec Shared\CCPD-LC moved successfully.
c:\program files\Common Files\Symantec Shared moved successfully.
c:\program files\Norton Security Scan moved successfully.
c:\program files\Symantec\LiveUpdate moved successfully.
c:\program files\Symantec moved successfully.
File\Folder c:\windows\system32\drivers\xweoqthr.sys not found.
File\Folder c:\windows\system32\drivers\cvrwsogn.sys not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\shannon\Local Settings\temp\hsperfdata_shannon\3064 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shannon\Local Settings\temp\etilqs_MQrb2aarhkS1enNs9QAs scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_570.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.4 log created on 05152009_002914

Files moved on Reboot...
File C:\Documents and Settings\shannon\Local Settings\temp\hsperfdata_shannon\3064 not found!
File C:\Documents and Settings\shannon\Local Settings\temp\etilqs_MQrb2aarhkS1enNs9QAs not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_414.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_570.dat moved successfully.

Registry entries deleted on Reboot...

Hi shaly777 ,

That is looking much better.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion.

Upgrading Java:

• Download the latest version of Java Runtime Environment (JRE) 6.
• Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 13".
• Click the "Download" button to the right.
• Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
• Click on Continue.
• Click on the link to download jre-6u11-windows-i586-p.exe & save to your Desktop.
• Close all programs you may have running - especially your web browser, then double click on the jre-6u11-windows-i586-p.exe
  Note: this version shoul uninstall all the previous versions from your PC
  (Vista users, right cklick on the jre-6u11-windows-i586-p.exe and select "Run as an Administrator.")

• Read through the requirements and privacy statement and click on Accept button.
• It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
• When the downloads have finished, click on Settings.
• Make sure the following is checked.
  
  • Spyware, Adware, Dialers, and other potentially dangerous programs
    Archives
    Mail databases
• Click on My Computer under Scan.
• Once the scan is complete, it will display the results. Click on View Scan Report.
• You will see a list of infected items there. Click on Save Report As....
• Save this report to a convenient place, like C:\kasper.txt
• Please post this log in your next reply.

Edited by sage5, 14 May 2009 - 11:52 PM.

Good Morning!

Quick question: In trying to download Java it asks me to select my 'Platform'...I'm not sure what to select: Windows or Windows x64?

How do I find out? Or do you already know which it is based on all of my info you've looked at? Thanks!

NEVER MIND...I checked my Java and it says I have 6 update 13 ...and I think that's what you wanted me to have so I'm gonna go ahead with the Kaspersky...

Edited by shaly777, 15 May 2009 - 10:09 AM.

Hello! I'm back. It took me all day... but I got it! I had started scanning it the first time and it got to about 75% and the crazy browser closed on me...and when it came back up it was 0%. Not sure why it closed, but anyway...I believe I have a clean bill of health to report to you! Let me know what you think!
And I'd like your choice of an antispyware if malwarebytes is not sufficient for spyware...
THANK YOU!!!!

Friday, May 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 15, 2009 22:31:02
Records in database: 2181146
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 63665
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 03:17:31

No malware has been detected. The scan area is clean.
The selected area was scanned.

An additional quick note:
My pc just started doing that 'redirect' to other sites when I'm searching. I click on 'next page' and instead of showing me more search results, it opens a new tab with something else...ya know what I'm talking about?

Edited by shaly777, 15 May 2009 - 07:37 PM.

Hi shaly777 ,

Please run OTListIT2 again & post me back the new log.

Cheers,

sage5

Sorry again:

But...I need to know what settings?

Run: Scan or Fix?
Output: Standard or Minimal?
Processes: None, Safe or All?
Services: None, Safe or All?
Drivers: None, Safe or All?
Standard Registry: None, Safe or All?
Extra Registry: None, Safe or All?

Do I check either of these?:
Whitelist? LOP? Purity?

I'd just rather ask and be safe than ASSUME & screw everything up!
THANK YOU THANK YOU THANK YOU!

Sorry, I thought I had given you those instructions.

