Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

"Scan4Plus.com"

Started by RobertArthur , Jan 07 2009 05:09 PM

  • Please log in to reply

#1
RobertArthur
Posted 07 January 2009 - 05:09 PM

RobertArthur

    New Member

  • Member
  • Pip
  • 6 posts
Thank you Geeks to Go, for this service. I saw one of you had a paypal link for donations, and I WILL use it.

Yesterday, our home pc, a Dell Dimension 4700, with WinXP, Norton 360, seemed infected, and I shut it right down. Please advise as to seriousness.
As soon as I opened Foxfire browser, three large panes appeared with this "Scan4Plus" heading, warning that the pc was infected, that I needed to cure it immediately before losing files, losing confidential identifying data, etc. I could not close them by clicking the X's, nor use the START button to shut down. I couldn't open a new tab to get around these panes either.
Disconnected from modem, restarted, ran the Norton scans which detected nothing.
Shut down.
With Norton phone "support," was able to use I.E. to reach their "rescue" service, but declined, and shut down again.

Is it safe to restart offline to back-up recent files?
Safe to use different browser?
Are there procedures to try to clear this?
Before the Norton, I used AVG, Spybot, and Ad-Aware without problems. Can these be loaded on top of Norton?

This is so cool, just imagining that someone would read this!
Robert Arthur


  • 0

Advertisements

#2
Gravity Gripp
Posted 08 January 2009 - 10:54 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Robert, Welcome to Geeks-To-Go. My name is GravityGripp and I'll be assisting you with your
issues.

First, when you post logs here, post them directly into the reply. Do not attach them, unless told to do so. Also, do not alter the font, color, or size of these logs. This will help me, help you.

Also, if I have not responded to you in a time period longer than 4 days, please feel free to PM me.

Thanks and I look forward to working with you. :)


First, let me answer some of your questions. If you can, go ahead and start your computer back up and try to follow the steps as I post them.

Yes, it would be safe to backup data offline, but make sure that the computer you move those files to has up-to-date virus protection. The files could be infected.

I would like you to use Firefox is at all possible.

Yes there are procedures to fix your issues, we're going to get there :)

It is not wise to run more than one anti-virus protection products at a time. If your subscription to Norton has run out, there are free ones out there such as AVG and Avast. I can also recommend pay for products if you like.

Now let's get started. You will need to follow these steps on your infected PC. If you can not complete a step, please let me know.

STEP ONE
  • First, download OTListIt2 to your desktop.
  • Once it has finished downloading, please double click on the icon.
  • When the window appears, please make the following changes:
    • Click Output: Minimal Ouput
  • When the scan completes, it will open two notepad windows. OTListIt.Txt and Extras.Txt
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
  • You may close these windows when you have posted the contents of the files.

  • 0

#3
RobertArthur
Posted 09 January 2009 - 07:08 PM

RobertArthur

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Gravity Gripp,
Thank you for starting on this. I'm not sure I'm replying correctly, but the OTList and Extras files follow.
Robert Arthur

OTListIt logfile created on: 1/9/2009 7:56:12 PM - Run 2
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Warren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 124.09 Mb Available Physical Memory | 24.72% Memory free
1.20 Gb Paging File | 0.87 Gb Available in Paging File | 72.88% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 5.64 Gb Free Space | 16.41% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJQYSF61
Current User Name: Warren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)
C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
C:\WINDOWS\SYSTEM32\wdfmgr.exe (Microsoft Corporation)
C:\WINDOWS\SYSTEM32\UAService7.exe ()
C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe (Sun Microsystems, Inc.)
C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
C:\WINDOWS\SYSTEM32\dla\tfswctrl.exe (Sonic Solutions)
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
C:\Program Files\Real\RealPlayer\realplay.exe (RealNetworks, Inc.)
C:\WINDOWS\SYSTEM32\rundll32.exe (Microsoft Corporation)
C:\WINDOWS\Ctregrun.exe (Creative Technology Ltd )
C:\Program Files\Creative\Product Registration\English\InetReg.exe (Creative Technology Ltd)
C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
C:\Program Files\Dell Support\DSAgnt.exe (Gteko Ltd.)
C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
C:\Program Files\Java\jre1.6.0_06\bin\jucheck.exe (Sun Microsystems, Inc.)
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
C:\Documents and Settings\Warren\Desktop\OTListIt2.exe (OldTimer Tools)

