mbam-setup won't install mbam.exe, a few issues... [Solved]

Need a geek? Geeks to Go offers free, quality tech support -- in terms anyone can understand. Volunteers are waiting to help, friendly, technology experts who have knowledge to share, and enjoy helping others. Feel free to browse the site as a guest. However, you must log in to reply to existing topics, or to start a new topic of your own. Other benefits of joining include richer forum features, and removal of all advertising. Learn more in our Welcome Guide Infected? Malware and Spyware Cleaning Guide. What are you waiting for? Click here to join for free today!

> Geeks to Go! » Security » Virus, Spyware and Trojan Removal

2 Pages

< 1 2

mbam-setup won't install mbam.exe, a few issues... [Solved]

Options

CoffeeBreath View Member Profile	Nov 6 2009, 05:12 PM Post #16
Member Posts: 13 OS: win xp, but mostly linux	Thanks for the update. Volleyball, eh? What position? Ever tried Wallyball? My wife and I met at a wallyball tournament (this was quite some time ago)... :-) After my last message, I did take the liberty of running mbam (it installed the .exe without problems, which I took as a good sign) a couple of times. The first run of mbam removed some things (log below), and the second one reported no infections. Anyways, rootrepeal ran fine (short log below the mbam log). OTL also ran fine, but it only created an OTL.Txt file (no Extras.txt). Let me know how these logs look when you can. Thanks! Steve. mbam log: Malwarebytes' Anti-Malware 1.41 Database version: 3103 Windows 5.1.2600 Service Pack 3 11/4/2009 10:21:27 PM mbam-log-2009-11-04 (22-21-27).txt Scan type: Quick Scan Objects scanned: 108364 Time elapsed: 3 minute(s), 32 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 2 Registry Values Infected: 1 Registry Data Items Infected: 5 Folders Infected: 1 Files Infected: 12 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\malwarebytes anti-malware (reboot) (Trojan.Agent) -> Quarantined and deleted successfully. Registry Data Items Infected: HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoFolderOptions (Hijack.FolderOptions) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System\DisableRegistryTools (Hijack.Regedit) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoRun (Hijack.Run) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully. Folders Infected: C:\Documents and Settings\All Users\Start Menu\Programs\Active Security (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. Files Infected: C:\WINDOWS\SYSTEM32\yatavahe.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\fuzoyalu.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\nojutoko.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\nujanuku.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\vupeteho.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\WINDOWS\SYSTEM32\vuboduje.exe (Trojan.Dropper) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Active Security\Active Security.lnk (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Active Security\Uninstall Active Security.lnk (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\All Users\Start Menu\Programs\Active Security\Active Security Support.lnk (Rogue.ActiveSecurity) -> Quarantined and deleted successfully. C:\Documents and Settings\Steve\Desktop\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\user\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. C:\Documents and Settings\Steve\Start Menu\Programs\Security Tool.LNK (Rogue.SecurityTool) -> Quarantined and deleted successfully. rootrepeal log: ��ROOTREPEAL © AD, 2007-2009 ================================================== Scan Start Time: 2009/11/06 17:43 Program Version: Version 1.3.5.0 Windows Version: Windows XP SP3 ================================================== Drivers ------------------- Name: rootrepeal.sys Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys Address: 0xB5F5D000 Size: 49152 File Visible: No Signed: - Status: - Hidden/Locked Files ------------------- Path: C:\HIBERFIL.SYS Status: Locked to the Windows API! Path: C:\Program Files\Logitech\iTouch\itchf818.rra Status: Invisible to the Windows API! Path: C:\Program Files\Logitech\iTouch\ITCHHK.DLL Status: Visible to the Windows API, but not on disk. Path: C:\Program Files\Common Files\Logitech\CdlsHand\Cdlsf976.rra Status: Invisible to the Windows API! Path: C:\Program Files\Common Files\Logitech\CdlsHand\CDLSHDPS.DLL Status: Visible to the Windows API, but not on disk. Path: C:\Program Files\Common Files\AOL\ACS\~GLH007a.TMP Status: Invisible to the Windows API! Path: C:\Program Files\Common Files\AOL\ACS\~GLH008f.TMP Status: Invisible to the Windows API! Path: C:\Program Files\Common Files\AOL\ACS\ACSD.EXE Status: Visible to the Windows API, but not on disk. Path: C:\Program Files\Common Files\AOL\ACS\INSHLP16.DLL Status: Visible to the Windows API, but not on disk. Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\CoolType.1 Status: Invisible to the Windows API! Path: C:\Program Files\Adobe\Acrobat 5.0\Reader\COOLTYPE.DLL Status: Visible to the Windows API, but not on disk. SSDT ------------------- #: 025 Function Name: NtClose Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d656b8 #: 041 Function Name: NtCreateKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d65574 #: 065 Function Name: NtDeleteValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d65a52 #: 068 Function Name: NtDuplicateObject Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d6514c #: 119 Function Name: NtOpenKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d6564e #: 122 Function Name: NtOpenProcess Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d6508c #: 128 Function Name: NtOpenThread Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d650f0 #: 177 Function Name: NtQueryValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d6576e #: 204 Function Name: NtRestoreKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d6572e #: 247 Function Name: NtSetValueKey Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6d658ae ==EOF== OTL.Txt here: OTL logfile created on: 11/6/2009 5:59:42 PM - Run 4 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: enu \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 2.00 Gb Available Physical Memory \| 100.00% Memory free 3.59 Gb Paging File \| 3.14 Gb Available in Paging File \| 87.29% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 55.86 Gb Total Space \| 16.96 Gb Free Space \| 30.36% Space Free \| Partition Type: FAT32 D: Drive not present or media not loaded Drive E: \| 7.46 Gb Total Space \| 3.65 Gb Free Space \| 48.88% Space Free \| Partition Type: FAT32 F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RUTE Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: On Skip Microsoft Files: On File Age = 14 Days Output = Standard Quick Scan ========== Processes (SafeList) ========== PRC - [2009/11/06 09:54:34 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2009/10/29 22:29:02 \| 00,386,872 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe PRC - [2009/10/29 22:29:02 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/10/29 22:29:02 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/09/15 06:56:48 \| 00,081,000 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/09/15 06:56:44 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/07/16 13:20:16 \| 25,604,904 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009/07/16 13:20:16 \| 00,077,360 \| R--- \| M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009/05/19 11:36:18 \| 00,240,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/01/06 13:06:36 \| 00,290,088 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/01/06 13:06:24 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/01/05 16:18:48 \| 00,413,696 \| ---- \| M] (Apple Inc.) -- C:\ci\quicktime\QTTask.exe PRC - [2008/12/16 16:44:28 \| 00,479,232 \| ---- \| M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/07 14:28:16 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/10/10 08:11:56 \| 00,538,432 \| ---- \| M] () -- C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe PRC - [2008/05/16 14:01:00 \| 00,159,812 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe PRC - [2008/04/13 20:12:42 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe PRC - [2008/04/13 20:12:20 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/13 20:12:16 \| 01,032,192 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe PRC - [2008/03/09 12:51:36 \| 00,185,728 \| ---- \| M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe PRC - [2007/02/17 09:37:28 \| 00,067,128 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2005/07/15 14:48:34 \| 00,479,232 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe PRC - [2004/09/23 14:00:02 \| 00,024,576 \| ---- \| M] (Solidyear) -- C:\WINDOWS\AutoFlip.exe PRC - [2004/06/25 10:21:50 \| 00,147,456 \| ---- \| M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe PRC - [2004/05/06 15:58:48 \| 00,049,152 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe PRC - [2004/04/05 17:37:38 \| 00,061,440 \| ---- \| M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE PRC - [2004/03/09 15:59:48 \| 00,065,536 \| ---- \| M] () -- C:\WINDOWS\TWAIN_32\ca561a\SnapDetect.exe PRC - [2003/12/22 08:38:42 \| 00,241,664 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe PRC - [2003/07/29 14:08:38 \| 00,094,208 \| ---- \| M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.exe PRC - [2003/01/21 15:19:00 \| 00,040,960 \| ---- \| M] (VM.) -- C:\WINDOWS\VM_STI.EXE PRC - [1999/12/12 20:01:00 \| 00,044,032 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE PRC - [1998/11/05 15:01:00 \| 00,262,656 \| ---- \| M] (Palm Computing, Inc., a 3Com Company) -- C:\Palm\hotsync.exe PRC - [1996/08/01 07:36:54 \| 00,018,432 \| ---- \| M] () -- C:\WINDOWS\DESKMENU.EXE ========== Modules (SafeList) ========== MOD - [2009/11/06 09:54:34 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe MOD - [2008/04/13 20:12:52 \| 01,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 20:11:54 \| 00,185,344 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wbem\framedyn.dll MOD - [2007/05/20 15:54:12 \| 00,138,216 \| ---- \| M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/29 22:29:02 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/09/15 06:56:44 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/09/15 06:56:28 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/09/15 06:54:14 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/08/23 17:00:06 \| 00,136,120 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/05/19 11:36:18 \| 00,240,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/02/06 18:08:58 \| 00,533,360 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/01/06 13:06:24 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/07 14:28:16 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/05/16 14:01:00 \| 00,159,812 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc) SRV - [2008/04/13 20:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll -- (helpsvc) SRV - [2006/10/18 20:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2005/04/04 00:41:10 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/08/04 12:00:00 \| 00,019,456 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\tcpsvcs.exe -- (LPDSVC) SRV - [2003/01/30 18:55:44 \| 00,077,824 \| ---- \| M] (HP) -- C:\WINDOWS\SYSTEM32\hphipm09.exe -- (Pml Driver) SRV - [1999/12/12 20:01:00 \| 00,044,032 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;.local FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/04 14:03:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 03:03:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/29 22:29:02 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.0\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] [2008/07/19 00:30:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2008/07/19 00:30:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2004/08/07 18:50:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2004/08/07 18:50:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/08 10:56:36 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/08/26 18:09:36 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/10/29 22:29:12 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/08/08 10:56:42 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2003/08/04 17:19:04 \| 00,438,272 \| ---- \| M] (AOL Time Warner) -- C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll [2002/08/11 23:42:12 \| 00,103,344 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2007/08/07 13:35:32 \| 00,049,152 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/10/29 22:29:02 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/09/10 15:56:44 \| 00,144,960 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2008/09/10 15:37:54 \| 00,094,208 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.) O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe () O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\SYSTEM32\hphmon03.exe (Hewlett-Packard) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\ci\quicktime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [RunFlip] C:\WINDOWS\RunFlip.exe () O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Windows Media Player\K-Lite Codec Pack\Real\Update_OB\realsched.exe File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [Microsoft NetMeeting] C:\Program Files\NetMeeting\conf.exe (Microsoft Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Deskmenu.lnk = C:\WINDOWS\DESKMENU.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\hotsync.exe (Palm Computing, Inc., a 3Com Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\billmind.exe (Intuit) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EZVideo Chat.lnk = C:\Program Files\Ezonics\EZVideo Chat 2.0\EzChat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\TWAIN_32\ca561a\SnapDetect.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites) O15 - HKCU\..Trusted Domains: aol.com ([objects] is out of zone range - 5) O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8206.6591319444 (Reg Error: Key error.) O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} http://ns-radio.netscape.com/radio/cabs/ampx.cab (CoAxTrack Class) O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso4.cab (Reg Error: Key error.) O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.199 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/05 17:41:24 \| 00,000,194 \| -H-- \| M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/05 17:41:24 \| 00,000,194 \| -HS- \| M] () - C:\AUTOEXEC.BAK -- [ FAT32 ] O32 - AutoRun File - [2004/02/19 11:25:34 \| 00,000,194 \| -HS- \| M] () - C:\AUTOEXEC.DOS -- [ FAT32 ] O32 - AutoRun File - [2002/02/18 10:30:34 \| 00,000,194 \| -H-- \| M] () - C:\AUTOEXEC.625 -- [ FAT32 ] O32 - AutoRun File - [2009/10/22 19:59:14 \| 00,027,841 \| RHS- \| M] () - E:\autorun.inf -- [ FAT32 ] O33 - MountPoints2\{349ee816-d26f-11db-8148-00038a000015}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe -- File not found O33 - MountPoints2\{349ee816-d26f-11db-8148-00038a000015}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe -- File not found O33 - MountPoints2\{7309926d-8387-11dd-8730-0016178e2e04}\Shell - "" = AutoRun O33 - MountPoints2\{7309926d-8387-11dd-8730-0016178e2e04}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7309926d-8387-11dd-8730-0016178e2e04}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found NetSvcs: 6to4 - File not found NetSvcs: Ias - C:\WINDOWS\SYSTEM32\ias [2004/08/07 16:26:16 \| 00,000,000 \| ---D \| M] NetSvcs: Iprip - File not found NetSvcs: Irmon - File not found NetSvcs: NWCWorkstation - File not found NetSvcs: Nwsapagent - File not found NetSvcs: Wmi - C:\WINDOWS\SYSTEM32\wmi.dll (Microsoft Corporation) NetSvcs: WmdmPmSp - File not found NetSvcs: helpsvc - C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll (Microsoft Corporation) ========== Files/Folders - Created Within 14 Days ========== [2009/11/06 17:58:52 \| 00,528,896 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009/11/06 17:36:38 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\user\Desktop\RootRepeal.exe [2009/11/06 11:33:35 \| 00,000,000 \| --SD \| C] -- C:\ComboFix [2009/11/01 09:53:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\user\Desktop\avz4 [2009/11/01 09:45:44 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/01 09:45:42 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/31 14:27:33 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/31 14:26:23 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/31 14:26:23 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/31 14:26:23 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/31 14:26:23 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/31 14:25:38 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/31 10:55:54 \| 00,000,000 \| ---D \| C] -- C:\_OTS [2009/10/29 22:25:08 \| 00,000,000 \| ---D \| C] -- C:\Sun [2009/10/28 22:14:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\user\Apps [2009/10/28 21:08:17 \| 00,000,000 \| ---D \| C] -- C:\VundoFix Backups [2009/10/28 09:33:48 \| 00,000,000 \| ---D \| C] -- C:\Program Files\TightVNC [2009/10/28 09:32:50 \| 01,421,291 \| ---- \| C] (TightVNC Group ) -- C:\Documents and Settings\user\Desktop\tightvnc-1.3.10-setup.exe [2009/10/27 23:03:03 \| 08,080,728 \| ---- \| C] (Mozilla) -- C:\Documents and Settings\user\Desktop\ff354.exe [2009/10/27 22:30:26 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup.exe [2009/10/25 18:50:15 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/25 18:50:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/25 18:46:50 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\user\Desktop\SysRestorePoint.exe [2009/10/25 18:30:24 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe [2009/10/25 18:18:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\user\Application Data\Malwarebytes [2008/10/05 17:52:02 \| 00,059,392 \| R--- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll [1 C:\WINDOWS\System\.tmp files -> C:\WINDOWS\System\.tmp -> ] ========== Files - Modified Within 14 Days ========== [2009/11/06 17:59:52 \| 07,340,032 \| -H-- \| M] () -- C:\Documents and Settings\user\NTUSER.DAT [2009/11/06 17:57:12 \| 00,002,187 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/11/06 17:43:04 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\user\Desktop\settings.dat [2009/11/06 11:34:12 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/06 11:29:54 \| 00,186,097 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/11/06 11:29:40 \| 00,020,790 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/06 11:29:22 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/11/06 11:29:20 \| 32,207,54432 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/06 11:28:10 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\user\ntuser.ini [2009/11/06 10:53:54 \| 00,267,264 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:54:34 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009/11/06 09:23:52 \| 00,035,328 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/06 09:23:52 \| 00,035,328 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/04 22:12:42 \| 00,011,264 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\uzqxodu4.sys [2009/11/04 18:31:54 \| 00,000,354 \| ---- \| M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job [2009/11/01 08:33:08 \| 00,208,104 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/10/31 14:27:38 \| 00,000,281 \| RHS- \| M] () -- C:\boot.ini [2009/10/31 10:56:18 \| 00,001,744 \| -H-- \| M] () -- C:\WINDOWS\System32\wejuwojo [2009/10/30 07:28:04 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/28 22:15:14 \| 00,000,740 \| ---- \| M] () -- C:\Documents and Settings\user\Desktop\Shortcut to cmd.lnk [2009/10/28 21:34:22 \| 00,002,626 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/28 09:33:50 \| 00,000,635 \| ---- \| M] () -- C:\Documents and Settings\user\Desktop\TightVNC Viewer.lnk [2009/10/27 23:01:46 \| 08,080,728 \| ---- \| M] (Mozilla) -- C:\Documents and Settings\user\Desktop\ff354.exe [2009/10/25 21:59:52 \| 00,048,556 \| -H-- \| M] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/25 18:47:54 \| 00,054,072 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT [2009/10/25 18:47:54 \| 00,054,072 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT [2009/10/25 18:46:42 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\user\Desktop\SysRestorePoint.exe [2009/10/25 18:30:26 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe [2009/10/25 06:11:36 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [1 C:\WINDOWS\System\.tmp files -> C:\WINDOWS\System\.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/06 17:43:03 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\settings.dat [2009/11/04 18:13:09 \| 00,011,264 \| ---- \| C] () -- C:\WINDOWS\System32\drivers\uzqxodu4.sys [2009/11/01 09:53:07 \| 05,125,238 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\avz4.zip [2009/10/31 14:27:37 \| 00,000,211 \| ---- \| C] () -- C:\Boot.bak [2009/10/31 14:27:34 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/31 14:26:23 \| 00,267,264 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/31 14:26:23 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/31 14:26:23 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/31 14:26:23 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/31 14:26:23 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/10/29 22:32:17 \| 00,000,635 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\TightVNC Viewer.lnk [2009/10/28 22:15:13 \| 00,000,740 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\Shortcut to cmd.lnk [2009/07/22 10:37:42 \| 00,168,448 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2009/07/22 10:37:41 \| 00,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2009/07/22 10:37:40 \| 02,402,304 \| ---- \| C] () -- C:\WINDOWS\System32\x264vfw.dll [2009/07/22 10:37:40 \| 00,881,664 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/07/22 10:37:40 \| 00,205,824 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/07/22 10:37:39 \| 03,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/07/22 10:37:38 \| 00,085,504 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/07/22 10:37:38 \| 00,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/03/11 03:05:32 \| 06,291,456 \| -H-- \| C] () -- C:\Documents and Settings\user\Application Data\IconCache.db [2008/11/18 09:40:47 \| 00,001,755 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/11/16 09:13:43 \| 00,000,268 \| RH-- \| C] () -- C:\Documents and Settings\user\Application Data\Galaxy Swirl [2008/11/16 09:13:43 \| 00,000,268 \| R--- \| C] () -- C:\Documents and Settings\All Users\Application Data\Grapher [2008/11/16 09:13:43 \| 00,000,020 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2008/11/16 09:13:43 \| 00,000,012 \| R--- \| C] () -- C:\Documents and Settings\All Users\Application Data\Halftone [2008/10/05 17:52:02 \| 00,012,043 \| ---- \| C] () -- C:\WINDOWS\System32\SBUSB.INI [2008/06/22 16:27:55 \| 00,000,088 \| ---- \| C] () -- C:\WINDOWS\StyleBuilder.INI [2008/05/16 14:01:00 \| 01,703,936 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 14:01:00 \| 01,486,848 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 14:01:00 \| 01,019,904 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 14:01:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 14:01:00 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/06/29 14:58:52 \| 00,030,808 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 14:53:56 \| 00,026,489 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 15:39:28 \| 00,029,779 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 15:39:28 \| 00,026,040 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/01/08 13:38:38 \| 00,014,385 \| ---- \| C] () -- C:\WINDOWS\Tw561a.ini [2006/01/08 13:38:38 \| 00,000,180 \| ---- \| C] () -- C:\WINDOWS\ap561.ini [2006/01/08 13:38:38 \| 00,000,081 \| ---- \| C] () -- C:\WINDOWS\Setup8a.ini [2006/01/08 13:29:52 \| 00,005,561 \| ---- \| C] () -- C:\WINDOWS\EZPhotoTools2.ini [2006/01/08 13:29:01 \| 00,001,094 \| ---- \| C] () -- C:\WINDOWS\EZPhotoBrowser2.ini [2006/01/08 13:27:22 \| 00,000,906 \| ---- \| C] () -- C:\WINDOWS\Showtime1.ini [2006/01/08 13:23:49 \| 00,122,880 \| ---- \| C] () -- C:\WINDOWS\System32\NSVIDEO.dll [2005/12/26 13:52:08 \| 00,001,695 \| ---- \| C] () -- C:\WINDOWS\hpdj6500.ini [2005/01/19 12:58:32 \| 00,045,056 \| R--- \| C] () -- C:\WINDOWS\System32\WNTSETUP.DLL [2005/01/19 12:58:29 \| 00,003,000 \| R--- \| C] () -- C:\WINDOWS\System32\SetupNT.sys [2004/10/27 19:53:27 \| 00,001,599 \| ---- \| C] () -- C:\Program Files\uninstal.log [2004/10/24 16:38:12 \| 00,054,072 \| ---- \| C] () -- C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT [2004/10/24 11:41:10 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2004/08/07 17:58:19 \| 00,035,328 \| ---- \| C] () -- C:\Documents and Settings\user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/08/07 16:39:03 \| 00,012,484 \| ---- \| C] () -- C:\WINDOWS\IOS.INI [2004/08/07 16:39:03 \| 00,007,885 \| ---- \| C] () -- C:\WINDOWS\NETDET.INI [2004/08/07 16:39:03 \| 00,005,068 \| ---- \| C] () -- C:\WINDOWS\DELETEFI.INI [2004/08/07 16:39:03 \| 00,004,278 \| ---- \| C] () -- C:\WINDOWS\ULEAD32.INI [2004/08/07 16:39:03 \| 00,003,598 \| ---- \| C] () -- C:\WINDOWS\HTMLHELP.INI [2004/08/07 16:39:03 \| 00,001,765 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2004/08/07 16:39:03 \| 00,001,065 \| ---- \| C] () -- C:\WINDOWS\winamp.ini [2004/08/07 16:39:03 \| 00,000,952 \| ---- \| C] () -- C:\WINDOWS\intuprof.ini [2004/08/07 16:39:03 \| 00,000,787 \| ---- \| C] () -- C:\WINDOWS\SCANREG.INI [2004/08/07 16:39:03 \| 00,000,621 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2004/08/07 16:39:03 \| 00,000,488 \| ---- \| C] () -- C:\WINDOWS\Cmousecc.ini [2004/08/07 16:39:03 \| 00,000,479 \| ---- \| C] () -- C:\WINDOWS\TAPE.INI [2004/08/07 16:39:03 \| 00,000,475 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2004/08/07 16:39:03 \| 00,000,256 \| ---- \| C] () -- C:\WINDOWS\EZPHOTO.INI [2004/08/07 16:39:03 \| 00,000,240 \| ---- \| C] () -- C:\WINDOWS\qwimp.ini [2004/08/07 16:39:03 \| 00,000,233 \| ---- \| C] () -- C:\WINDOWS\hpfsched.ini [2004/08/07 16:39:03 \| 00,000,225 \| ---- \| C] () -- C:\WINDOWS\TELEPHON.INI [2004/08/07 16:39:03 \| 00,000,183 \| ---- \| C] () -- C:\WINDOWS\SIERRA.INI [2004/08/07 16:39:03 \| 00,000,171 \| ---- \| C] () -- C:\WINDOWS\INTUIT.INI [2004/08/07 16:39:03 \| 00,000,094 \| ---- \| C] () -- C:\WINDOWS\CMISETUP.INI [2004/08/07 16:39:03 \| 00,000,076 \| ---- \| C] () -- C:\WINDOWS\WININIT.INI [2004/08/07 16:39:03 \| 00,000,064 \| ---- \| C] () -- C:\WINDOWS\UPIOEM.INI [2004/08/07 16:39:03 \| 00,000,060 \| ---- \| C] () -- C:\WINDOWS\POWERPNT.INI [2004/08/07 16:39:03 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\WAVEMIX.INI [2004/08/07 16:39:03 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\QFP.INI [2004/08/07 16:39:03 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\MFF.INI [2004/08/07 16:39:03 \| 00,000,051 \| ---- \| C] () -- C:\WINDOWS\iTouch.ini [2004/08/07 16:39:03 \| 00,000,041 \| ---- \| C] () -- C:\WINDOWS\winampa.ini [2004/08/07 16:39:03 \| 00,000,038 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/08/07 16:39:03 \| 00,000,034 \| ---- \| C] () -- C:\WINDOWS\SOL.INI [2004/08/07 16:39:03 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\upth.ini [2004/08/07 16:39:03 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\QTW.INI [2004/08/07 16:39:03 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\NETSCAPE.INI [2004/08/07 16:39:03 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\ICOA.INI [2004/08/07 16:39:03 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\UP9ASP.INI [2004/08/07 16:39:03 \| 00,000,026 \| ---- \| C] () -- C:\WINDOWS\CMCDPLAY.INI [2004/08/07 16:39:03 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2004/08/07 16:39:03 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\mid.ini [2004/08/07 16:39:03 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\exchng.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\QFNONL.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\QFN.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\QDQICK.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\progman.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\HTMLAST.INI [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\DDM.INI [2004/08/07 16:37:48 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\user\Application Data\desktop.ini [2004/08/07 16:29:27 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/08/07 16:14:45 \| 00,002,412 \| ---- \| C] () -- C:\WINDOWS\win.ini [2004/08/07 16:14:27 \| 00,000,555 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004/02/19 11:29:39 \| 01,892,352 \| ---- \| C] () -- C:\WINDOWS\System32\CMIWCNFG.DLL [2004/02/19 11:29:39 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\CMIRMDRV.DLL [2004/02/19 11:29:13 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\CMIRmDriver.dll [2004/02/19 11:21:02 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\W9XSETUP.DLL [2003/05/10 14:19:59 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\user\Application Data\dm.ini [2002/11/28 15:51:47 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2002/09/18 09:08:59 \| 00,207,872 \| ---- \| C] () -- C:\WINDOWS\System32\RDMWIN32.DLL [2002/05/14 21:45:51 \| 00,034,816 \| ---- \| C] () -- C:\WINDOWS\Upi41001.dll [2002/05/14 21:45:51 \| 00,016,896 \| ---- \| C] () -- C:\WINDOWS\Upi41002.dll [2002/03/20 13:33:40 \| 00,023,414 \| ---- \| C] () -- C:\Program Files\Common Files\fw7p.pdf [2002/01/28 14:04:21 \| 00,023,357 \| -H-- \| C] () -- C:\Program Files\folder.htt [2002/01/28 14:04:21 \| 00,000,271 \| -HS- \| C] () -- C:\Program Files\desktop.ini [1997/07/11 00:00:00 \| 00,031,232 \| ---- \| C] () -- C:\WINDOWS\System32\XLREC.DLL [1997/07/11 00:00:00 \| 00,025,600 \| ---- \| C] () -- C:\WINDOWS\System32\RECNCL.DLL [1997/07/11 00:00:00 \| 00,022,016 \| ---- \| C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997/07/11 00:00:00 \| 00,022,016 \| ---- \| C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1980/01/01 00:00:00 \| 00,057,344 \| ---- \| C] () -- C:\WINDOWS\System32\ICMFILTER.DLL ========== LOP Check ========== [2004/08/07 16:38:30 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint [2004/08/08 11:44:42 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Ulead Systems [2004/08/08 11:51:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\OLYMPUS [2004/10/24 11:43:26 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Broderbund [2004/10/27 19:53:34 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Broderbund LLC [2008/03/14 10:00:04 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\IncrediMail [2008/03/14 10:01:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\IM [2008/11/16 09:13:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\EnterNHelp [2008/11/16 09:13:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Ultima_T15 [2008/11/16 09:14:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Nikon [2008/12/25 08:11:02 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\Fisher-Price [2009/02/24 08:54:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6} [2004/08/07 16:38:44 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\InterTrust [2004/08/07 16:38:48 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Leadertech [2004/08/08 11:49:00 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Ulead Systems [2008/03/14 10:00:06 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\IM [2008/11/16 09:15:56 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Nikon [2008/12/04 14:03:28 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\The Weather Channel [2008/12/25 08:11:22 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Fisher-Price [2009/09/22 16:57:18 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Unity [2009/10/14 13:09:38 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\GARMIN [2009/10/22 13:18:10 \| 00,000,000 \| -HSD \| M] -- C:\Documents and Settings\user\Application Data\S85-28348346-UIT83-G3-72366-GDSG-1732735 [2009/11/06 11:34:12 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\Tasks\SA.DAT [2000/06/08 17:00:00 \| 00,000,065 \| RH-- \| M] () -- C:\WINDOWS\Tasks\DESKTOP.INI [2009/11/04 18:31:54 \| 00,000,354 \| ---- \| M] () -- C:\WINDOWS\Tasks\PCHealth Scheduler for Data Collection.job ========== Purity Check ========== ========== Custom Scans ========== < %SYSTEMDRIVE%\.exe > [2004/04/04 14:59:00 \| 00,267,472 \| ---- \| M] () -- C:\NSSetup.exe [2004/04/04 16:02:06 \| 01,542,522 \| ---- \| M] () -- C:\TaxCut_2003_Massachusetts_InstallerC.exe [2007/08/28 23:19:00 \| 00,450,560 \| ---- \| M] () -- C:\WLMPasswd.exe [2007/04/20 14:54:00 \| 00,047,104 \| ---- \| M] () -- C:\WLMPasswords.exe < %SYSTEMROOT%\.* /s /r > [4 C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\.tmp files -> C:\WINDOWS\assembly\NativeImages_v2.0.50727_32\Temp\.tmp -> ] [1 C:\WINDOWS\DRM\Cache\.tmp files -> C:\WINDOWS\DRM\Cache\.tmp -> ] [1 C:\WINDOWS\INF\.tmp files -> C:\WINDOWS\INF\.tmp -> ] [2 C:\WINDOWS\Installer\.tmp files -> C:\WINDOWS\Installer\.tmp -> ] [1 C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\.tmp files -> C:\WINDOWS\SoftwareDistribution\AuthCabs\7971f918-a847-4430-9279-4a52d1efe18d\.tmp -> ] [1 C:\WINDOWS\SYSTEM\.tmp files -> C:\WINDOWS\SYSTEM\.tmp -> ] < %SYSTEMDRIVE%\eventlog.dll /s /md5 > [2004/08/04 12:00:00 \| 00,055,808 \| ---- \| M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\$NtServicePackUninstall$\eventlog.dll [2008/04/13 20:11:54 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\ServicePackFiles\i386\eventlog.dll [2008/04/13 20:11:54 \| 00,056,320 \| ---- \| M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SYSTEM32\eventlog.dll < %SYSTEMDRIVE%\scecli.dll /s /md5 > [2004/08/04 12:00:00 \| 00,180,224 \| ---- \| M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\$NtServicePackUninstall$\scecli.dll [2008/04/13 20:12:06 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\ServicePackFiles\i386\scecli.dll [2008/04/13 20:12:06 \| 00,181,248 \| ---- \| M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SYSTEM32\scecli.dll < %SYSTEMDRIVE%\netlogon.dll /s /md5 > [2004/08/04 12:00:00 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtServicePackUninstall$\netlogon.dll [2008/04/13 20:12:02 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\ServicePackFiles\i386\netlogon.dll [2008/04/13 20:12:02 \| 00,407,040 \| ---- \| M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SYSTEM32\netlogon.dll < %SYSTEMDRIVE%\cngaudit.dll /s /md5 > < %SYSTEMDRIVE%\sceclt.dll /s /md5 > < %SYSTEMDRIVE%\ntelogon.dll /s /md5 > < %SYSTEMDRIVE%\logevent.dll /s /md5 > < %SYSTEMDRIVE%\iaStor.sys /s /md5 > < %SYSTEMDRIVE%\nvstor.sys /s /md5 > < %SYSTEMDRIVE%\atapi.sys /s /md5 > [2004/08/04 12:00:00 \| 00,095,360 \| ---- \| M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\$NtServicePackUninstall$\atapi.sys [2008/04/13 14:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\ServicePackFiles\i386\atapi.sys [2008/04/13 14:40:30 \| 00,096,512 \| ---- \| M] (Microsoft Corporation) MD5 -- C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys < %SYSTEMDRIVE%\IdeChnDr.sys /s /md5 > < %SYSTEMDRIVE%\viasraid.sys /s /md5 > < %SYSTEMDRIVE%\AGP440.sys /s /md5 > [2004/08/04 02:07:42 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\$NtServicePackUninstall$\agp440.sys [2008/04/13 14:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\ServicePackFiles\i386\agp440.sys [2008/04/13 14:36:38 \| 00,042,368 \| ---- \| M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SYSTEM32\DRIVERS\agp440.sys < %SYSTEMDRIVE%\vaxscsi.sys /s /md5 > < %SYSTEMDRIVE%\comres.dll /s /md5 > [2004/08/04 12:00:00 \| 00,792,064 \| ---- \| M] (Microsoft Corporation) MD5=6728270CB7DBB776ED086F5AC4C82310 -- C:\WINDOWS\$NtServicePackUninstall$\comres.dll [2008/04/13 20:11:52 \| 00,792,064 \| ---- \| M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\ServicePackFiles\i386\comres.dll [2008/04/13 20:11:52 \| 00,792,064 \| ---- \| M] (Microsoft Corporation) MD5=1280A158C722FA95A80FB7AEBE78FA7D -- C:\WINDOWS\SYSTEM32\comres.dll < %SYSTEMDRIVE%\appmgmts.dll /s /md5 > < End of report >