Run OTListIt2:

• Close all open windows and double click the OTListIt2.exe icon on your Desktop
• Tick the Scan all Users box, & check Standard Output.
• Set the File Age: box to 30 days
• Leave all the other boxes set to the defaults
• Tick both the Lop Check & Purity Check boxes
• Click the Run Scan button and let the program run uninterrupted.
• It will produce a log for you. OTListIt.txt will open automatically.
• I need you to post the text from that log here.

NOTE: This can be a large file, and there is a limit to the number of characters that can be posted at once on this forum.
It may require you to make 2 posts, to get all the information to me

OTListIt logfile created on: 5/16/2009 12:11:35 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\shannon\Desktop\g2g
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 358.03 Mb Available Physical Memory | 70.20% Memory free
976.50 Mb Paging File | 679.31 Mb Available in Paging File | 69.57% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 18.55 Gb Free Space | 54.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF4Y9F61
Current User Name: shannon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2004/09/15 02:01:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/08/13 02:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/12/23 15:18:14 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2004/05/27 21:05:42 | 00,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2008/10/07 10:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2003/10/02 14:19:44 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/05/07 23:05:41 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\g2g\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/03 14:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/05/01 15:07:59 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 15:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2004/12/23 15:18:21 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2009/02/05 15:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 15:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2003/05/23 13:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2002/10/01 14:43:32 | 00,119,798 | ---- | M] (SP) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/08/04 04:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/08/13 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/10/08 11:11:20 | 00,093,979 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2008/11/01 16:10:20 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/04/26 10:49:56 | 00,381,056 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/08/13 14:48:58 | 00,258,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/08/13 02:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/10/08 11:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
DRV - [2003/10/08 11:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1



IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\S-1-5-21-3743842009-2038795801-1983877046-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\S-1-5-21-3743842009-2038795801-1983877046-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...x?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.itsyourturn.com/"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {67E713BF-4489-4506-8B0D-860F274AFB43}:1.0
FF - prefs.js..extensions.enabledItems: {E7A896B8-06FE-48CF-B442-027B82F407EF}:1.0
FF - prefs.js..extensions.enabledItems: {17AB44F1-3471-425F-834B-12363F2F0E9F}:1.0
FF - prefs.js..extensions.enabledItems: {EA371BF4-3539-4C1F-969A-EE2BC53805C5}:1.0
FF - prefs.js..extensions.enabledItems: {49CB0F59-F861-45C4-BF70-64023D1C25DF}:1.0
FF - prefs.js..extensions.enabledItems: {5E966B9C-55BB-48B6-ACF0-A92BB99BBE62}:1.0
FF - prefs.js..extensions.enabledItems: {7DB22281-3493-475D-AA8B-0E8A629A88A2}:1.0
FF - prefs.js..extensions.enabledItems: {C36B2675-2861-419B-85B2-7E96AF40FE8E}:1.0
FF - prefs.js..extensions.enabledItems: {F10717EC-59E6-4880-93B3-64C8516138C3}:1.0
FF - prefs.js..extensions.enabledItems: {22070566-98CA-43CC-9665-56619E74D7F1}:1.0
FF - prefs.js..extensions.enabledItems: {61C3F8C2-8807-4634-9EC3-DD1501F5C1F1}:1.0
FF - prefs.js..extensions.enabledItems: {660D75A8-0521-48E2-B1BD-A5749EE052EC}:1.0
FF - prefs.js..extensions.enabledItems: {75A89601-55ED-4667-9860-517F982CB8E4}:1.0
FF - prefs.js..extensions.enabledItems: {80B801CE-8A72-48BB-82E9-FB26C4B1A1FD}:1.0
FF - prefs.js..extensions.enabledItems: {93F87A09-DA82-47D4-A9C1-A0EB7073199F}:1.0
FF - prefs.js..extensions.enabledItems: {B9BF3C67-EBE5-4960-A25D-7E2247F15D89}:1.0
FF - prefs.js..extensions.enabledItems: {32966796-92CA-43A1-B0DB-993693FBF566}:1.0
FF - prefs.js..extensions.enabledItems: {8BC2DAF3-31E9-4D57-9891-3D5B6FBC2687}:1.0
FF - prefs.js..extensions.enabledItems: {897D1EF9-A127-420F-8015-5B36DE94DC0F}:1.0
FF - prefs.js..extensions.enabledItems: {DB23FAED-C0FD-4193-B67F-AE5A5E2327AB}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www.fastbrows...43E1E922C4}&q="