========== (O23) Win32 Services (SafeList) ==========

(Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
(aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
(Automatic LiveUpdate Scheduler [Auto | Running]) -- C:\Program Files\Symantec\LiveUpdate\AluSchedulerSvc.exe (Symantec Corporation)
(ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
(ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
(clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
(CLTNetCnService [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
(comHost [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe (Symantec Corporation)
(Creative Service for CDROM Access [Auto | Running]) -- C:\WINDOWS\SYSTEM32\CTSVCCDA.EXE (Creative Technology Ltd)
(gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
(IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe (Macrovision Corporation)
(iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
(LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_4.EXE (Symantec Corporation)
(LiveUpdate Notice [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCSVCHST.EXE (Symantec Corporation)
(NetSvc [On_Demand | Stopped]) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe (Intel® Corporation)
(NVSvc [Auto | Running]) -- C:\WINDOWS\SYSTEM32\nvsvc32.exe (NVIDIA Corporation)
(Symantec Core LC [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe ()
(Symantec RemoteAssist [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe (Symantec, Inc.)
(UMWdf [Auto | Running]) -- C:\WINDOWS\SYSTEM32\wdfmgr.exe (Microsoft Corporation)
(UserAccess7 [Auto | Running]) -- C:\WINDOWS\SYSTEM32\UAService7.exe ()

========== Driver Services (SafeList) ==========

(aeaudio [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\aeaudio.sys (Andrea Electronics Corporation)
(AliIde [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ALIIDE.SYS (Acer Laboratories Inc.)
(amdagp [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
(asc [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC.SYS (Advanced System Products, Inc.)
(asc3550 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ASC3550.SYS (Advanced System Products, Inc.)
(ASCTRM [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\asctrm.sys (Windows ® 2000 DDK provider)
(CmdIde [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\CMDIDE.SYS (CMD Technology, Inc.)
(COH_Mon [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\COH_Mon.sys (Symantec Corporation)
(CO_Mon [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\CO_Mon.sys (Symantec Corporation)
(dac2w2k [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\DAC2W2K.SYS (Mylex Corporation)
(drvmcdb [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvmcdb.sys (Sonic Solutions)
(drvnddm [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\drvnddm.sys (Sonic Solutions)
(E100B [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\e100b325.sys (Intel Corporation)
(eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
(EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
(GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\GEARAspiWDM.sys (GEAR Software Inc.)
(ialm [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ialmnt5.sys (Intel Corporation)
(IntelC51 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys (Intel Corporation)
(IntelC52 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys (Intel Corporation)
(IntelC53 [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys (Intel Corporation)
(Jukebox3 [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ctpdusb.sys (Creative Technology Ltd.)
(MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\MODEMCSA.sys (Microsoft Corporation)
(mohfilt [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys (Intel Corporation)
(mraid35x [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\MRAID35X.SYS (American Megatrends Inc.)
(NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090109.023\NAVENG.SYS (Symantec Corporation)
(NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090109.023\NAVEX15.SYS (Symantec Corporation)
(nv [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
(omci [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys (Dell Computer Corporation)
(Ptilink [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\PTILINK.SYS (Parallel Technologies, Inc.)
(PxHelp20 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\pxhelp20.sys (Sonic Solutions)
(ql1080 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1080.SYS (QLogic Corporation)
(ql12160 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL12160.SYS (QLogic Corporation)
(ql1280 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\QL1280.SYS (QLogic Corporation)
(Secdrv [Auto | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
(sisagp [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
(smwdm [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\smwdm.sys (Analog Devices, Inc.)
(Sparrow [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SPARROW.SYS (Adaptec, Inc.)
(SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
(SRTSP [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\srtsp.sys (Symantec Corporation)
(SRTSPL [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspl.sys (Symantec Corporation)
(SRTSPX [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\srtspx.sys (Symantec Corporation)
(sscdbhk5 [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\sscdbhk5.sys (Sonic Solutions)
(ssrtln [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ssrtln.sys (Sonic Solutions)
(symc810 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC810.SYS (Symbios Logic Inc.)
(symc8xx [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMC8XX.SYS (LSI Logic)
(SYMDNS [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symdns.sys (Symantec Corporation)
(SymEvent [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYMEVENT.SYS (Symantec Corporation)
(SYMFW [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symfw.sys (Symantec Corporation)
(SYMIDS [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symids.sys (Symantec Corporation)
(SYMIDSCO [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\SymcData\ipsdefs\20090102.001\SymIDSco.sys (Symantec Corporation)
(SymIM [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)
(SymIMMP [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SymIM.sys (Symantec Corporation)
(SYMNDIS [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symndis.sys (Symantec Corporation)
(SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symredrv.sys (Symantec Corporation)
(SYMTDI [System | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\symtdi.sys (Symantec Corporation)
(sym_hi [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_HI.SYS (LSI Logic)
(sym_u3 [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\SYM_U3.SYS (LSI Logic)
(tfsnboio [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnboio.sys (Sonic Solutions)
(tfsncofs [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsncofs.sys (Sonic Solutions)
(tfsndrct [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsndrct.sys (Sonic Solutions)
(tfsndres [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsndres.sys (Sonic Solutions)
(tfsnifs [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnifs.sys (Sonic Solutions)
(tfsnopio [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnopio.sys (Sonic Solutions)
(tfsnpool [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnpool.sys (Sonic Solutions)
(tfsnudf [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnudf.sys (Sonic Solutions)
(tfsnudfa [Auto | Running]) -- C:\WINDOWS\SYSTEM32\dla\tfsnudfa.sys (Sonic Solutions)
(ultra [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\ULTRA.SYS (Promise Technology, Inc.)
(USBAAPL [On_Demand | Stopped]) -- C:\WINDOWS\SYSTEM32\DRIVERS\usbaapl.sys (Apple, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