piano9playa5 View Member Profile	Nov 7 2009, 10:26 AM Post #17
GeekU Senior Posts: 1,241 OS: XP Home	Hello. Step One Make sure to use Internet Explorer for this Please go to VirSCAN.org FREE on-line scan service Click Browse... (top of page). Navigate to the following file, highlight it (click) and click Open. C:\WINDOWS\SYSTEM32\DRIVERS\atapi.sys Click on the Upload button If a pop-up appears saying the file has been scanned already, please select the ReScan button. Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard. Paste the contents of the Clipboard in your next reply. Please repeat the above steps for the following file: C:\WINDOWS\System32\xvidcore.dll Step Two Run OTL (Double click to run) Under the Custom Scans/Fixes box at the bottom, paste in the following: CODE :OTL O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableCMD = 1 O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.) O33 - MountPoints2\{349ee816-d26f-11db-8148-00038a000015}\Shell\AutoRun\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe -- File not found O33 - MountPoints2\{349ee816-d26f-11db-8148-00038a000015}\Shell\open\command - "" = F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe -- File not found [2009/11/04 22:12:42 \| 00,011,264 \| ---- \| M] () -- C:\WINDOWS\System32\drivers\uzqxodu4.sys [2009/10/31 10:56:18 \| 00,001,744 \| -H-- \| M] () -- C:\WINDOWS\System32\wejuwojo :Services uzqxodu4 :Reg :Files :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, and accept to reboot when it's finished. During start-up, a log will open. Paste the contents of it back here Open OTL again. Click the Run Scan button. Post the log it produces in your next reply. Step Three Go ahead and run another scan with MalwareBytes', and post back the resulting log.. Remember to update it first! Click the Update tab, and then click Check for Updates. Logs&Info Remember to post back the following logs: VirSCAN results for both files OTL.txt MalwareByte's log