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/20 14:44:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/07 00:58:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/15 19:22:17 | 00,000,000 | ---D | M]

[2009/04/16 12:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions
[2008/12/05 10:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/16 12:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions\[email protected]
[2009/05/15 19:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions
[2009/02/12 13:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/25 03:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/05/06 17:06:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\[email protected]
[2009/05/07 20:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\[email protected]
[2009/05/15 19:41:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/24 16:02:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{17AB44F1-3471-425F-834B-12363F2F0E9F}
[2009/05/04 15:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{22070566-98CA-43CC-9665-56619E74D7F1}
[2009/05/05 06:52:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{32966796-92CA-43A1-B0DB-993693FBF566}
[2009/04/27 13:11:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{49CB0F59-F861-45C4-BF70-64023D1C25DF}
[2009/04/28 15:38:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5E966B9C-55BB-48B6-ACF0-A92BB99BBE62}
[2009/05/04 14:51:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{61C3F8C2-8807-4634-9EC3-DD1501F5C1F1}
[2009/05/04 15:43:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{660D75A8-0521-48E2-B1BD-A5749EE052EC}
[2009/04/22 09:23:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{67E713BF-4489-4506-8B0D-860F274AFB43}
[2009/05/04 15:51:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{75A89601-55ED-4667-9860-517F982CB8E4}
[2009/05/01 15:00:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7DB22281-3493-475D-AA8B-0E8A629A88A2}
[2009/05/04 14:54:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{80B801CE-8A72-48BB-82E9-FB26C4B1A1FD}
[2009/05/05 14:03:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{897D1EF9-A127-420F-8015-5B36DE94DC0F}
[2009/05/05 12:10:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8BC2DAF3-31E9-4D57-9891-3D5B6FBC2687}
[2009/05/04 15:50:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{93F87A09-DA82-47D4-A9C1-A0EB7073199F}
[2009/05/04 21:55:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/04 15:58:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B9BF3C67-EBE5-4960-A25D-7E2247F15D89}
[2009/05/01 15:50:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C36B2675-2861-419B-85B2-7E96AF40FE8E}
[2009/03/20 14:45:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/14 14:57:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/06 11:01:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DB23FAED-C0FD-4193-B67F-AE5A5E2327AB}
[2009/04/23 07:45:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E7A896B8-06FE-48CF-B442-027B82F407EF}
[2009/04/24 16:52:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{EA371BF4-3539-4C1F-969A-EE2BC53805C5}
[2009/05/04 09:52:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F10717EC-59E6-4880-93B3-64C8516138C3}
[2009/05/04 21:55:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/04 21:55:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/04 21:55:11 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/04 21:55:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/04 21:55:11 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/04 21:55:11 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/28 22:49:53 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/03/28 22:49:53 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/05/04 21:55:11 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/04 21:55:11 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/04 21:55:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227810304\ee\AOLSoftware.exe File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT-5-7-09\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1217652500267 (MUWebControl Class)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...129/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/15 19:22:17 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/05/15 19:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/15 19:04:59 | 00,002,614 | ---- | C] () -- C:\Documents and Settings\shannon\My Documents\KASPER2.html
[2009/05/15 00:29:14 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/14 22:36:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Local Settings\temp
[2009/05/14 22:22:03 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/14 22:21:59 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/14 22:21:57 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/14 22:19:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/14 22:19:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/14 22:19:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/14 22:19:10 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/14 22:19:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/14 22:19:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/14 22:19:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/14 22:19:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/14 22:16:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/14 22:14:30 | 02,988,491 | R--- | C] () -- C:\Documents and Settings\shannon\Desktop\ComboFix.exe
[2009/05/14 22:11:15 | 06,325,280 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\SUPERAntiSpyware.exe
[2009/05/14 22:09:17 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/13 14:51:58 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/10 18:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Uniblue