HKU\S-1-5-21-4044458177-1939813616-3949394798-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
HKU\S-1-5-21-4044458177-1939813616-3949394798-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
HKU\S-1-5-21-4044458177-1939813616-3949394798-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
HKU\S-1-5-21-4044458177-1939813616-3949394798-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.dell4me.com/myway
URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
HKU\S-1-5-21-4044458177-1939813616-3949394798-1007\S-1-5-21-4044458177-1939813616-3949394798-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

O1 HOSTS File: (848 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 5.0\Reader\ActiveX\AcroIEHelper.ocx ()
O2 - BHO: () - {4D25F921-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O2 - BHO: (Symantec Intrusion Prevention) - {6D53EC84-6AAE-4787-AEEE-F4628F01010C} - C:\Program Files\Common Files\Symantec Shared\IDS\IPSBHO.dll (Symantec Corporation)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_06\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Show Norton Toolbar) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key does not exist or could not be opened. File not found
O3 - HKCU\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O3 - HKU\S-1-5-21-4044458177-1939813616-3949394798-1007\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files\Common Files\Symantec Shared\coShared\Browser\2.6\CoIEPlg.dll (Symantec Corporation)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [CTRegRun] C:\WINDOWS\CTRegRun.EXE (Creative Technology Ltd )
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DSS] C:\WINDOWS\BBSTORE\DSS\DSSAGENT.EXE File not found
O4 - HKLM..\Run: [DVDLauncher] "C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe" (CyberLink Corp.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit (NVIDIA Corporation)
O4 - HKLM..\Run: [nwiz] nwiz.exe /install (NVIDIA Corporation)
O4 - HKLM..\Run: [osCheck] "C:\Program Files\Norton 360\osCheck.exe" (Symantec Corporation)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_06\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKCU..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKCU..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - HKU\S-1-5-21-4044458177-1939813616-3949394798-1007..\Run: [DellSupport] "C:\Program Files\Dell Support\DSAgnt.exe" /startup (Gteko Ltd.)
O4 - HKU\S-1-5-21-4044458177-1939813616-3949394798-1007..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background (Microsoft Corporation)
O4 - Startup: C:\Documents and Settings\Robert Arthur\Start Menu\Programs\Startup\PowerReg Scheduler.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-21-4044458177-1939813616-3949394798-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\WINDOWS\system32\GPhotos.scr/200
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_06\bin\npjpi160_06.dll (Sun Microsystems, Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\PLUGINS\NPDocBox.dll [2001/01/30 13:56:24 | 00,225,280 | ---- | M] (InterTrust Technologies Corporation, Inc.)
O15 - HKLM\..Trusted Sites: 41 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\.DEFAULT\..Trusted Sites: 40 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Sites: 40 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} http://download.mcaf...90/mcinsctl.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {6A344D34-5231-452A-8A57-D064AC9B7862} https://webdl.symant...ex/symdlmgr.cab (Symantec Download Manager)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://javadl.sun.co...?BundleId=21871 (Java Plug-in 1.6.0_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key does not exist or could not be opened.)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_03)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O18 - Protocol\Handler: - ipp - No CLSID value found
O18 - Protocol\Handler: - ipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp - No CLSID value found
O18 - Protocol\Handler: - msdaipp\0x00000001 - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler: - msdaipp\oledb - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - See sections below for AppInitDlls and Winlogon settings