CoffeeBreath View Member Profile	Nov 7 2009, 11:58 AM Post #18
Member Posts: 13 OS: win xp, but mostly linux	Happy Saturday... :-) virscan.org is COOL! It found no infections in either of the files; reports are below. The fact that I could use internet explorer to get to it is another good sign (it wouldn't run before). The OTL "Run Fix" went fine. That log and the follow-up "Run Scan" log are below. malwarebytes also ran and reported no malware found, and that log is below as well. One of the reports I had posted earlier complained about some of the autorun files on E: (a cdrom of pictures my mom had made for us on our last visit). Is it possible that has contributed to my issues? I've removed the CD (and I'm looking for the "don't autorun on removable media" switch), is there some additional scanning I should do there? It looks like we're nearing the end of this little adventure; thanks for your help so far and please let me know what the next steps are. Steve. VirSCAN.org Scanned Report : Scanned time : 2009/11/07 12:07:22 (EST) Scanner results: Scanners did not find malware! File Name : atapi.sys File Size : 96512 byte File Type : PE32 executable for MS Windows (native) Intel 80386 32-bit MD5 : 9f3a2f5aa6875c72bf062c712cfa2674 SHA1 : a719156e8ad67456556a02c34e762944234e7a44 Online report : http://virscan.org/report/826f8ca942092ce7...d1fd9d7110.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091107070122 2009-11-07 11.92 - AhnLab V3 2009.11.07.00 2009.11.07 2009-11-07 1.30 - AntiVir 8.2.1.61 7.1.6.203 2009-11-06 0.28 - Antiy 2.0.18 20091105.3216324 2009-11-05 0.12 - Arcavir 2009 200911061352 2009-11-06 0.18 - Authentium 5.1.1 200911071327 2009-11-07 1.54 - AVAST! 4.7.4 091107-0 2009-11-07 0.01 - AVG 8.5.288 270.14.53/2486 2009-11-07 0.35 - BitDefender 7.81008.4482193 7.28794 2009-11-07 3.96 - CA (VET) 35.1.0 7107 2009-11-05 13.88 - ClamAV 0.95.2 9998 2009-11-07 0.02 - Comodo 3.12 2874 2009-11-07 0.71 - CP Secure 1.3.0.5 2009.11.07 2009-11-07 0.07 - Dr.Web 4.44.0.9170 2009.11.07 2009-11-07 6.46 - F-Prot 4.4.4.56 20091107 2009-11-07 1.41 - F-Secure 7.02.73807 2009.11.06.11 2009-11-06 0.14 - Fortinet 2.81-3.120 11.33 2009-11-07 0.48 - GData 19.8759/19.543 20091107 2009-11-07 5.89 - ViRobot 20091106 2009.11.06 2009-11-06 9.30 - Ikarus T3.1.01.74 2009.11.07.74471 2009-11-07 3.99 - JiangMin 11.0.800 2009.11.07 2009-11-07 7.34 - Kaspersky 5.5.10 2009.11.07 2009-11-07 0.11 - KingSoft 2009.2.5.15 2009.11.7.15 2009-11-07 0.79 - McAfee 5.3.00 5794 2009-11-06 3.45 - Microsoft 1.5202 2009.11.07 2009-11-07 9.25 - Norman 6.01.09 6.01.00 2009-11-06 4.02 - Panda 9.05.01 2009.11.06 2009-11-06 12.01 - Trend Micro 8.700-1004 6.610.05 2009-11-07 0.03 - Quick Heal 10.00 2009.11.07 2009-11-07 1.37 - Rising 20.0 21.54.52.00 2009-11-07 1.16 - Sophos 3.00.1 4.46 2009-11-07 2.99 - Sunbelt 5491 5491 2009-11-05 2.15 - Symantec 1.3.0.24 20091106.003 2009-11-06 0.20 - nProtect 20091107.01 6116693 2009-11-07 9.43 - The Hacker 6.5.0.2 v00063 2009-11-06 1.09 - VBA32 3.12.10.11 20091106.1612 2009-11-06 1.98 - VirusBuster 4.5.11.10 10.113.10/2003696 2009-11-07 2.43 - VirSCAN.org Scanned Report : Scanned time : 2009/11/07 12:11:19 (EST) Scanner results: Scanners did not find malware! File Name : xvidcore.dll File Size : 881664 byte File Type : PE32 executable for MS Windows (DLL) (GUI) Intel 80386 32-bi MD5 : ea2a7a4e96087395c92f669bc316d592 SHA1 : 414830e09fd506f1a3ffc8d1f443e1b13225471b Online report : http://virscan.org/report/9bd06c2c4b1965f8...c0c34bea25.html Scanner Engine Ver Sig Ver Sig Date Time Scan result a-squared 4.5.0.8 20091107070122 2009-11-07 5.47 - AhnLab V3 2009.11.07.00 2009.11.07 2009-11-07 4.29 - AntiVir 8.2.1.61 7.1.6.203 2009-11-06 0.38 - Antiy 2.0.18 20091105.3216324 2009-11-05 0.12 - Arcavir 2009 200911061352 2009-11-06 0.07 - Authentium 5.1.1 200911071327 2009-11-07 2.06 - AVAST! 4.7.4 091107-0 2009-11-07 0.04 - AVG 8.5.288 270.14.53/2486 2009-11-07 0.35 - BitDefender 7.81008.4482193 7.28794 2009-11-07 4.07 - CA (VET) 35.1.0 7107 2009-11-05 17.86 - ClamAV 0.95.2 9998 2009-11-07 0.14 - Comodo 3.12 2874 2009-11-07 1.27 - CP Secure 1.3.0.5 2009.11.07 2009-11-07 0.12 - Dr.Web 4.44.0.9170 2009.11.07 2009-11-07 6.56 - F-Prot 4.4.4.56 20091107 2009-11-07 1.80 - F-Secure 7.02.73807 2009.11.06.11 2009-11-06 0.12 - Fortinet 2.81-3.120 11.33 2009-11-07 0.26 - GData 19.8759/19.543 20091107 2009-11-07 6.23 - ViRobot 20091106 2009.11.06 2009-11-06 0.43 - Ikarus T3.1.01.74 2009.11.07.74471 2009-11-07 4.08 - JiangMin 11.0.800 2009.11.07 2009-11-07 16.75 - Kaspersky 5.5.10 2009.11.07 2009-11-07 0.06 - KingSoft 2009.2.5.15 2009.11.7.15 2009-11-07 0.94 - McAfee 5.3.00 5794 2009-11-06 3.38 - Microsoft 1.5202 2009.11.07 2009-11-07 8.21 - Norman 6.01.09 6.01.00 2009-11-06 4.01 - Panda 9.05.01 2009.11.06 2009-11-06 3.04 - Trend Micro 8.700-1004 6.610.05 2009-11-07 0.03 - Quick Heal 10.00 2009.11.07 2009-11-07 1.76 - Rising 20.0 21.54.52.00 2009-11-07 1.16 - Sophos 3.00.1 4.46 2009-11-07 2.96 - Sunbelt 5491 5491 2009-11-05 3.03 - Symantec 1.3.0.24 20091106.003 2009-11-06 0.29 - nProtect 20091107.01 6116693 2009-11-07 9.62 - The Hacker 6.5.0.2 v00063 2009-11-06 0.84 - VBA32 3.12.10.11 20091106.1612 2009-11-06 2.45 - VirusBuster 4.5.11.10 10.113.10/2003696 2009-11-07 3.04 - All processes killed ========== OTL ========== Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD deleted successfully. Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableCMD deleted successfully. Starting removal of ActiveX control Win32 Classes Reg Error: Key error. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\Win32 Classes Reg Error: Key error.\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\Win32 Classes Reg Error: Key error.\ not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{349ee816-d26f-11db-8148-00038a000015}\ deleted successfully. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349ee816-d26f-11db-8148-00038a000015}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe not found. Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{349ee816-d26f-11db-8148-00038a000015}\ not found. Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{349ee816-d26f-11db-8148-00038a000015}\ not found. File F:\RECYCLER\S-1-5-21-1482476501-1644491937-682003330-1013\sic32.exe not found. C:\WINDOWS\SYSTEM32\DRIVERS\uzqxodu4.sys moved successfully. C:\WINDOWS\SYSTEM32\wejuwojo moved successfully. ========== SERVICES/DRIVERS ========== Unable to stop service uzqxodu4! Registry key HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\uzqxodu4 deleted successfully. ========== REGISTRY ========== ========== FILES ========== ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: user ->Temporary Internet Files folder emptied: 846020 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes ->Apple Safari cache emptied: 22880020 bytes User: NetworkService ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temporary Internet Files folder emptied: 33170 bytes User: Steve ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes Session Manager Temp folder emptied: 16384 bytes Session Manager Tmp folder emptied: 16384 bytes RecycleBin emptied: 14484462 bytes Total Files Cleaned = 36.52 mb OTL by OldTimer - Version 3.1.4.0 log created on 11072009_123129 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_498.dat moved successfully. Registry entries deleted on Reboot... OTL logfile created on: 11/7/2009 12:36:18 PM - Run 5 OTL by OldTimer - Version 3.1.4.0 Folder = C:\Documents and Settings\user\Desktop Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation Internet Explorer (Version = 8.0.6001.18702) Locale: 00000409 \| Country: United States \| Language: enu \| Date Format: M/d/yyyy 2.00 Gb Total Physical Memory \| 2.00 Gb Available Physical Memory \| 100.00% Memory free 3.59 Gb Paging File \| 3.13 Gb Available in Paging File \| 87.18% Paging File free Paging file location(s): c:\pagefile.sys 768 1536 [binary data] %SystemDrive% = C: \| %SystemRoot% = C:\WINDOWS \| %ProgramFiles% = C:\Program Files Drive C: \| 55.86 Gb Total Space \| 16.97 Gb Free Space \| 30.38% Space Free \| Partition Type: FAT32 D: Drive not present or media not loaded E: Drive not present or media not loaded F: Drive not present or media not loaded G: Drive not present or media not loaded H: Drive not present or media not loaded I: Drive not present or media not loaded Computer Name: RUTE Current User Name: user Logged in as Administrator. Current Boot Mode: Normal Scan Mode: Current user Company Name Whitelist: Off Skip Microsoft Files: Off File Age = 30 Days Output = Standard ========== Processes (SafeList) ========== PRC - [2009/11/06 09:54:34 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe PRC - [2009/10/29 22:29:02 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe PRC - [2009/10/29 22:29:02 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe PRC - [2009/09/15 06:56:48 \| 00,081,000 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe PRC - [2009/09/15 06:56:44 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe PRC - [2009/09/15 06:56:28 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe PRC - [2009/09/15 06:54:14 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe PRC - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe PRC - [2009/07/16 13:20:16 \| 25,604,904 \| R--- \| M] (Skype Technologies S.A.) -- C:\Program Files\Skype\Phone\Skype.exe PRC - [2009/07/16 13:20:16 \| 00,077,360 \| R--- \| M] (Skype Technologies) -- C:\Program Files\Skype\Plugin Manager\skypePM.exe PRC - [2009/05/19 11:36:18 \| 00,240,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe PRC - [2009/02/06 18:51:28 \| 03,885,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Messenger\msnmsgr.exe PRC - [2009/02/06 06:10:02 \| 00,227,840 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wbem\wmiprvse.exe PRC - [2009/01/06 13:06:36 \| 00,290,088 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe PRC - [2009/01/06 13:06:24 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe PRC - [2009/01/05 16:18:48 \| 00,413,696 \| ---- \| M] (Apple Inc.) -- C:\ci\quicktime\QTTask.exe PRC - [2008/12/16 16:44:28 \| 00,479,232 \| ---- \| M] (Nikon Corporation) -- C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe PRC - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe PRC - [2008/11/07 14:28:16 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe PRC - [2008/10/10 08:11:56 \| 00,538,432 \| ---- \| M] () -- C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe PRC - [2008/05/16 14:01:00 \| 00,159,812 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe PRC - [2008/04/13 20:12:42 \| 00,013,824 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wscntfy.exe PRC - [2008/04/13 20:12:30 \| 00,069,120 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\notepad.exe PRC - [2008/04/13 20:12:20 \| 01,033,728 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe PRC - [2008/04/13 20:12:16 \| 01,032,192 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\NetMeeting\conf.exe PRC - [2008/03/09 12:51:36 \| 00,185,728 \| ---- \| M] (IncrediMail, Ltd.) -- C:\Program Files\IncrediMail\bin\ImApp.exe PRC - [2007/02/17 09:37:28 \| 00,067,128 \| ---- \| M] (Logitech Inc.) -- C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe PRC - [2005/07/15 14:48:34 \| 00,479,232 \| ---- \| M] (Google Inc.) -- C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe PRC - [2004/09/23 14:00:02 \| 00,024,576 \| ---- \| M] (Solidyear) -- C:\WINDOWS\AutoFlip.exe PRC - [2004/06/25 10:21:50 \| 00,147,456 \| ---- \| M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe PRC - [2004/05/06 15:58:48 \| 00,049,152 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\Hewlett-Packard\HP Software Update\hpwuSchd2.exe PRC - [2004/04/05 17:37:38 \| 00,061,440 \| ---- \| M] () -- C:\Program Files\Microsoft Office\Office\OSA.EXE PRC - [2004/03/09 15:59:48 \| 00,065,536 \| ---- \| M] () -- C:\WINDOWS\TWAIN_32\ca561a\SnapDetect.exe PRC - [2003/12/22 08:38:42 \| 00,241,664 \| ---- \| M] (Hewlett-Packard Company) -- C:\Program Files\HP\hpcoretech\hpcmpmgr.exe PRC - [2003/07/29 14:08:38 \| 00,094,208 \| ---- \| M] (Creative Technology Ltd) -- C:\Program Files\Creative\MediaSource\RemoteControl\OSDMenu.exe PRC - [2003/01/30 18:55:46 \| 00,311,296 \| ---- \| M] (Hewlett-Packard) -- C:\WINDOWS\SYSTEM32\hphmon03.exe PRC - [2003/01/21 15:19:00 \| 00,040,960 \| ---- \| M] (VM.) -- C:\WINDOWS\VM_STI.EXE PRC - [1999/12/12 20:01:00 \| 00,044,032 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE PRC - [1998/11/05 15:01:00 \| 00,262,656 \| ---- \| M] (Palm Computing, Inc., a 3Com Company) -- C:\Palm\hotsync.exe PRC - [1996/08/01 07:36:54 \| 00,018,432 \| ---- \| M] () -- C:\WINDOWS\DESKMENU.EXE ========== Modules (SafeList) ========== MOD - [2009/11/06 09:54:34 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe MOD - [2008/04/13 20:12:52 \| 01,054,208 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.5512_x-ww_35d4ce83\comctl32.dll MOD - [2008/04/13 20:11:54 \| 00,185,344 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\wbem\framedyn.dll MOD - [2007/05/20 15:54:12 \| 00,138,216 \| ---- \| M] (Babylon Ltd.) -- C:\Program Files\IncrediMail\bin\B4ImApp.dll ========== Win32 Services (SafeList) ========== SRV - [2009/10/29 22:29:02 \| 00,153,376 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService) SRV - [2009/09/15 06:56:44 \| 00,138,680 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus) SRV - [2009/09/15 06:56:28 \| 00,254,040 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner) SRV - [2009/09/15 06:54:14 \| 00,352,920 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner) SRV - [2009/09/15 06:49:40 \| 00,018,752 \| ---- \| M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv) SRV - [2009/08/23 17:00:06 \| 00,136,120 \| ---- \| M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc) SRV - [2009/05/19 11:36:18 \| 00,240,512 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Microsoft\Search Enhancement Pack\SeaPort\SeaPort.exe -- (SeaPort) SRV - [2009/02/06 18:08:58 \| 00,533,360 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Live\Family Safety\fsssvc.exe -- (fsssvc) SRV - [2009/01/06 13:06:24 \| 00,536,872 \| ---- \| M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service) SRV - [2008/12/12 11:17:38 \| 00,238,888 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service) SRV - [2008/11/07 14:28:16 \| 00,132,424 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device) SRV - [2008/07/29 21:10:04 \| 00,046,104 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0) SRV - [2008/07/29 19:24:50 \| 00,881,664 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc) SRV - [2008/07/29 19:16:38 \| 00,132,096 \| ---- \| M] (Microsoft Corporation) -- c:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing) SRV - [2008/07/25 11:17:02 \| 00,069,632 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32) SRV - [2008/07/25 11:16:40 \| 00,034,312 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state) SRV - [2008/05/16 14:01:00 \| 00,159,812 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe -- (NVSvc) SRV - [2008/04/13 20:12:02 \| 00,038,400 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\PCHEALTH\HELPCTR\BINARIES\pchsvc.dll -- (helpsvc) SRV - [2006/10/18 20:05:24 \| 00,913,408 \| ---- \| M] (Microsoft Corporation) -- C:\Program Files\Windows Media Player\WMPNetwk.exe -- (WMPNetworkSvc) SRV - [2005/04/04 00:41:10 \| 00,069,632 \| ---- \| M] (Macrovision Corporation) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT) SRV - [2004/08/04 12:00:00 \| 00,019,456 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\tcpsvcs.exe -- (LPDSVC) SRV - [2003/01/30 18:55:44 \| 00,077,824 \| ---- \| M] (HP) -- C:\WINDOWS\SYSTEM32\hphipm09.exe -- (Pml Driver) SRV - [1999/12/12 20:01:00 \| 00,044,032 \| ---- \| M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE -- (Creative Service for CDROM Access) ========== Driver Services (SafeList) ========== DRV - [2009/09/15 06:56:14 \| 00,094,160 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys -- (aswMon2) DRV - [2009/09/15 06:55:30 \| 00,114,768 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswSP.sys -- (aswSP) DRV - [2009/09/15 06:55:20 \| 00,020,560 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswFsBlk.sys -- (aswFsBlk) DRV - [2009/09/15 06:54:30 \| 00,052,368 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys -- (aswTdi) DRV - [2009/09/15 06:54:22 \| 00,023,152 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys -- (aswRdr) DRV - [2009/09/15 06:53:24 \| 00,027,408 \| ---- \| M] (ALWIL Software) -- C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys -- (Aavmker4) DRV - [2009/02/06 18:08:42 \| 00,055,152 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\fssfltr_tdi.sys -- (fssfltr) DRV - [2008/10/01 13:01:28 \| 00,032,000 \| ---- \| M] (Apple, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys -- (USBAAPL) DRV - [2008/05/16 14:01:00 \| 06,557,408 