[2009/05/10 18:40:43 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2009/05/10 18:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/05/10 18:39:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/05/08 14:54:31 | 53,484,3392 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/08 13:39:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/08 13:39:02 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/08 13:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\SUPERAntiSpyware.com
[2009/05/08 00:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Desktop\g2g
[2009/05/07 23:27:09 | 00,000,000 | ---D | C] -- C:\GeekstoGo
[2009/05/07 20:45:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/07 20:44:45 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/07 20:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT-5-7-09
[2009/05/06 18:03:42 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 18:03:41 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 18:03:40 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 18:03:40 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 18:03:35 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 18:03:32 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 18:03:32 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 18:03:31 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 18:03:31 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 18:03:06 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 18:03:06 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 18:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/06 13:53:44 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/06 13:51:47 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/05 16:00:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/05 11:54:40 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 11:54:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 11:54:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 11:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/04 15:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/03 09:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/05/01 15:55:06 | 00,000,000 | ---D | C] -- C:\Cache
[2009/04/29 16:17:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Malwarebytes
[2009/04/29 16:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/27 23:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety CenterRebootActions
[2009/04/27 20:46:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/04/27 14:15:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/27 11:27:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/25 10:58:08 | 00,001,631 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\Dell Support.lnk
[2009/04/24 11:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Logs
[2009/04/24 11:07:27 | 00,000,000 | ---D | C] -- C:\My Downloads
[2009/04/24 07:02:41 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/23 06:51:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2008/11/27 13:22:46 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/11/01 23:21:53 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/06/27 22:33:38 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/30 18:57:52 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/05/30 18:57:51 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2008/05/18 15:20:11 | 00,000,128 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/05/13 22:05:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/23 15:22:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/23 15:10:45 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/23 14:32:02 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,958 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/15 23:46:12 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/05/15 19:22:17 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/05/15 19:04:59 | 00,002,614 | ---- | M] () -- C:\Documents and Settings\shannon\My Documents\KASPER2.html
[2009/05/15 00:33:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/15 00:33:39 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\shannon\Local Settings\DESKTOP.INI
[2009/05/15 00:33:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/15 00:33:28 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/15 00:31:51 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2009/05/14 22:29:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/14 22:22:03 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/05/14 22:15:04 | 02,988,491 | R--- | M] () -- C:\Documents and Settings\shannon\Desktop\ComboFix.exe
[2009/05/14 22:12:27 | 06,325,280 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\SUPERAntiSpyware.exe
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/10 18:40:44 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2009/05/09 23:53:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/08 14:26:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/07 20:44:45 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 20:22:57 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/06 19:47:58 | 00,000,958 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/06 19:47:58 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/05/06 18:03:42 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 13:51:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/05 11:54:40 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 23:51:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\nuhuroju
[2009/04/25 10:58:08 | 00,001,631 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\Dell Support.lnk
[2009/04/24 07:02:41 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