========== Winlogon Notify Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\]
igfxcui: "DllName" = igfxsrvc.dll -- C:\WINDOWS\SYSTEM32\igfxsrvc.dll (Intel Corporation)

========== Safeboot Options ==========

"AlternateShell" = cmd.exe

========== CDRom AutoRun Settings ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Cdrom]
"AutoRun" = 1

========== Autorun Files on Drives ==========

AUTOEXEC.BAT []
C:\AUTOEXEC.BAT () -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/01/09 19:32:19 | 00,419,328 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Warren\Desktop\OTListIt2.exe
[2009/01/04 21:22:25 | 00,007,132 | ---- | C] () -- C:\Documents and Settings\Warren\Desktop\dark frigate paper.wpd
[2009/01/03 17:49:06 | 52,653,6704 | -HS- | C] () -- C:\hiberfil.sys
[2009/01/03 14:11:12 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Warren\Desktop\Drum Pad
[2009/01/02 15:42:21 | 00,000,000 | ---D | C] -- C:\Program Files\Scholastic
[2009/01/02 10:25:11 | 00,001,782 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
[2009/01/02 10:25:08 | 00,001,867 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Videora iPod touch Converter.lnk
[2009/01/01 18:23:32 | 00,142,336 | -HS- | C] () -- C:\Documents and Settings\Warren\My Documents\Thumbs.db
[2009/01/01 11:33:47 | 00,000,228 | ---- | C] () -- C:\Documents and Settings\Warren\Desktop\4475.rtf
[2008/12/30 08:21:37 | 00,151,666 | ---- | C] () -- C:\Documents and Settings\Warren\My Documents\Ranges.asp
[2008/12/30 08:21:37 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Warren\My Documents\Ranges_files
[2008/12/29 14:38:08 | 02,433,542 | ---- | C] () -- C:\Documents and Settings\Warren\Desktop\PowerBookG4_15in_DblLayerSuperDrive.pdf
[2008/12/26 15:07:56 | 00,138,365 | ---- | C] () -- C:\Documents and Settings\Warren\Desktop\enlarge_ablisiprofun.jpg
[2008/12/26 15:05:31 | 00,079,872 | ---- | C] () -- C:\Documents and Settings\Warren\Desktop\enlarge_FR0078.jpg
[2008/12/25 19:18:06 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2008/12/22 19:29:10 | 00,200,356 | ---- | C] () -- C:\Documents and Settings\Warren\My Documents\2003101_Fireback_5927.pdf
[2008/12/22 10:25:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Warren\My Documents\survfiles
[2008/12/20 12:57:32 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Warren\Application Data\Orbit
[2008/12/20 11:45:08 | 00,000,000 | ---D | C] -- C:\downloads
[2008/12/17 14:40:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Warren\Desktop\DSS_FLDB
[2008/12/17 14:40:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Warren\Desktop\DSS_FLDA
[2008/12/11 18:29:16 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft
[2008/12/11 18:28:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Documents\microsoft