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys -- (nv) DRV - [2008/04/17 13:12:54 \| 00,015,464 \| ---- \| M] (GEAR Software Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys -- (GEARAspiWDM) DRV - [2008/04/13 14:45:30 \| 00,010,624 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum) DRV - [2008/04/13 14:45:12 \| 00,060,032 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaudio.sys -- (usbaudio) DRV - [2007/11/13 05:25:54 \| 00,020,480 \| ---- \| M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys -- (Secdrv) DRV - [2006/04/14 20:09:06 \| 00,013,056 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nvnetbus.sys -- (nvnetbus) DRV - [2006/04/14 20:09:04 \| 00,034,176 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\NVENETFD.sys -- (NVENETFD) DRV - [2005/06/10 09:39:20 \| 01,694,592 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\sbusb.sys -- (sbusb) DRV - [2005/04/20 09:44:08 \| 00,138,752 \| R--- \| M] (Creative Technology Ltd) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctsfm2k.sys -- (ctsfm2k) DRV - [2005/04/20 09:44:06 \| 00,106,496 \| R--- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctoss2k.sys -- (ossrv) DRV - [2005/03/12 19:48:08 \| 00,243,456 \| ---- \| M] (Ralink Technology Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\rt2500usb.sys -- (rt2500usb) DRV - [2004/08/04 12:00:00 \| 00,017,792 \| ---- \| M] (Parallel Technologies, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\ptilink.sys -- (Ptilink) DRV - [2004/06/03 12:10:00 \| 00,071,596 \| ---- \| M] (Creative Technology Ltd.) -- C:\WINDOWS\SYSTEM32\DRIVERS\PfModNT.sys -- (PfModNT) DRV - [2004/05/25 15:58:04 \| 00,396,032 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nvapu.sys -- (nvnforce) DRV - [2004/05/25 15:58:02 \| 00,048,640 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\nvax.sys -- (nvax) DRV - [2004/04/02 15:40:00 \| 00,021,760 \| ---- \| M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv_agp.sys -- (nv_agp) DRV - [2004/03/19 18:11:22 \| 00,090,968 \| ---- \| M] (VM) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbVM31b.sys -- (ZSMC301b) DRV - [2003/01/30 18:55:44 \| 00,050,800 \| ---- \| M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid409.sys -- (Dot4 HPH09) DRV - [2003/01/30 18:55:44 \| 00,050,211 \| ---- \| M] (Hewlett-Packard) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k09.sys -- (Dot4Storage HPH09) DRV - [2003/01/30 18:55:44 \| 00,018,864 \| ---- \| M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphius09.sys -- (Dot4Usb HPH09) DRV - [2003/01/30 18:55:44 \| 00,016,112 \| ---- \| M] (HP) -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr09.sys -- (Dot4Print HPH09) DRV - [2003/01/10 17:13:04 \| 00,033,588 \| ---- \| M] (America Online, Inc.) -- C:\WINDOWS\SYSTEM32\DRIVERS\wanatw4.sys -- (wanatw) DRV - [2002/10/01 14:43:32 \| 00,119,798 \| ---- \| M] (SP) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPCA561.SYS -- (CA561) DRV - [2001/08/17 14:00:04 \| 00,002,944 \| ---- \| M] (Microsoft Corporation) -- C:\WINDOWS\SYSTEM32\DRIVERS\msmpu401.sys -- (ms_mpu401) DRV - [2000/10/25 15:27:24 \| 00,003,000 \| R--- \| M] () -- C:\WINDOWS\system32\SetupNT.sys -- (SetupNT) ========== Standard Registry (SafeList) ========== ========== Internet Explorer ========== IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data] IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://search.live.com/sphome.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157 IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = http://www.msn.com/ IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache AcceptLangs = en-us IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page Redirect Cache_TIMESTAMP = CC 1B 0B 9F CE 5F CA 01 [binary data] IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,AutoSearch = http://ie.search.msn.com/{SUB_RFC1766}/src...autosearch.aspx IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn.com/{SUB_RFC1766}/srchasst/srchcust.htm IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0 IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = localhost;.local FF - HKLM\software\mozilla\Firefox\Extensions\\{ABDE892B-13A8-4d1b-88E6-365A6E755758}: C:\Program Files\Real\RealPlayer\browserrecord [2008/12/04 14:03:20 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/08/09 03:03:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Firefox\Extensions\\jqs@sun.com: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/10/29 22:29:02 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.0\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.0\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Components: C:\Program Files\Netscape\Netscape\Components [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] FF - HKLM\software\mozilla\Netscape 7.1\Extensions\\Plugins: C:\Program Files\Netscape\Netscape\Plugins [2002/11/03 22:58:48 \| 00,000,000 \| ---D \| M] [2008/07/19 00:30:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions [2008/07/19 00:30:50 \| 00,000,000 \| ---D \| M] -- C:\Documents and Settings\user\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384} [2004/08/07 18:50:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions [2004/08/07 18:50:50 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd} [2009/08/08 10:56:36 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{B13721C7-F507-4982-B2E5-502A71474FED} [2008/08/26 18:09:36 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} [2009/10/29 22:29:12 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} [2009/08/08 10:56:42 \| 00,000,000 \| ---D \| M] -- C:\Program Files\Mozilla Firefox\extensions\browserhighlighter@ebay.com [2003/08/04 17:19:04 \| 00,438,272 \| ---- \| M] (AOL Time Warner) -- C:\Program Files\Mozilla Firefox\plugins\npwinamp.dll [2002/08/11 23:42:12 \| 00,103,344 \| ---- \| M] (Adobe Systems Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppdf32.dll [2007/08/07 13:35:32 \| 00,049,152 \| ---- \| M] (Adobe Systems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\np32dsw.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin2.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin3.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin4.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin5.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin6.dll [2009/02/24 08:53:46 \| 00,143,360 \| ---- \| M] (Apple Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npqtplugin7.dll [2009/10/29 22:29:02 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeploytk.dll [2008/09/10 15:56:44 \| 00,144,960 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nppl3260.dll [2008/09/10 15:37:54 \| 00,094,208 \| ---- \| M] (RealNetworks, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\nprpjplug.dll O1 HOSTS File: (27 bytes) - C:\WINDOWS\SYSTEM32\DRIVERS\etc\hosts O1 - Hosts: 127.0.0.1 localhost O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx () O2 - BHO: (RealPlayer Download and Record Plugin for Internet Explorer) - {3049C3E9-B461-4BC5-8870-4C09146192CA} - C:\Program Files\Real\RealPlayer\rpbrowserrecordplugin.dll (RealPlayer) O2 - BHO: (no name) - {5C255C8A-E604-49b4-9D64-90988571CECB} - No CLSID value found. O2 - BHO: (Search Helper) - {6EBF7485-159F-4bff-A14F-B9E3AAC4465B} - C:\Program Files\Microsoft\Search Enhancement Pack\Search Helper\SEPsearchhelperie.dll (Microsoft Corporation) O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation) O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.) O2 - BHO: (Windows Live Toolbar Helper) - {E15A8DC0-8516-42A1-81EA-DC94EC1ACF10} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.) O3 - HKLM\..\Toolbar: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O3 - HKCU\..\Toolbar\WebBrowser: (&Windows Live Toolbar) - {21FA44EF-376D-4D53-9B0F-8A89D3229068} - C:\Program Files\Windows Live\Toolbar\wltcore.dll (Microsoft Corporation) O4 - HKLM..\Run: [{0228e555-4f9c-4e35-a3ec-b109a192b4c2}] C:\Program Files\Google\Gmail Notifier\G001-1.0.25.0\gnotify.exe (Google Inc.) O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software) O4 - HKLM..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE (VM.) O4 - HKLM..\Run: [FPCCSMiddleware] C:\Program Files\Fisher-Price\Computer Cool School\FPCCSMiddleware.exe () O4 - HKLM..\Run: [HP Component Manager] C:\Program Files\HP\hpcoretech\hpcmpmgr.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HP Software Update] C:\Program Files\Hewlett-Packard\HP Software Update\HPWuSchd2.exe (Hewlett-Packard Company) O4 - HKLM..\Run: [HPHmon03] C:\WINDOWS\SYSTEM32\hphmon03.exe (Hewlett-Packard) O4 - HKLM..\Run: [IMJPMIG8.1] C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE (Microsoft Corporation) O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.) O4 - HKLM..\Run: [NeroCheck] C:\WINDOWS\System32\\NeroCheck.exe () O4 - HKLM..\Run: [Nikon Transfer Monitor] C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe (Nikon Corporation) O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NvMediaCenter] C:\WINDOWS\System32\NvMcTray.DLL (NVIDIA Corporation) O4 - HKLM..\Run: [NVMixerTray] C:\Program Files\NVIDIA Corporation\NvMixer\NVMixerTray.exe (NVIDIA Corporation) O4 - HKLM..\Run: [nwiz] C:\WINDOWS\System32\nwiz.exe () O4 - HKLM..\Run: [QuickTime Task] C:\ci\quicktime\QTTask.exe (Apple Inc.) O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.) O4 - HKLM..\Run: [RunFlip] C:\WINDOWS\RunFlip.exe () O4 - HKLM..\Run: [SbUsb AudCtrl] C:\WINDOWS\System32\sbusbdll.dll (Creative Technology Ltd) O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.) O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Windows Media Player\K-Lite Codec Pack\Real\Update_OB\realsched.exe File not found O4 - HKCU..\Run: [IncrediMail] C:\Program Files\IncrediMail\bin\IncMail.exe (IncrediMail, Ltd.) O4 - HKCU..\Run: [LDM] C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O4 - HKCU..\Run: [Microsoft NetMeeting] C:\Program Files\NetMeeting\conf.exe (Microsoft Corporation) O4 - HKCU..\Run: [MsnMsgr] C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe (Microsoft Corporation) O4 - HKCU..\Run: [RemoteCenter] C:\Program Files\Creative\MediaSource\RemoteControl\RcMan.exe (Creative Technology Ltd) O4 - HKCU..\Run: [Skype] C:\Program Files\Skype\Phone\Skype.exe (Skype Technologies S.A.) O4 - HKLM..\RunOnce: [!CleanupNetMeetingDispDriver] C:\WINDOWS\System32\msconf.dll (Microsoft Corporation) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Deskmenu.lnk = C:\WINDOWS\DESKMENU.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Palm\hotsync.exe (Palm Computing, Inc., a 3Com Company) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Office Startup.lnk = C:\Program Files\Microsoft Office\Office\OSA.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\PrecisionTime.lnk = C:\Program Files\PrecisionTime\PrecisionTime.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Find Fast.lnk = C:\Program Files\Microsoft Office\Office\FINDFAST.EXE () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Startup.lnk = C:\QUICKENW\QWDLLS.EXE (Intuit) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Quicken Scheduled Updates.lnk = C:\QUICKENW\bagent.exe (Intuit Inc.) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Billminder.lnk = C:\QUICKENW\billmind.exe (Intuit) O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Date Manager.lnk = C:\Program Files\Date Manager\DateManager.exe File not found O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\EZVideo Chat.lnk = C:\Program Files\Ezonics\EZVideo Chat 2.0\EzChat.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\SnapDetect.lnk = C:\WINDOWS\TWAIN_32\ca561a\SnapDetect.exe () O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe (Logitech Inc.) O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext = O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLegacyLogonScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideLogoffScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunLogonScriptSync = 1 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: RunStartupScriptSync = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: HideStartupScripts = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 0 O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 55924053 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoRun = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0 O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0 O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.) O9 - Extra Button: Blog This - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : &Blog This in Windows Live Writer - {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - C:\Program Files\Windows Live\Writer\WriterBrowserExtension.dll (Microsoft Corporation) O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation) O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation) O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.) O12 - Plugin for: .spop - C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll (InterTrust Technologies Corporation, Inc.) O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone. O15 - HKCU\..Trusted Domains: ([]msn in My Computer) O15 - HKCU\..Trusted Domains: aol.com ([free] http in Trusted sites) O15 - HKCU\..Trusted Domains: aol.com ([objects] is out of zone range - 5) O15 - HKCU\..Trusted Domains: 2 domain(s) and sub-domain(s) not assigned to a zone. O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {9F1C11AA-197B-4942-BA54-47A8489BB47F} http://v4.windowsupdate.microsoft.com/CAB/...8206.6591319444 (Reg Error: Key error.) O16 - DPF: {B9F3009B-976B-41C4-A992-229DCCF3367C} http://ns-radio.netscape.com/radio/cabs/ampx.cab (CoAxTrack Class) O16 - DPF: {CAFEEFAC-0014-0000-0001-ABCDEFFEDCBA} Reg Error: Key error. (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0014-0001-0002-ABCDEFFEDCBA} http://java.sun.com/products/plugin/1.4/ji...indows-i586.cab (Reg Error: Key error.) O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_07) O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_16) O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macromedia.com/pub/shockwa...ash/swflash.cab (Shockwave Flash Object) O16 - DPF: DirectAnimation Java Classes file://C:\WINDOWS\SYSTEM\dajava.cab (Reg Error: Key error.) O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso4.cab (Reg Error: Key error.) O16 - DPF: Win32 Classes Reg Error: Key error. (Reg Error: Key error.) O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.8.199 O18 - Protocol\Handler\bwfile-8876480 {9462A756-7B47-47BC-8C80-C34B9B80B32B} - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll (Logitech Inc.) O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company) O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\ipp - No CLSID value found O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp - No CLSID value found O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\ole db\msdaipp.dll (Microsoft Corporation) O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.14.0.8064.0206.dll (Microsoft Corporation) O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies) O18 - Protocol\Handler\wlmailhtml {03C514A3-1EFB-4856-9F99-10D7BE1653C0} - C:\Program Files\Windows Live\Mail\mailcomm.dll (Microsoft Corporation) O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation) O24 - Desktop Components:0 (My Current Home Page) - About:Home O32 - HKLM CDRom: AutoRun - 1 O32 - AutoRun File - [2004/04/05 17:41:24 \| 00,000,194 \| -H-- \| M] () - C:\AUTOEXEC.BAT -- [ FAT32 ] O32 - AutoRun File - [2004/04/05 17:41:24 \| 00,000,194 \| -HS- \| M] () - C:\AUTOEXEC.BAK -- [ FAT32 ] O32 - AutoRun File - [2004/02/19 11:25:34 \| 00,000,194 \| -HS- \| M] () - C:\AUTOEXEC.DOS -- [ FAT32 ] O32 - AutoRun File - [2002/02/18 10:30:34 \| 00,000,194 \| -H-- \| M] () - C:\AUTOEXEC.625 -- [ FAT32 ] O33 - MountPoints2\{7309926d-8387-11dd-8730-0016178e2e04}\Shell - "" = AutoRun O33 - MountPoints2\{7309926d-8387-11dd-8730-0016178e2e04}\Shell\AutoRun - "" = Auto&Play O33 - MountPoints2\{7309926d-8387-11dd-8730-0016178e2e04}\Shell\AutoRun\command - "" = F:\LaunchU3.exe -- File not found O34 - HKLM BootExecute: (autocheck) - File not found O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation) O34 - HKLM BootExecute: () - File not found O35 - comfile [open] -- "%1" % File not found O35 - exefile [open] -- "%1" %* File not found ========== Files/Folders - Created Within 30 Days ========== [2009/11/07 12:31:29 \| 00,000,000 \| ---D \| C] -- C:\_OTL [2009/11/06 17:58:52 \| 00,528,896 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009/11/06 17:36:38 \| 00,472,064 \| ---- \| C] ( ) -- C:\Documents and Settings\user\Desktop\RootRepeal.exe [2009/11/06 11:33:35 \| 00,000,000 \| --SD \| C] -- C:\ComboFix [2009/11/01 09:53:52 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\user\Desktop\avz4 [2009/11/01 09:45:44 \| 00,038,224 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys [2009/11/01 