========== LOP Check ==========

[2009/04/24 16:57:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/04/24 16:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
[2009/04/24 16:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/05/04 10:48:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/04/24 16:57:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2004/12/23 15:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/05/15 19:22:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/10 18:40:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2008/10/28 20:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/05/15 19:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/11/27 13:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/11/27 13:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/08/08 16:16:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/02/09 21:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2004/12/23 15:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/04/16 09:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/03/30 07:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/12/23 15:11:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/12/11 16:58:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ITTNord
[2009/04/29 16:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/06 19:12:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/05/02 20:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/12/29 12:42:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/05/05 09:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/12/01 20:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/10/04 06:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/03/25 03:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/08 01:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2008/05/25 04:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/05/01 17:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/04/09 08:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/05/08 13:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/06/30 10:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2009/04/09 08:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/01/10 18:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/29 23:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2004/12/23 15:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/05 16:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/25 22:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/11/14 10:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/01/12 11:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/11/20 00:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/05/05 11:54:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\danielle\Application Data
[2008/06/21 10:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Adobe
[2008/06/21 10:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\AdobeUM
[2009/05/08 12:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\AOL
[2009/02/09 21:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Apple Computer
[2008/06/02 13:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Google
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Jasc Software Inc
[2008/05/01 16:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Leadertech
[2009/04/24 16:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\LimeWire
[2008/06/11 09:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Macromedia
[2009/05/05 11:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Malwarebytes
[2008/04/21 16:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\McAfee.com Personal Firewall
[2009/01/07 02:32:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\danielle\Application Data\Microsoft
[2009/01/22 16:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Motive
[2009/01/07 05:13:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Mozilla
[2008/08/06 19:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\MySpace
[2008/05/01 16:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Sun
[2009/01/07 02:28:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Yahoo!
[2004/12/23 15:20:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
[2004/12/23 15:05:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2004/12/23 15:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sun
[2009/04/29 07:18:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data
[2009/04/29 07:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Adobe
[2009/05/08 12:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AOL
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Jasc Software Inc
[2009/04/29 07:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Macromedia
[2009/04/29 07:18:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Guest\Application Data\Microsoft
[2009/04/29 07:18:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla
[2004/12/23 15:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Sun
[2009/04/29 07:10:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data\yahoo!
[2009/04/09 09:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/04/21 16:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/12/23 14:31:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/23 12:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/04/26 00:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/11/07 14:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/11/07 14:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2004/12/23 14:31:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/26 00:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2009/05/15 00:29:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\shannon\Application Data
[2008/06/10 21:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Adobe
[2009/05/15 19:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\AdobeUM
[2009/05/08 12:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\AOL
[2009/04/16 11:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Apple Computer
[2008/06/21 21:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Corel
[2008/05/03 15:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Earthlink
[2008/05/03 15:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\EarthLink Toolbar
[2008/10/04 13:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Eyeblaster
[2009/01/10 17:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\funkitron
[2008/12/10 11:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\GameHouse
[2008/10/01 08:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\GetRightToGo
[2008/07/16 23:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Google
[2008/04/21 19:34:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Help
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Identities
[2008/12/03 20:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\iWin
[2008/04/26 16:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Jasc Software Inc
[2008/05/04 00:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Leadertech
[2009/04/16 12:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\LimeWire
[2009/04/24 11:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Logs
[2008/06/10 21:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Macromedia
[2009/04/29 16:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Malwarebytes
[2008/04/21 18:50:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\McAfee.com Personal Firewall
[2008/11/25 22:03:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\shannon\Application Data\Microsoft
[2008/05/06 20:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Motive
[2008/12/05 10:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Mozilla
[2008/05/15 19:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\MSNInstaller
[2008/07/04 17:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Musicmatch
[2008/12/11 16:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\MyCity
[2008/08/06 11:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\MySpace
[2008/10/04 06:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Skip-Bo
[2008/06/03 07:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Slide
[2008/08/30 01:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Snapfish
[2008/05/04 00:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Sun
[2009/05/08 13:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\SUPERAntiSpyware.com
[2009/05/10 18:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Uniblue
[2009/01/27 18:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Viewpoint
[2008/11/06 19:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Vso
[2008/11/14 10:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Yahoo!
[2009/05/09 23:53:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/05/15 23:46:12 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/05/15 00:33:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:390B30B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A98C8FA6
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC89CE5A
< End of report >

Hi shaly777 ,

Run OTListIt2.exe

• Under the Custom Scans/Fixes box at the bottom, paste in the following
  
  

  :OTLI
  PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
  
  :Services
  
  :Reg
  
  :Files
  C:\WINDOWS\System32\nuhuroju
  
  :Commands
  [purity]
  [emptytemp]
  [start explorer]
  [Reboot]

• Then click the Run Fix button at the top
• Let the program run unhindered, reboot when it is done
• Then post the new OTL2.txt file

Cheers,

sage5