========== Files - Modified Within 30 Days ==========

[10 C:\WINDOWS\System32\*.tmp files]
[5 C:\WINDOWS\*.tmp files]
[2009/01/09 19:32:19 | 00,419,328 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Warren\Desktop\OTListIt2.exe
[2009/01/09 19:20:01 | 00,028,560 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/01/09 19:19:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/01/09 19:19:11 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/01/09 19:19:07 | 52,653,6704 | -HS- | M] () -- C:\hiberfil.sys
[2009/01/08 09:55:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/01/05 17:17:14 | 06,396,000 | -H-- | M] () -- C:\Documents and Settings\Warren\Local Settings\Application Data\IconCache.db
[2009/01/04 22:54:21 | 00,007,132 | ---- | M] () -- C:\Documents and Settings\Warren\Desktop\dark frigate paper.wpd
[2009/01/03 08:14:08 | 00,176,264 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/01/02 18:32:55 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/01/02 10:25:11 | 00,001,782 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\YouTube Downloader App.lnk
[2009/01/02 10:25:08 | 00,001,867 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Videora iPod touch Converter.lnk
[2009/01/01 18:23:43 | 00,142,336 | -HS- | M] () -- C:\Documents and Settings\Warren\My Documents\Thumbs.db
[2009/01/01 11:33:47 | 00,000,228 | ---- | M] () -- C:\Documents and Settings\Warren\Desktop\4475.rtf
[2008/12/30 08:21:38 | 00,151,666 | ---- | M] () -- C:\Documents and Settings\Warren\My Documents\Ranges.asp
[2008/12/29 14:38:08 | 02,433,542 | ---- | M] () -- C:\Documents and Settings\Warren\Desktop\PowerBookG4_15in_DblLayerSuperDrive.pdf
[2008/12/26 15:07:56 | 00,138,365 | ---- | M] () -- C:\Documents and Settings\Warren\Desktop\enlarge_ablisiprofun.jpg
[2008/12/26 15:05:31 | 00,079,872 | ---- | M] () -- C:\Documents and Settings\Warren\Desktop\enlarge_FR0078.jpg
[2008/12/22 19:29:11 | 00,200,356 | ---- | M] () -- C:\Documents and Settings\Warren\My Documents\2003101_Fireback_5927.pdf
[2008/12/21 10:28:06 | 00,021,504 | ---- | M] () -- C:\Documents and Settings\Warren\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2008/12/13 17:56:42 | 00,000,848 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mshtml.dll
[2008/12/12 12:01:00 | 03,067,904 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mshtml.dll
[2008/12/12 03:03:57 | 00,001,393 | ---- | M] () -- C:\WINDOWS\imsins.BAK

========== Alternate Data Streams ==========

@Alternate Data Stream - 0 bytes -> %UserProfile%\My Documents\Thumbs.db:encryptable
< End of report >
OTListIt Extras logfile created on: 1/9/2009 7:35:59 PM - Run
OTListIt2 by OldTimer - Version 1.0.3.0 Folder = C:\Documents and Settings\Warren\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.07 Mb Total Physical Memory | 112.72 Mb Available Physical Memory | 22.45% Memory free
1.20 Gb Paging File | 0.86 Gb Available in Paging File | 71.46% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 5.64 Gb Free Space | 16.40% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DJQYSF61
Current User Name: Warren
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 0
"DoNotAllowExceptions" = 1
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0BDD3FAD-61CD-4BF3-B9C4-4CEFD43F53F8}" = Norton 360 HTMLHelp
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{206FD69B-F9FE-4164-81BD-D52552BC9C23}" = GearDrvs
"{21829177-4DED-4209-AD08-490B3AC9C01A}" = Norton 360
"{24DF7221-644B-4C3A-A478-459502D40522}" = Backup
"{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{41B9E2CF-0B3F-442A-B5B3-592A4A355634}" = iTunes
"{45690715-80A6-4445-B61D-ADEC5888E8CD}" = Symantec Technical Support Controls
"{48FF6DE6-0619-4562-B4B1-21F161FE0DE0}" = Symantec Technical Support Advanced Chat Controls
"{55A6283C-638A-4EE0-B491-51118554BDA2}" = Norton Confidential Core
"{57F0ED40-8F11-41AA-B926-4A66D0D1A9CC}" = Microsoft Office Live Add-in 1.3
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{72DF62BD-FF36-424E-AA5F-D89BAFF2C249}" = RollerCoaster Tycoon 2
"{77312684-D3DF-4E00-A583-813FF9FFB4FB}" = G15A922EN
"{77772678-817F-4401-9301-ED1D01A8DA56}" = SPBBC 32bit
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7BF68B83-5057-4D4B-0093-28285EEB9EE3}" = Harry Potter II
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{8984E374-6C93-427C-A3B9-AD92472FDCA0}" = Windows Live Sign-in Assistant
"{8DC42D05-680B-41B0-8878-6C14D24602DB}" = QuickTime
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90AF0409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office PowerPoint Viewer 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{9EC326C0-AC8E-43B1-8647-9A6FB27AC90A}" = SymNet
"{A698E8D4-46A3-48E7-89B3-FB3A7E914F66}" = Time to Ride
"{AA9768AA-FF0B-4C66-A085-31E934F77841}" = Apple Mobile Device Support
"{AA9D879B-0F98-4059-85A5-D05718A1D6F7}" = Creative ZEN V Series
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B24E05CC-46FF-4787-BBB8-5CD516AFB118}" = ccCommon
"{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}" = Creative MediaSource 5
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D6E6FA4A-5445-4850-8365-CF216C1CBB7A}" = Symantec Real Time Storage Protection Component
"{D944236D-7992-41D6-8257-930B5832F1CC}" = Creative Zen Micro
"{E5A260BE-B192-4CC2-AFCD-043C8167C4FE}" = AdwareAlert
"{E80F62FF-5D3C-4A19-8409-9721F2928206}" = LiveUpdate (Symantec Corporation)
"{EFB5B3B5-A280-4E25-BE1C-634EEFE32C1B}" = AppCore
"Adobe Acrobat 5.0" = Adobe Acrobat 5.0
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player
"AudibleManager" = AudibleManager
"AviSynth" = AviSynth 2.5
"ClueFinders® 4th Grade Adventures" = ClueFinders® 4th Grade Adventures
"Creative Audio Pack" = Creative Audio Pack
"Creative Jukebox Driver" = Creative Jukebox Driver
"Creative Removable Disk Manager" = Creative Removable Disk Manager
"DellSupport" = Dell Support 5.0.0 (630)
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JSSPAN" = JumpStart Spanish
"Math Blaster Ages 8-9" = Math Blaster Ages 8-9
"Mavis Beacon Teaches Typing 16" = Mavis Beacon Teaches Typing 16
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mighty Math Astro Algebra" = Mighty Math Astro Algebra (Remove only)
"Mozilla Firefox (2.0.0.20)" = Mozilla Firefox (2.0.0.20)
"Myst Masterpiece Edition" = Myst Masterpiece Edition
"MyWaySearchAssistantDE" = My Way Search Assistant
"NVIDIA Drivers" = NVIDIA Drivers
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"PsuedoLiveUpdate" = LiveUpdate (Symantec Corporation)
"QuickTime32" = QuickTime for Windows (32-bit)
"Reader Rabbit Math Ages 6-9" = Reader Rabbit Math Ages 6-9
"RealPlayer 6.0" = RealPlayer Basic
"RollerCoaster Tycoon Setup" = Roll
"Scholastic's I SPY Spooky Mansion" = Scholastic's I SPY Spooky Mansion
"Spanish To Go v1.2" = Spanish To Go v1.2
"Strategy Challenges 1" = Strategy Challenges 1
"StreetPlugin" = Learn2 Player (Uninstall Only)
"SymSetup.{2D617065-1C52-4240-B5BC-C0AE12157777}" = Norton 360 (Symantec Corporation)
"SysInfo" = Creative System Information
"The ClueFinders 5th Grade Adventures" = The ClueFinders 5th Grade Adventures
"Videora iPod touch Converter" = Videora iPod touch Converter 4.04
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"YouTube Downloader App" = YouTube Downloader App 1.01
"ZENcast Organizer" = ZENcast Organizer
"Zoo Tycoon 1.0" = Microsoft Zoo Tycoon