09:45:42 \| 00,019,160 \| ---- \| C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys [2009/10/31 14:27:33 \| 00,000,000 \| RHSD \| C] -- C:\cmdcons [2009/10/31 14:26:23 \| 00,212,480 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe [2009/10/31 14:26:23 \| 00,161,792 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWREG.exe [2009/10/31 14:26:23 \| 00,136,704 \| ---- \| C] (SteelWerX) -- C:\WINDOWS\SWSC.exe [2009/10/31 14:26:23 \| 00,031,232 \| ---- \| C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe [2009/10/31 14:25:38 \| 00,000,000 \| ---D \| C] -- C:\Qoobox [2009/10/31 10:55:54 \| 00,000,000 \| ---D \| C] -- C:\_OTS [2009/10/29 22:27:27 \| 16,664,352 \| ---- \| C] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jre.exe [2009/10/29 22:25:08 \| 00,000,000 \| ---D \| C] -- C:\Sun [2009/10/28 22:14:37 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\user\Apps [2009/10/28 21:08:17 \| 00,000,000 \| ---D \| C] -- C:\VundoFix Backups [2009/10/28 21:07:53 \| 00,119,808 \| ---- \| C] (Atribune.org) -- C:\Documents and Settings\user\Desktop\VundoFix.exe [2009/10/28 09:33:48 \| 00,000,000 \| ---D \| C] -- C:\Program Files\TightVNC [2009/10/28 09:32:50 \| 01,421,291 \| ---- \| C] (TightVNC Group ) -- C:\Documents and Settings\user\Desktop\tightvnc-1.3.10-setup.exe [2009/10/27 23:03:03 \| 08,080,728 \| ---- \| C] (Mozilla) -- C:\Documents and Settings\user\Desktop\ff354.exe [2009/10/27 22:30:26 \| 04,045,536 \| ---- \| C] (Malwarebytes Corporation ) -- C:\Documents and Settings\user\Desktop\mbam-setup.exe [2009/10/25 18:50:15 \| 00,000,000 \| ---D \| C] -- C:\WINDOWS\ERDNT [2009/10/25 18:50:01 \| 00,000,000 \| ---D \| C] -- C:\Program Files\ERUNT [2009/10/25 18:46:50 \| 00,021,504 \| ---- \| C] (Doug Knox) -- C:\Documents and Settings\user\Desktop\SysRestorePoint.exe [2009/10/25 18:30:24 \| 00,271,872 \| ---- \| C] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe [2009/10/25 18:18:32 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\user\Application Data\Malwarebytes [2009/10/22 13:18:09 \| 00,000,000 \| -HSD \| C] -- C:\Documents and Settings\user\Application Data\S85-28348346-UIT83-G3-72366-GDSG-1732735 [2009/10/14 13:09:36 \| 00,000,000 \| ---D \| C] -- C:\Documents and Settings\user\Application Data\GARMIN [2009/10/14 13:09:14 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Garmin GPS Plugin [2009/10/14 13:09:12 \| 00,000,000 \| ---D \| C] -- C:\Program Files\DIFX [2009/10/14 13:09:11 \| 00,000,000 \| ---D \| C] -- C:\Program Files\Garmin [2009/10/13 19:59:22 \| 02,146,304 \| ---- \| C] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr [2008/10/05 17:52:02 \| 00,059,392 \| R--- \| C] ( ) -- C:\WINDOWS\System32\a3d.dll [1 C:\WINDOWS\System\.tmp files -> C:\WINDOWS\System\.tmp -> ] ========== Files - Modified Within 30 Days ========== [2009/11/07 12:36:58 \| 07,077,888 \| -H-- \| M] () -- C:\Documents and Settings\user\NTUSER.DAT [2009/11/07 12:33:06 \| 00,186,097 \| ---- \| M] () -- C:\WINDOWS\System32\nvapps.xml [2009/11/07 12:32:54 \| 00,020,790 \| ---- \| M] () -- C:\WINDOWS\System32\wpa.dbl [2009/11/07 12:32:42 \| 00,000,006 \| -H-- \| M] () -- C:\WINDOWS\tasks\SA.DAT [2009/11/07 12:32:34 \| 32,207,54432 \| -HS- \| M] () -- C:\hiberfil.sys [2009/11/07 12:32:34 \| 00,002,048 \| --S- \| M] () -- C:\WINDOWS\bootstat.dat [2009/11/07 12:31:38 \| 00,000,178 \| -HS- \| M] () -- C:\Documents and Settings\user\ntuser.ini [2009/11/07 12:29:44 \| 00,002,187 \| ---- \| M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk [2009/11/06 17:43:04 \| 00,000,000 \| ---- \| M] () -- C:\Documents and Settings\user\Desktop\settings.dat [2009/11/06 10:53:54 \| 00,267,264 \| ---- \| M] () -- C:\WINDOWS\PEV.exe [2009/11/06 09:54:34 \| 00,528,896 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\OTL.exe [2009/11/06 09:23:52 \| 00,035,328 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/06 09:23:52 \| 00,035,328 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2009/11/04 18:31:54 \| 00,000,354 \| ---- \| M] () -- C:\WINDOWS\tasks\PCHealth Scheduler for Data Collection.job [2009/11/01 08:33:08 \| 00,208,104 \| ---- \| M] () -- C:\WINDOWS\System32\FNTCACHE.DAT [2009/10/31 14:27:38 \| 00,000,281 \| RHS- \| M] () -- C:\boot.ini [2009/10/30 07:28:04 \| 00,000,284 \| ---- \| M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job [2009/10/29 22:29:02 \| 00,411,368 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\deploytk.dll [2009/10/29 22:29:02 \| 00,149,280 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaws.exe [2009/10/29 22:29:02 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javaw.exe [2009/10/29 22:29:02 \| 00,145,184 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\java.exe [2009/10/29 22:29:02 \| 00,073,728 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\WINDOWS\System32\javacpl.cpl [2009/10/29 22:26:50 \| 16,664,352 \| ---- \| M] (Sun Microsystems, Inc.) -- C:\Documents and Settings\user\Desktop\jre.exe [2009/10/28 22:15:14 \| 00,000,740 \| ---- \| M] () -- C:\Documents and Settings\user\Desktop\Shortcut to cmd.lnk [2009/10/28 21:34:22 \| 00,002,626 \| ---- \| M] () -- C:\WINDOWS\System32\CONFIG.NT [2009/10/28 09:33:50 \| 00,000,635 \| ---- \| M] () -- C:\Documents and Settings\user\Desktop\TightVNC Viewer.lnk [2009/10/27 23:01:46 \| 08,080,728 \| ---- \| M] (Mozilla) -- C:\Documents and Settings\user\Desktop\ff354.exe [2009/10/25 21:59:52 \| 00,048,556 \| -H-- \| M] () -- C:\WINDOWS\System32\mlfcache.dat [2009/10/25 18:47:54 \| 00,054,072 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT [2009/10/25 18:47:54 \| 00,054,072 \| ---- \| M] () -- C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT [2009/10/25 18:46:42 \| 00,021,504 \| ---- \| M] (Doug Knox) -- C:\Documents and Settings\user\Desktop\SysRestorePoint.exe [2009/10/25 18:30:26 \| 00,271,872 \| ---- \| M] (OldTimer Tools) -- C:\Documents and Settings\user\Desktop\TFC.exe [2009/10/25 06:11:36 \| 00,077,312 \| ---- \| M] () -- C:\WINDOWS\MBR.exe [2009/10/23 14:51:56 \| 00,000,082 \| ---- \| M] () -- C:\Documents and Settings\user\My Documents\Default.PLS [2009/10/14 03:03:30 \| 00,480,108 \| ---- \| M] () -- C:\WINDOWS\System32\PerfStringBackup.INI [2009/10/14 03:03:30 \| 00,426,402 \| ---- \| M] () -- C:\WINDOWS\System32\perfh009.dat [2009/10/14 03:03:30 \| 00,065,428 \| ---- \| M] () -- C:\WINDOWS\System32\perfc009.dat [2009/10/14 03:02:00 \| 00,001,393 \| ---- \| M] () -- C:\WINDOWS\imsins.BAK [2009/10/13 19:59:22 \| 02,146,304 \| ---- \| M] (Google Inc.) -- C:\WINDOWS\System32\GPhotos.scr [1 C:\WINDOWS\System\.tmp files -> C:\WINDOWS\System\.tmp -> ] ========== Files Created - No Company Name ========== [2009/11/06 17:43:03 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\settings.dat [2009/11/01 09:53:07 \| 05,125,238 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\avz4.zip [2009/10/31 14:27:37 \| 00,000,211 \| ---- \| C] () -- C:\Boot.bak [2009/10/31 14:27:34 \| 00,260,272 \| ---- \| C] () -- C:\cmldr [2009/10/31 14:26:23 \| 00,267,264 \| ---- \| C] () -- C:\WINDOWS\PEV.exe [2009/10/31 14:26:23 \| 00,098,816 \| ---- \| C] () -- C:\WINDOWS\sed.exe [2009/10/31 14:26:23 \| 00,080,412 \| ---- \| C] () -- C:\WINDOWS\grep.exe [2009/10/31 14:26:23 \| 00,077,312 \| ---- \| C] () -- C:\WINDOWS\MBR.exe [2009/10/31 14:26:23 \| 00,068,096 \| ---- \| C] () -- C:\WINDOWS\zip.exe [2009/10/29 22:32:17 \| 00,000,635 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\TightVNC Viewer.lnk [2009/10/28 22:15:13 \| 00,000,740 \| ---- \| C] () -- C:\Documents and Settings\user\Desktop\Shortcut to cmd.lnk [2009/07/22 10:37:42 \| 00,168,448 \| ---- \| C] () -- C:\WINDOWS\System32\unrar.dll [2009/07/22 10:37:41 \| 00,000,038 \| ---- \| C] () -- C:\WINDOWS\avisplitter.ini [2009/07/22 10:37:40 \| 02,402,304 \| ---- \| C] () -- C:\WINDOWS\System32\x264vfw.dll [2009/07/22 10:37:40 \| 00,881,664 \| ---- \| C] () -- C:\WINDOWS\System32\xvidcore.dll [2009/07/22 10:37:40 \| 00,205,824 \| ---- \| C] () -- C:\WINDOWS\System32\xvidvfw.dll [2009/07/22 10:37:39 \| 03,596,288 \| ---- \| C] () -- C:\WINDOWS\System32\qt-dx331.dll [2009/07/22 10:37:38 \| 00,085,504 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll [2009/07/22 10:37:38 \| 00,000,547 \| ---- \| C] () -- C:\WINDOWS\System32\ff_vfw.dll.manifest [2009/03/11 03:05:32 \| 06,291,456 \| -H-- \| C] () -- C:\Documents and Settings\user\Application Data\IconCache.db [2008/11/18 09:40:47 \| 00,001,755 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache [2008/11/16 09:13:43 \| 00,000,268 \| RH-- \| C] () -- C:\Documents and Settings\user\Application Data\Galaxy Swirl [2008/11/16 09:13:43 \| 00,000,268 \| R--- \| C] () -- C:\Documents and Settings\All Users\Application Data\Grapher [2008/11/16 09:13:43 \| 00,000,020 \| ---- \| C] () -- C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT [2008/11/16 09:13:43 \| 00,000,012 \| R--- \| C] () -- C:\Documents and Settings\All Users\Application Data\Halftone [2008/10/05 17:52:02 \| 00,012,043 \| ---- \| C] () -- C:\WINDOWS\System32\SBUSB.INI [2008/06/22 16:27:55 \| 00,000,088 \| ---- \| C] () -- C:\WINDOWS\StyleBuilder.INI [2008/05/16 14:01:00 \| 01,703,936 \| ---- \| C] () -- C:\WINDOWS\System32\nvwdmcpl.dll [2008/05/16 14:01:00 \| 01,486,848 \| ---- \| C] () -- C:\WINDOWS\System32\nview.dll [2008/05/16 14:01:00 \| 01,019,904 \| ---- \| C] () -- C:\WINDOWS\System32\nvwimg.dll [2008/05/16 14:01:00 \| 00,466,944 \| ---- \| C] () -- C:\WINDOWS\System32\nvshell.dll [2008/05/16 14:01:00 \| 00,286,720 \| ---- \| C] () -- C:\WINDOWS\System32\nvnt4cpl.dll [2006/06/29 14:58:52 \| 00,030,808 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalUserInterface.CompositeFont [2006/06/29 14:53:56 \| 00,026,489 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSansSerif.CompositeFont [2006/04/18 15:39:28 \| 00,029,779 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalSerif.CompositeFont [2006/04/18 15:39:28 \| 00,026,040 \| ---- \| C] () -- C:\WINDOWS\Fonts\GlobalMonospace.CompositeFont [2006/01/08 13:38:38 \| 00,014,385 \| ---- \| C] () -- C:\WINDOWS\Tw561a.ini [2006/01/08 13:38:38 \| 00,000,180 \| ---- \| C] () -- C:\WINDOWS\ap561.ini [2006/01/08 13:38:38 \| 00,000,081 \| ---- \| C] () -- C:\WINDOWS\Setup8a.ini [2006/01/08 13:29:52 \| 00,005,561 \| ---- \| C] () -- C:\WINDOWS\EZPhotoTools2.ini [2006/01/08 13:29:01 \| 00,001,094 \| ---- \| C] () -- C:\WINDOWS\EZPhotoBrowser2.ini [2006/01/08 13:27:22 \| 00,000,906 \| ---- \| C] () -- C:\WINDOWS\Showtime1.ini [2006/01/08 13:23:49 \| 00,122,880 \| ---- \| C] () -- C:\WINDOWS\System32\NSVIDEO.dll [2005/12/26 13:52:08 \| 00,001,695 \| ---- \| C] () -- C:\WINDOWS\hpdj6500.ini [2005/01/19 12:58:32 \| 00,045,056 \| R--- \| C] () -- C:\WINDOWS\System32\WNTSETUP.DLL [2005/01/19 12:58:29 \| 00,003,000 \| R--- \| C] () -- C:\WINDOWS\System32\SetupNT.sys [2004/10/27 19:53:27 \| 00,001,599 \| ---- \| C] () -- C:\Program Files\uninstal.log [2004/10/24 16:38:12 \| 00,054,072 \| ---- \| C] () -- C:\Documents and Settings\user\Application Data\GDIPFONTCACHEV1.DAT [2004/10/24 11:41:10 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\SETUP32.INI [2004/08/07 17:58:19 \| 00,035,328 \| ---- \| C] () -- C:\Documents and Settings\user\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini [2004/08/07 16:39:03 \| 00,012,484 \| ---- \| C] () -- C:\WINDOWS\IOS.INI [2004/08/07 16:39:03 \| 00,007,885 \| ---- \| C] () -- C:\WINDOWS\NETDET.INI [2004/08/07 16:39:03 \| 00,005,068 \| ---- \| C] () -- C:\WINDOWS\DELETEFI.INI [2004/08/07 16:39:03 \| 00,004,278 \| ---- \| C] () -- C:\WINDOWS\ULEAD32.INI [2004/08/07 16:39:03 \| 00,003,598 \| ---- \| C] () -- C:\WINDOWS\HTMLHELP.INI [2004/08/07 16:39:03 \| 00,001,765 \| ---- \| C] () -- C:\WINDOWS\QUICKEN.INI [2004/08/07 16:39:03 \| 00,001,065 \| ---- \| C] () -- C:\WINDOWS\winamp.ini [2004/08/07 16:39:03 \| 00,000,952 \| ---- \| C] () -- C:\WINDOWS\intuprof.ini [2004/08/07 16:39:03 \| 00,000,787 \| ---- \| C] () -- C:\WINDOWS\SCANREG.INI [2004/08/07 16:39:03 \| 00,000,621 \| ---- \| C] () -- C:\WINDOWS\ODBC.INI [2004/08/07 16:39:03 \| 00,000,488 \| ---- \| C] () -- C:\WINDOWS\Cmousecc.ini [2004/08/07 16:39:03 \| 00,000,479 \| ---- \| C] () -- C:\WINDOWS\TAPE.INI [2004/08/07 16:39:03 \| 00,000,475 \| ---- \| C] () -- C:\WINDOWS\cdPlayer.ini [2004/08/07 16:39:03 \| 00,000,256 \| ---- \| C] () -- C:\WINDOWS\EZPHOTO.INI [2004/08/07 16:39:03 \| 00,000,240 \| ---- \| C] () -- C:\WINDOWS\qwimp.ini [2004/08/07 16:39:03 \| 00,000,233 \| ---- \| C] () -- C:\WINDOWS\hpfsched.ini [2004/08/07 16:39:03 \| 00,000,225 \| ---- \| C] () -- C:\WINDOWS\TELEPHON.INI [2004/08/07 16:39:03 \| 00,000,183 \| ---- \| C] () -- C:\WINDOWS\SIERRA.INI [2004/08/07 16:39:03 \| 00,000,171 \| ---- \| C] () -- C:\WINDOWS\INTUIT.INI [2004/08/07 16:39:03 \| 00,000,094 \| ---- \| C] () -- C:\WINDOWS\CMISETUP.INI [2004/08/07 16:39:03 \| 00,000,076 \| ---- \| C] () -- C:\WINDOWS\WININIT.INI [2004/08/07 16:39:03 \| 00,000,064 \| ---- \| C] () -- C:\WINDOWS\UPIOEM.INI [2004/08/07 16:39:03 \| 00,000,060 \| ---- \| C] () -- C:\WINDOWS\POWERPNT.INI [2004/08/07 16:39:03 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\WAVEMIX.INI [2004/08/07 16:39:03 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\QFP.INI [2004/08/07 16:39:03 \| 00,000,054 \| ---- \| C] () -- C:\WINDOWS\MFF.INI [2004/08/07 16:39:03 \| 00,000,051 \| ---- \| C] () -- C:\WINDOWS\iTouch.ini [2004/08/07 16:39:03 \| 00,000,041 \| ---- \| C] () -- C:\WINDOWS\winampa.ini [2004/08/07 16:39:03 \| 00,000,038 \| ---- \| C] () -- C:\WINDOWS\msoffice.ini [2004/08/07 16:39:03 \| 00,000,034 \| ---- \| C] () -- C:\WINDOWS\SOL.INI [2004/08/07 16:39:03 \| 00,000,030 \| ---- \| C] () -- C:\WINDOWS\upth.ini [2004/08/07 16:39:03 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\QTW.INI [2004/08/07 16:39:03 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\NETSCAPE.INI [2004/08/07 16:39:03 \| 00,000,028 \| ---- \| C] () -- C:\WINDOWS\ICOA.INI [2004/08/07 16:39:03 \| 00,000,027 \| ---- \| C] () -- C:\WINDOWS\UP9ASP.INI [2004/08/07 16:39:03 \| 00,000,026 \| ---- \| C] () -- C:\WINDOWS\CMCDPLAY.INI [2004/08/07 16:39:03 \| 00,000,024 \| ---- \| C] () -- C:\WINDOWS\atid.ini [2004/08/07 16:39:03 \| 00,000,023 \| ---- \| C] () -- C:\WINDOWS\mid.ini [2004/08/07 16:39:03 \| 00,000,022 \| ---- \| C] () -- C:\WINDOWS\exchng.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\QFNONL.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\QFN.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\QDQICK.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\progman.ini [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\HTMLAST.INI [2004/08/07 16:39:03 \| 00,000,000 \| ---- \| C] () -- C:\WINDOWS\DDM.INI [2004/08/07 16:37:48 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\user\Application Data\desktop.ini [2004/08/07 16:29:27 \| 00,000,062 \| -HS- \| C] () -- C:\Documents and Settings\All Users\Application Data\desktop.ini [2004/08/07 16:14:45 \| 00,002,412 \| ---- \| C] () -- C:\WINDOWS\win.ini [2004/08/07 16:14:27 \| 00,000,555 \| ---- \| C] () -- C:\WINDOWS\system.ini [2004/02/19 11:29:39 \| 01,892,352 \| ---- \| C] () -- C:\WINDOWS\System32\CMIWCNFG.DLL [2004/02/19 11:29:39 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\System32\CMIRMDRV.DLL [2004/02/19 11:29:13 \| 00,028,672 \| ---- \| C] () -- C:\WINDOWS\CMIRmDriver.dll [2004/02/19 11:21:02 \| 00,045,056 \| ---- \| C] () -- C:\WINDOWS\System32\W9XSETUP.DLL [2003/05/10 14:19:59 \| 00,000,000 \| ---- \| C] () -- C:\Documents and Settings\user\Application Data\dm.ini [2002/11/28 15:51:47 \| 00,210,944 \| ---- \| C] () -- C:\WINDOWS\System32\MSVCRT10.DLL [2002/09/18 09:08:59 \| 00,207,872 \| ---- \| C] () -- C:\WINDOWS\System32\RDMWIN32.DLL [2002/05/14 21:45:51 \| 00,034,816 \| ---- \| C] () -- C:\WINDOWS\Upi41001.dll [2002/05/14 21:45:51 \| 00,016,896 \| ---- \| C] () -- C:\WINDOWS\Upi41002.dll [2002/03/20 13:33:40 \| 00,023,414 \| ---- \| C] () -- C:\Program Files\Common Files\fw7p.pdf [2002/01/28 14:04:21 \| 00,023,357 \| -H-- \| C] () -- C:\Program Files\folder.htt [2002/01/28 14:04:21 \| 00,000,271 \| -HS- \| C] () -- C:\Program Files\desktop.ini [1997/07/11 00:00:00 \| 00,031,232 \| ---- \| C] () -- C:\WINDOWS\System32\XLREC.DLL [1997/07/11 00:00:00 \| 00,025,600 \| ---- \| C] () -- C:\WINDOWS\System32\RECNCL.DLL [1997/07/11 00:00:00 \| 00,022,016 \| ---- \| C] () -- C:\WINDOWS\System32\ODBCSTF.DLL [1997/07/11 00:00:00 \| 00,022,016 \| ---- \| C] () -- C:\WINDOWS\System32\DOCOBJ.DLL [1980/01/01 00:00:00 \| 00,057,344 \| ---- \| C] () -- C:\WINDOWS\System32\ICMFILTER.DLL < End of report > Malwarebytes' Anti-Malware 1.41 Database version: 3118 Windows 5.1.2600 Service Pack 3 11/7/2009 12:45:02 PM mbam-log-2009-11-07 (12-45-02).txt Scan type: Quick Scan Objects scanned: 108751 Time elapsed: 3 minute(s), 50 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 0 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: (No malicious items detected) Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected)