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 1/3/2009 1:13:37 PM | Computer Name = DJQYSF61 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module unknown, version 0.0.0.0, fault address 0x00000000.

Error - 1/3/2009 1:14:01 PM | Computer Name = DJQYSF61 | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.8.20081.21709, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 1/4/2009 8:28:14 PM | Computer Name = DJQYSF61 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.8.20081.21709, faulting
module js3250.dll, version 4.0.0.0, fault address 0x00032ba3.

[ System Events ]
Error - 1/2/2009 1:52:16 PM | Computer Name = DJQYSF61 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001111AA2601 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/3/2009 10:57:05 AM | Computer Name = DJQYSF61 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001111AA2601 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/3/2009 2:49:17 PM | Computer Name = DJQYSF61 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001111AA2601 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).

Error - 1/4/2009 11:30:54 AM | Computer Name = DJQYSF61 | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.

Error - 1/4/2009 11:30:54 AM | Computer Name = DJQYSF61 | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.

Error - 1/4/2009 11:30:54 AM | Computer Name = DJQYSF61 | Source = Service Control Manager | ID = 7034
Description = The Symantec Lic NetConnect service service terminated unexpectedly.
It has done this 1 time(s).

Error - 1/4/2009 11:30:54 AM | Computer Name = DJQYSF61 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate Notice service terminated unexpectedly. It has done
this 1 time(s).

Error - 1/4/2009 12:05:02 PM | Computer Name = DJQYSF61 | Source = Service Control Manager | ID = 7031
Description = The Symantec Event Manager service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 200 milliseconds:
Restart the service.

Error - 1/4/2009 12:05:02 PM | Computer Name = DJQYSF61 | Source = Service Control Manager | ID = 7031
Description = The Symantec Settings Manager service terminated unexpectedly. It
has done this 1 time(s). The following corrective action will be taken in 100
milliseconds: Restart the service.