piano9playa5 View Member Profile	Nov 7 2009, 02:52 PM Post #19
GeekU Senior Posts: 1,241 OS: XP Home	Hello. We are nearly done. I'm not sure I understand what you mean about the AutoRuns.. Can you be more specific.. Which tool? Is it causing you any problems? From what I do understand, it should be fine. Since we are nearly done, and since I don't think that it will cause any problems anyway. You can just leave it the way it is.. Unless of course it's annoying you, in which case we can disable autorunning.... Step One Download TFC to your desktop Open the file and close any other windows. It will close all programs itself when run, make sure to let it run uninterrupted. Click the Start button to begin the process. The program should not take long to finish its job Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean Step Two Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application: Please visit Java Downloads for All Operating Systems Under Windows, click "Windows 7/XP/Vista/2000/2003/2008 Offline" Make sure to download the Offline version. Save it to your Desktop. Close any programs you may have running - especially your web browser. Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java: Check any item with Java Runtime Environment (JRE or J2SE) in the name. Click the Remove or Change/Remove button. Repeat as many times as necessary to remove each Java version. Reboot your computer once all Java components are removed. Then from your Desktop double-click jre-6u17-windows-i586-s to install the newest version. (Vista users, right click and select "Run as an Administrator.") Step Three Using Internet Explorer or Firefox, visit Kaspersky Online Scanner 1. Click Accept, when prompted to download and install the program files and database of malware definitions. 2. To optimize scanning time and produce a more sensible report for review: Close any open programs Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs. 3. Click Run at the Security prompt. The program will then begin downloading and installing and will also update the database. Please be patient as this can take quite a long time to download. Once the update is complete, click on Settings. Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button: Spyware, adware, dialers, and other riskware Archives E-mail databases Click on My Computer under the green Scan bar to the left to start the scan. Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it. Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined. Click View report... at the bottom. Click the Save report... button. Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply Logs&Info Remember to post back the following logs: KasReport.txt

CoffeeBreath View Member Profile	Nov 8 2009, 08:29 AM Post #20
Member Posts: 13 OS: win xp, but mostly linux	Howdy, Kaspersky completed, a number of the complaints seem to be from the OTS quarantine area. Log below. Thanks! Steve. -------------------------------------------------------------------------------- KASPERSKY ONLINE SCANNER 7.0: scan report Sunday, November 8, 2009 Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600) Kaspersky Online Scanner version: 7.0.26.13 Last database update: Saturday, November 07, 2009 23:54:12 Records in database: 3172970 -------------------------------------------------------------------------------- Scan settings: scan using the following database: extended Scan archives: yes Scan e-mail databases: yes Scan area - My Computer: A:\ C:\ D:\ F:\ Scan statistics: Objects scanned: 98035 Threats found: 12 Infected objects found: 58 Suspicious objects found: 1 Scan duration: 02:12:43 File name / Threat / Threats count C:\WINDOWS\SYSTEM32\LostRun.exe Infected: Trojan.Win32.Agent.cftc 1 C:\OldD\Program Files\Netscape\Users\default\Cache\M17JQK7O.HTM Suspicious: Exploit.HTML.SecurityBreach.3 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\nawariko.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\zemeruwi.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\dckp.suo Infected: Backdoor.Win32.Bredavi.apx 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\yepitayo.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\yuguvine.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\vodayufi.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\fajejako.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\sihayuso.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\bidubiti.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\lomehane.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\yalemera.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\kuhirelu.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_WINDOWS\SYSTEM32\diwuwumo.dll Infected: Packed.Win32.TDSS.aa 1 C:\_OTS\MovedFiles\10312009_105554\C_Documents and Settings\All Users\Application Data\80856330\80856330.exe Infected: Trojan.Win32.FraudPack.yll 1 C:\_OTS\MovedFiles\10312009_105554\C_\xtnop.exe Infected: Packed.Win32.TDSS.aa 1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0028749.exe Infected: not-a-virus:AdWare.Win32.Gamevance.ao 1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031773.exe Infected: Packed.Win32.Krap.ah1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031774.exe Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031779.exe Infected: Trojan-Dropper.Win32.PMax.b 1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031781.exe Infected: Packed.Win32.Krap.ah1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031890.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031901.exe Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031902.exe Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031904.exe Infected: Packed.Win32.Krap.w1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031905.exe Infected: Packed.Win32.Krap.w1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031927.DLL Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031928.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031929.DLL Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0035494.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0032064.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031931.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031934.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031935.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0031936.DLL Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0035495.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0035496.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0035497.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0032197.exe Infected: Packed.Win32.Krap.x1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0032205.DLL Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0032364.exe Infected: Packed.Win32.Krap.x1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0032365.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0034396.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP445\A0035493.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP446\A0035877.exe Infected: Trojan.Win32.FraudPack.yll 1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP446\A0035880.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP446\A0035883.DLL Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP446\A0036943.EXE Infected: Trojan.Win32.Antavmu.fii 1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP447\A0037213.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP447\A0037214.dll Infected: Packed.Win32.TDSS.aa1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP447\A0037215.exe Infected: Packed.Win32.Krap.x1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP447\A0037217.exe Infected: Packed.Win32.Krap.x1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP447\A0037218.exe Infected: Packed.Win32.Krap.x1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP447\A0037219.exe Infected: Packed.Win32.Krap.x1 C:\System Volume Information\_restore{F14FEDC1-C617-446D-A6C6-A2B6AC8A0E2B}\RP447\A0037220.exe Infected: Trojan.Win32.FraudPack.yll 1 C:\Recycled\Dc5\avz4\Quarantine\2009-11-06\avz00005.dta Infected: Trojan.Win32.Antavmu.fii 1 C:\Recycled\Dc5\avz4\Infected\2009-11-01\avz00001.dta Infected: Packed.Win32.Krap.x 1 C:\Recycled\Dc8.exe Infected: not-a-virus:RemoteAdmin.Win32.WinVNC.1370 1 Selected area has been scanned.