Error - 1/8/2009 10:55:22 AM | Computer Name = DJQYSF61 | Source = Dhcp | ID = 1002
Description = The IP address lease 192.168.2.2 for the Network Card with network
address 001111AA2601 has been denied by the DHCP server 192.168.2.1 (The DHCP Server
sent a DHCPNACK message).


< End of report >
  • 0

#4
Gravity Gripp
Posted 09 January 2009 - 10:37 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
First, let me say thank you for your donation. It is very much appreciated. :) You machine overall doesn't look bad. I'd like to get a couple more scans to make sure that nothing is hiding from us. We'll see what we get with these logs. And you posted correctly.

STEP ONE
Please go to Start > Control Panel > Add/Remove Programs and remove the following (if present):

My Way Search Assistant


Please note any other programs that you dont recognize in that list in your next response

STEP TWO
Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

STEP THREE

Please do an online scan with Kaspersky WebScanner

Click on Accept

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Edited by Gravity Gripp, 09 January 2009 - 10:56 PM.

  • 0

#5
RobertArthur
Posted 10 January 2009 - 03:04 PM

RobertArthur

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Gravity Gripp,
MBAM ran, but before running Kaspersky, have questions;

Was not able to remove MyWaySearchAssistant as you requested through Add/Remove Programs. Received this notice;

RUNDLL

Error Loading C.\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll

The specified module could not be found.

OK to proceed?

And, Kaspersky program advises to turn off any other anti-virus program first.

Does this include Norton and the Windows security ?

Thank you, R. Arthur
  • 0

#6
Gravity Gripp
Posted 11 January 2009 - 08:21 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Robert,

1) If you would, please post the log you received from Malwarebytes.
2) Go ahead and proceed to remove MyWaySearch and I'll take care of the rest of it.
3) That would include Norton, but I believe the Windows Security that you are referring to is what Windows has built-in to detect if you have anti-virus protection.

Please post the Kaspersky log when it has finished scanning.
  • 0

#7
RobertArthur
Posted 12 January 2009 - 07:18 AM

RobertArthur

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Gravity,
I misspoke; MyWaySearch appears in the list "populated" by Add/Remove Programs,
but the following message appears........

RUNDLL
Error Loading C.\PROGRA~1\MyWaySA\SrchAsDe\1.bin\desrcas.dll
The specified module could not be found.

I wrote, "OK to proceed?" for some reason when I saw the OK button. Sorry.

MyWaySearch, or nothing like it,can be located through Search.

Also, I can't remove the Norton or Symantec files....Access Denied messages.
So, I will wait to run the Kaspersky scan. I'm not clear yet whether it's ok to run with Norton running.
Thank you, R. Arthur


Malwarebytes' Anti-Malware 1.32
Database version: 1638
Windows 5.1.2600 Service Pack 3

1/12/2009 8:13:40 AM
mbam-log-2009-01-12 (08-13-40).txt

Scan type: Quick Scan
Objects scanned: 59042
Time elapsed: 5 minute(s), 49 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#8
Gravity Gripp
Posted 12 January 2009 - 08:08 AM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
I may have not been clear, my apologies for that. To run Kaspersky, they recommend that you disable other anti-virus products because what will happen is that both scanners (Kaspersky and Norton, in this case) will try to scan the same file at the same time. While this is OK, it will greatly increase the time it takes for the scan and it will more than likely make your computer unusably slow. To disable Norton, just right click on the Norton icon in your system tray and choose disable.
  • 0

#9
RobertArthur
Posted 12 January 2009 - 06:58 PM

RobertArthur

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Mr. Gripp,
I didn't save the Kaspersky scan report "as text." But here are the results.