piano9playa5 View Member Profile	Nov 8 2009, 02:48 PM Post #21
GeekU Senior Posts: 1,241 OS: XP Home	Hello. That log looks great! Most of them were in System Restore, and OTS Quarantine. We have two files to nuke, and then we can do some cleaning. Run OTL (Double click to run) Under the Custom Scans/Fixes box at the bottom, paste in the following: CODE :Files C:\WINDOWS\SYSTEM32\LostRun.exe C:\OldD\Program Files\Netscape\Users\default\Cache\M17JQK7O.HTM :Commands [purity] [emptytemp] [Reboot] Then click the Run Fix button at the top Let the program run unhindered, and accept to reboot when it's finished. During start-up, a log will open. Paste the contents of it back here

CoffeeBreath View Member Profile	Nov 8 2009, 07:29 PM Post #22
Member Posts: 13 OS: win xp, but mostly linux	Howdy, Yup, I'm hopeful... :-) OTL log is below. Awaiting final orders. The wife is ready for this ordeal to be over! :-) Thanks, Steve. ��All processes killed ========== FILES ========== C:\WINDOWS\SYSTEM32\LostRun.exe moved successfully. C:\OldD\Program Files\Netscape\Users\default\Cache\M17JQK7O.HTM moved successfully. ========== COMMANDS ========== [EMPTYTEMP] User: Default User ->Temporary Internet Files folder emptied: 0 bytes User: All Users User: user ->Temporary Internet Files folder emptied: 3250793 bytes ->Java cache emptied: 13817488 bytes ->FireFox cache emptied: 8630920 bytes ->Apple Safari cache emptied: 2366041 bytes User: NetworkService ->Temporary Internet Files folder emptied: 0 bytes User: LocalService ->Temporary Internet Files folder emptied: 33170 bytes User: Steve ->Temporary Internet Files folder emptied: 0 bytes ->Java cache emptied: 0 bytes ->FireFox cache emptied: 0 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 0 bytes %systemroot%\System32 .tmp files removed: 0 bytes Windows Temp folder emptied: 16384 bytes Session Manager Temp folder emptied: 16384 bytes Session Manager Tmp folder emptied: 16384 bytes RecycleBin emptied: 20975487 bytes Total Files Cleaned = 46.85 mb OTL by OldTimer - Version 3.1.4.0 log created on 11082009_202251 Files\Folders moved on Reboot... C:\WINDOWS\temp\Perflib_Perfdata_490.dat moved successfully. Registry entries deleted on Reboot...

piano9playa5 View Member Profile	Nov 9 2009, 01:58 PM Post #23
GeekU Senior Posts: 1,241 OS: XP Home	Hey! Looks clean! Now let's do some cleaning up and learn how to protect ourselves from future infection! System Restore We need to remove malware from your System Restore Points: Open OTL. Under the Custom Scans/Fixes box at the bottom, paste in the following: CODE :commands [CLEARRESTOREPOINTS] [CREATERESTOREPOINT] Then click the Run Fix button at the top. You may or may not be asked to reboot. In any case, I don't need the log that follows. Tools Used This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer. Open OTL. In the top right corner will be a button called "Clean Up!"; click it. Follow any prompts, and reboot if necessary. Windows Updates You should visit the Windows Update site about once a month. If you're feeling lazy you can turn on Automatic Updates which will do most of the work for you. (ask me how) Go to update.microsoft.com using Internet Explorer. Click High Priority Updates and then check all of the updates and then click the Download botton. A windows should pop up giving the status of each update. Restart if asked to. Prevention Tools Spywareblaster SpywareBlaster will prevent spyware from being installed. Spywareguard SpywareGuard offers realtime protection from spyware installation attempts. NoScript Add-on for Firefox that allows active content to run only from the sites you trust! ATF Cleaner Clean out temp files safely, and effectively. NOTE: This program is for Windows 2000, XP and Vista only! ====================================================== If you are wondering how you got infected in the first place please visit this cool page called: How did I get infected in the first place? Glad I could help, piano9playa5

Essexboy View Member Profile	Nov 14 2009, 11:08 AM Post #24
GeekU Moderator Posts: 19,163 From: Darkest Cornwall OS: Vista Ultimate & Windows 7	Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread. Everyone else please begin a New Topic.

« Next Oldest · Virus, Spyware and Trojan Removal · Next Newest »

2 Pages

< 1 2

1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)

0 Members:

Topic Title	Replies / Views	Topic Information
Virus, Spyware and Trojan Removal WinPC Defender - Malwarebytes won't install [Solved] 123	30 / 4,556	10th April 2009 - 02:30 AM eufouria started - last by RatHat
Virus, Spyware and Trojan Removal Virus? Can't install MBAM software	0 / 128	13th October 2009 - 02:31 PM TaxGeek started - last by TaxGeek
Virus, Spyware and Trojan Removal MBAM won't install and/or run, lots of pop ups... [Solved] 12	15 / 209	1st November 2009 - 06:33 PM redundant142 started - last by Rorschach112
Games Game won't install	0 / 75	9th November 2009 - 06:12 AM monkaymagic started - last by monkaymagic