File name Threat name Threats count
C:\setupxv.exe Infected: not-a-virus:FraudTool.Win32.SpywareBot.ad 1
C:\setupxv.exe Infected: not-a-virus:FraudTool.Win32.AntiSpyware.fw 1
C:\setupxv.exe Infected: not-a-virus:FraudTool.Win32.SpywareStop.dj 1


There's been no sign of that malware since.
Thank you, R. Arthur
  • 0

#10
Gravity Gripp
Posted 12 January 2009 - 07:36 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Alright, that looks good :)

STEP ONE
Please download the OTMoveIt3 by OldTimer.
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :processes
explorer.exe

:files
C:\setupxv.exe

:commands
[purity]
[emptytemp]
[start explorer]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.
  • 0

#11
RobertArthur
Posted 13 January 2009 - 02:21 PM

RobertArthur

    New Member

  • Topic Starter
  • Member
  • Pip
  • 6 posts
Mr. Gripp,
The OTMoveIt3 program made it's own Notepad file:
Thank you, R.Arthur

========== PROCESSES ==========
Process explorer.exe killed successfully.
========== FILES ==========
C:\setupxv.exe moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Warren\LOCALS~1\Temp\etilqs_8nba9Axg0tGc2ndxFb9J scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Temporary Internet Files folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\JET8CAF.tmp scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_6bc.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\C3704266d01 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.8.0 log created on 01132009_150904

Files moved on Reboot...
File C:\DOCUME~1\Warren\LOCALS~1\Temp\etilqs_8nba9Axg0tGc2ndxFb9J not found!
File move failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\INDEX.DAT scheduled to be moved on reboot.
File C:\WINDOWS\temp\JET8CAF.tmp not found!
C:\WINDOWS\temp\Perflib_Perfdata_6bc.dat moved successfully.
File C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\C3704266d01 not found!
C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Warren\Local Settings\Application Data\Mozilla\Firefox\Profiles\2ea6n5cl.default\XUL.mfl moved successfully.
  • 0

#12
Gravity Gripp
Posted 13 January 2009 - 02:34 PM

Gravity Gripp

    Trusted Helper

  • Malware Removal
  • 1,813 posts
Alright, that looks good. Unless you are having any more issues, let's clean up and you're done.

STEP ONE - Cleanup
  • Make sure you have an Internet Connection.
  • Double-click OTMoveIt3.exe to run it. (Vista users, please right click on OTMoveit3.exe and select "Run as an Administrator")
  • Click on the CleanUp! button
  • A list of tool components used in the Cleanup of malware will be downloaded.
  • If your Firewall or Real Time protection attempts to block OtMoveit2 to reach the Internet, please allow the application to do so.
  • Click Yes to begin the Cleanup process and remove these components, including this application.
  • You will be asked to reboot the machine to finish the Cleanup process. If you are asked to reboot the machine choose Yes.


STEP TWO - Reset Restore Points
To reset your restore points, please note that you will need to log into your computer with an account which has full administrator access. You will know if the account has administrator access because you will be able to see the System Restore tab. If the tab is missing, you are logged in under a limited account.

(Windows XP)
1. Turn off System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
Check Turn off System Restore.
Click Apply, and then click OK.

2. Reboot.

3. Turn ON System Restore.
On the Desktop, right-click My Computer.
Click Properties.
Click the System Restore tab.
UN-Check *Turn off System Restore*.
Click Apply, and then click OK.


And lastly, just some information for you. The following is a list of articles and tools that I like to recommend to people before they head out.
First, and most importantly is to keep your PC up-to-date with the latest patches from Microsoft. Make sure that you have auto updates turned on also. You will be informed if it is turned on or off when you visit the website below.
Next, I'd like to discuss malware prevention with you. As I said, the first step is to keep Windows up-to-date, but that isn't always enough. You also have to be aware of the sites you visit. Questionable and illegal sites almost always try to infect your machine. Even if you have anti-virus and a firewall, you can still get infected from these sites. It's best to just avoid them all together.

Also, when surfing the web, be careful of popups and do NOT click on a popup. If you get a popup for anti-virus or anti-spyware software, NEVER download it and NEVER buy it, it is nothing more than just more spyware. Also, these are a couple of great programs to help prevent malware infections. Instead of being reactive they are proactive.
While discussing browsing habits, I like to recommend to everyone to use an alternate web browser called Mozilla Firefox. My personal feeling is that Internet Explorer just doesn't fit the bill when coming to security. I have been using Firefox for several years now and have never had issues with it.
Another avenue for malware in recent years has been Peer-To-Peer (P2P) applications, programs like Kazaa, Limewire, and even BitTorrent programs can spread malware. You have to be very weary of what you download from these applications as a lot of time they are infected also. Here is a very good article from Microsoft about the dangers of P2P.
Now, every now and again the Windows operating systems just gets slow and needs to be cleaned up. The follow is an article by Miekiemoes that gives very good information on how to speed up your PC when it's not malware related.
Also, I would just like to thank you for coming by Geeks-To-Go and I'm glad we could lend you a hand. :)
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Forum
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP