Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Google Searches Redirected [Solved]


  • This topic is locked This topic is locked

#1
Mandee!

Mandee!

    Member

  • Member
  • PipPip
  • 10 posts
I noticed a few days ago that all of my google searches in Firefox were being redirected to websites that I did not click on. Then Firefox started crashing all the time. Today, I noticed that the same thing is happening to my Internet Explorer.

Here is my HijackThis log. I know other users are having this problem as well and I tried to fix it on my own, but I need a little bit more instruction! Thank you so much in advance. :]

---------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 1:49:22 PM, on 4/8/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v8.00 (8.00.6001.18702)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\WINDOWS\runservice.exe
C:\WINDOWS\system32\LxrSII1s.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Digital Media Reader\readericon45G.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\WINDOWS\explorer.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Last.fm\LastFM.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Microsoft Office\Office12\WINWORD.EXE
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://us.mcafee.com...mp;affid=370-16
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: AcroIEHelperStub - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.0.926.3450\swg.dll
O2 - BHO: Google Dictionary Compression sdch - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll
O3 - Toolbar: Veoh Browser Plug-in - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll
O3 - Toolbar: &Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [Alcmtr] ALCMTR.EXE
O4 - HKLM\..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE
O4 - HKLM\..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe
O4 - HKLM\..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall
O4 - HKLM\..\Run: [QuickCare2.2] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [realtecks] "C:\Documents and Settings\Mandee\Application Data\Google\wcwdu16814728.exe" 2
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKUS\S-1-5-18\..\Run: [Power2GoExpress] NA (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [Power2GoExpress] NA (User 'Default user')
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5 Control) - http://upload.facebo...toUploader5.cab
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} (TTestGenXInstallObject) - http://asp.mathxl.co...GenXInstall.cab
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} (Pearson Installation Assistant 2) - http://asp.mathxl.co...nstallAsst2.cab
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} (Pearson MyEconLab Player Control) - http://asp.mathxl.co.../EconPlayer.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: AOL TopSpeed Monitor (AOL TopSpeedMonitor) - America Online, Inc - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Symantec AntiVirus Definition Watcher (DefWatch) - Symantec Corporation - C:\Program Files\Symantec AntiVirus\DefWatch.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: Lexar Secure II (LxrSII1s) - Unknown owner - C:\WINDOWS\SYSTEM32\LxrSII1s.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: SAVRoam (SavRoam) - symantec - C:\Program Files\Symantec AntiVirus\SavRoam.exe
O23 - Service: Symantec Network Drivers Service (SNDSrvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe
O23 - Service: Symantec SPBBCSvc (SPBBCSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
O23 - Service: SupportSoft Listener Service (sprtlisten) - SupportSoft, Inc. - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
O23 - Service: SupportSoft RemoteAssist - SupportSoft, Inc. - C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe
O23 - Service: Symantec AntiVirus - Symantec Corporation - C:\Program Files\Symantec AntiVirus\Rtvscan.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
  • 0

Advertisements


#2
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Please Click here!, and follow the recommendations in the guide.

Someone will be along to tell you what steps to take after you post the contents of the scan results.
  • 0

#3
Mandee!

Mandee!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
MALWAREBYTES LOG:

Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/15/2009 12:41:26 PM
mbam-log-2009-04-15 (12-41-26).txt

Scan type: Quick Scan
Objects scanned: 81250
Time elapsed: 13 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\realtecks (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

_______________________________________

ROOTER LOG:

Microsoft Windows XP Professional (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:148522 Mo/Free:1018 Mo)
D:\ [Fixed] - FAT32 - (Total:4094 Mo/Free:2437 Mo)
F:\ [Removable] (Total:0 Mo/Free:0 Mo)
G:\ [Removable] (Total:0 Mo/Free:0 Mo)
H:\ [Removable] (Total:0 Mo/Free:0 Mo)
I:\ [Removable] (Total:0 Mo/Free:0 Mo)
J:\ [Removable] (Total:76088 Mo/Free:3887 Mo)

Wed 04/15/2009|13:46

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
---------- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe
---------- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Symantec AntiVirus\DefWatch.exe
---------- C:\WINDOWS\eHome\ehRecvr.exe
---------- C:\WINDOWS\eHome\ehSched.exe
---------- C:\WINDOWS\runservice.exe
---------- C:\WINDOWS\system32\LxrSII1s.exe
---------- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
---------- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
---------- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Symantec AntiVirus\Rtvscan.exe
---------- C:\Program Files\Viewpoint\Common\ViewpointService.exe
---------- C:\WINDOWS\ehome\mcrdsvc.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\WINDOWS\system32\Ati2evxx.exe
---------- C:\WINDOWS\system32\dllhost.exe
---------- C:\WINDOWS\system32\wuauclt.exe
---------- C:\WINDOWS\ehome\ehtray.exe
---------- C:\Program Files\Digital Media Reader\readericon45G.exe
---------- C:\WINDOWS\RTHDCPL.EXE
---------- C:\Program Files\Common Files\Symantec Shared\ccApp.exe
---------- C:\PROGRA~1\SYMANT~1\VPTray.exe
---------- C:\WINDOWS\eHome\ehmsas.exe
---------- C:\WINDOWS\explorer.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!



1 - "C:\Rooter$\Rooter_1.txt" - Wed 04/15/2009|13:47

----------------------\\ Scan completed at 13:47

________________________________________________________

OTLI LOG:

OTListIt logfile created on: 4/15/2009 1:49:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mandee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

366.91 Mb Total Physical Memory | 53.08 Mb Available Physical Memory | 14.47% Memory free
885.84 Mb Paging File | 466.07 Mb Available in Paging File | 52.61% Paging File free
Paging file location(s): C:\pagefile.sys 552 1104;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.04 Gb Total Space | 84.99 Gb Free Space | 58.60% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.38 Gb Free Space | 59.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 74.31 Gb Total Space | 55.80 Gb Free Space | 75.09% Space Free | Partition Type: FAT32

Computer Name: YOUR-2479443122
Current User Name: Mandee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
PRC - C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe (America Online Inc)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\WINDOWS\runservice.exe ()
PRC - C:\WINDOWS\system32\LxrSII1s.exe ()
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
PRC - C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
PRC - C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
PRC - C:\WINDOWS\RTHDCPL.EXE (Realtek Semiconductor Corp.)
PRC - C:\Program Files\Common Files\Symantec Shared\ccApp.exe (Symantec Corporation)
PRC - C:\Program Files\Symantec AntiVirus\VPTray.exe (Symantec Corporation)
PRC - C:\WINDOWS\eHome\ehmsas.exe (Microsoft Corporation)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\Mandee\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (Adobe LM Service [On_Demand | Stopped]) -- C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe (Adobe Systems)
SRV - (AOL TopSpeedMonitor [Auto | Running]) -- C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe (America Online, Inc)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (ATI Smart [Auto | Stopped]) -- C:\WINDOWS\system32\ati2sgag.exe ()
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (ccEvtMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe (Symantec Corporation)
SRV - (ccSetMgr [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe (Symantec Corporation)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DefWatch [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\DefWatch.exe (Symantec Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (LicCtrlService [Auto | Running]) -- C:\WINDOWS\runservice.exe ()
SRV - (LiveUpdate [On_Demand | Stopped]) -- C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE (Symantec Corporation)
SRV - (LxrSII1s [Auto | Running]) -- C:\WINDOWS\system32\LxrSII1s.exe ()
SRV - (McrdSvc [Auto | Running]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (Mcsagpted [Disabled | Stopped]) -- File not found
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (Microsoft Office Groove Audit Service [On_Demand | Stopped]) -- C:\Program Files\Microsoft Office\Office12\GrooveAuditService.exe (Microsoft Corporation)
SRV - (odserv [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\OFFICE12\ODSERV.EXE (Microsoft Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SavRoam [On_Demand | Stopped]) -- C:\Program Files\Symantec AntiVirus\SavRoam.exe (symantec)
SRV - (SNDSrvc [On_Demand | Stopped]) -- C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe (Symantec Corporation)
SRV - (SPBBCSvc [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe (Symantec Corporation)
SRV - (sprtlisten [Auto | Running]) -- C:\Program Files\Common Files\supportsoft\bin\sprtlisten.exe (SupportSoft, Inc.)
SRV - (SupportSoft RemoteAssist [On_Demand | Stopped]) -- C:\Program Files\Common Files\SupportSoft\bin\ssrc.exe (SupportSoft, Inc.)
SRV - (Symantec AntiVirus [Auto | Running]) -- C:\Program Files\Symantec AntiVirus\Rtvscan.exe (Symantec Corporation)
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (eeCtrl [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\eeCtrl.sys (Symantec Corporation)
DRV - (EraserUtilRebootDrv [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys (Symantec Corporation)
DRV - (GEARAspiWDM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LxrSII1d [Auto | Running]) -- C:\WINDOWS\system32\Drivers\LxrSII1d.sys ()
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (NAVENG [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090415.003\NAVENG.SYS (Symantec Corporation)
DRV - (NAVEX15 [On_Demand | Running]) -- C:\Program Files\Common Files\Symantec Shared\VirusDefs\20090415.003\NAVEX15.SYS (Symantec Corporation)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (P1110VID [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\P1110VID.sys (Creative Technology Ltd.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (RTL8023xp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\Rtnicxp.sys (Realtek Semiconductor Corporation )
DRV - (rtl8139 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\RTL8139.SYS (Realtek Semiconductor Corporation)
DRV - (s616bus [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616bus.sys (MCCI Corporation)
DRV - (s616mdfl [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdfl.sys (MCCI Corporation)
DRV - (s616mdm [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mdm.sys (MCCI Corporation)
DRV - (s616mgmt [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616mgmt.sys (MCCI Corporation)
DRV - (s616obex [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\s616obex.sys (MCCI Corporation)
DRV - (SAVRT [System | Running]) -- C:\Program Files\Symantec AntiVirus\savrt.sys (Symantec Corporation)
DRV - (SAVRTPEL [System | Running]) -- C:\Program Files\Symantec AntiVirus\Savrtpel.sys (Symantec Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (SPBBCDrv [System | Running]) -- C:\Program Files\Common Files\Symantec Shared\SPBBC\SPBBCDrv.sys (Symantec Corporation)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (SymEvent [On_Demand | Running]) -- C:\Program Files\Symantec\SYMEVENT.SYS (Symantec Corporation)
DRV - (SYMREDRV [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\SYMREDRV.SYS (Symantec Corporation)
DRV - (SYMTDI [System | Running]) -- C:\WINDOWS\System32\Drivers\SYMTDI.SYS (Symantec Corporation)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (USBAAPL [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\usbaapl.sys (Apple, Inc.)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = about:blank
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = *.local

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "about:blank"
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20081203
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.0.071101000055
FF - prefs.js..extensions.enabledItems: {0a9de085-6dc7-4bc8-b718-2b6b0921458d}:0.1
FF - prefs.js..extensions.enabledItems: [email protected]:1.3
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.8
FF - prefs.js..keyword.URL: "http://www.ask.com/w...01447&l=dis&q="


FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/06 11:13:02 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/03 01:50:28 | 00,000,000 | ---D | M]

[2008/06/24 20:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mandee\Application Data\mozilla\Extensions
[2008/06/24 20:10:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mandee\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/14 19:15:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mandee\Application Data\mozilla\Firefox\Profiles\e4j0z96t.default\extensions
[2008/07/29 23:59:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mandee\Application Data\mozilla\Firefox\Profiles\e4j0z96t.default\extensions\{0a9de085-6dc7-4bc8-b718-2b6b0921458d}
[2008/12/16 22:19:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mandee\Application Data\mozilla\Firefox\Profiles\e4j0z96t.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/03/23 11:46:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Mandee\Application Data\mozilla\Firefox\Profiles\e4j0z96t.default\extensions\[email protected]
[2009/04/08 11:34:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/03/26 14:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 14:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 13:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 13:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 13:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 13:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 13:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 13:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 13:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (Groove GFS Browser Helper) - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (Windows Live Sign-in Helper) - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll (Microsoft Corporation)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_219B3E1547538286.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\windows\system32\BAE.dll (Gateway Inc.)
O3 - HKLM\..\Toolbar: (&Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKLM\..\Toolbar: (Veoh Browser Plug-in) - {D0943516-5076-4020-A3B5-AEFAF26AB263} - C:\Program Files\Veoh Networks\Veoh\Plugins\reg\VeohToolbar.dll (Veoh Networks Inc)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll ()
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [Alcmtr] ALCMTR.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe" (Symantec Corporation)
O4 - HKLM..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe (Microsoft Corporation)
O4 - HKLM..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" (Microsoft Corporation)
O4 - HKLM..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe" (Apple Inc.)
O4 - HKLM..\Run: [MSKDetectorExe] C:\Program Files\McAfee\SpamKiller\MSKDetct.exe /uninstall File not found
O4 - HKLM..\Run: [QuickCare2.2] C:\Program Files\Qwest\QuickCare\bin\sprtcmd.exe /P QuickCare2.2 (SupportSoft, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [readericon] C:\Program Files\Digital Media Reader\readericon45G.exe (Alcor Micro, Corp.)
O4 - HKLM..\Run: [Recguard] %WINDIR%\SMINST\RECGUARD.EXE ()
O4 - HKLM..\Run: [Reminder] %WINDIR%\Creator\Remind_XP.exe (SoftThinks)
O4 - HKLM..\Run: [RTHDCPL] RTHDCPL.EXE (Realtek Semiconductor Corp.)
O4 - HKLM..\Run: [vptray] C:\PROGRA~1\SYMANT~1\VPTray.exe (Symantec Corporation)
O4 - HKCU..\Run: [] File not found
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [flags] Reg Error: Invalid data type. File not found
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000 (Microsoft Corporation)
O9 - Extra Button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files\Microsoft Office\Office12\ONBttnIE.dll (Microsoft Corporation)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\Office12\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {37A273C2-5129-11D5-BF37-00A0CCE8754B} http://asp.mathxl.co...GenXInstall.cab (TTestGenXInstallObject)
O16 - DPF: {95D88B35-A521-472B-A182-BB1A98356421} http://asp.mathxl.co...nstallAsst2.cab (Pearson Installation Assistant 2)
O16 - DPF: {EEC9DBCC-04AD-4A1B-BEA7-C6DAD9515D5A} http://asp.mathxl.co.../EconPlayer.cab (Pearson MyEconLab Player Control)
O18 - Protocol\Handler\grooveLocalGWS {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\Program Files\Microsoft Office\Office12\GrooveSystemServices.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-help {314111c7-a502-11d2-bbca-00c04f8ec294} - C:\Program Files\Common Files\Microsoft Shared\Help\hxds.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE12\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\NavLogon: DllName - C:\WINDOWS\system32\NavLogon.dll - C:\WINDOWS\system32\NavLogon.dll (Symantec Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {B5A7F190-DDA6-4420-B3BA-52453494E6CD} - C:\Program Files\Microsoft Office\Office12\GrooveShellExtensions.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O33 - MountPoints2\{03ee7943-ea3b-11da-a989-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{03ee7943-ea3b-11da-a989-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\Shell - "" = AutoRun
O33 - MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
O33 - MountPoints2\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[1 C:\DOCUME~1\ALLUSE~1\Application Data\*.tmp files]
[23 C:\DOCUME~1\Mandee\My Documents\*.tmp files]
[2009/04/15 13:48:23 | 00,501,248 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\Mandee\Desktop\OTListIt2.exe
[2009/04/15 13:46:43 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/04/15 13:46:31 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\Mandee\Desktop\Rooter.exe
[2009/04/15 12:25:59 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mandee\Application Data\Malwarebytes
[2009/04/15 12:25:55 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/15 12:25:54 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/15 12:25:51 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/15 12:25:49 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\Malwarebytes
[2009/04/15 12:25:48 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/15 12:24:35 | 02,967,800 | ---- | C] (Malwarebytes Corporation ) -- C:\DOCUME~1\Mandee\Desktop\mbam-setup.exe
[2009/04/15 12:23:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/04/15 12:23:10 | 00,000,611 | ---- | C] () -- C:\DOCUME~1\Mandee\Desktop\NTREGOPT.lnk
[2009/04/15 12:23:10 | 00,000,592 | ---- | C] () -- C:\DOCUME~1\Mandee\Desktop\ERUNT.lnk
[2009/04/15 12:23:07 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/04/15 12:22:48 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\DOCUME~1\Mandee\Desktop\erunt_setup.exe
[2009/04/15 12:20:22 | 00,021,504 | ---- | C] (Doug Knox) -- C:\DOCUME~1\Mandee\Desktop\SysRestorePoint.exe
[2009/04/08 13:48:46 | 00,001,734 | ---- | C] () -- C:\DOCUME~1\Mandee\Desktop\HijackThis.lnk
[2009/04/08 13:48:44 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/08 13:48:13 | 00,000,000 | ---D | C] -- C:\Program Files\HijackThis
[2009/04/08 13:33:09 | 00,000,000 | ---D | C] -- C:\fixwareout
[2009/04/08 13:31:57 | 00,486,449 | ---- | C] ( ) -- C:\DOCUME~1\Mandee\Desktop\Fixwareout.exe
[2009/04/06 11:29:59 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Mandee\Desktop\GooredFixBackups
[2009/04/06 11:04:27 | 00,094,208 | ---- | C] () -- C:\DOCUME~1\Mandee\Desktop\GooredFix.exe
[2009/04/03 01:50:35 | 00,001,602 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/04/03 01:25:17 | 00,000,000 | -H-D | C] -- C:\WINDOWS\ie8
[2009/04/02 11:04:38 | 00,153,221 | ---- | C] () -- C:\DOCUME~1\Mandee\My Documents\20090424flyerweb.jpg
[2009/03/28 14:56:18 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Mandee\My Documents\Mesa
[2009/03/25 11:59:22 | 02,835,078 | ---- | C] () -- C:\DOCUME~1\Mandee\My Documents\RCI.jpg
[2009/03/25 11:58:52 | 36,566,416 | ---- | C] () -- C:\DOCUME~1\Mandee\My Documents\RCI.psd
[2009/03/23 11:48:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Mandee\Application Data\Move Networks
[2009/03/19 00:53:13 | 00,000,000 | ---D | C] -- C:\Program Files\iPod
[2009/03/19 00:52:18 | 00,000,000 | ---D | C] -- C:\DOCUME~1\ALLUSE~1\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/03/19 00:49:41 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/03/19 00:47:27 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/01/06 10:14:10 | 00,002,170 | ---- | C] () -- C:\WINDOWS\BlacBox2.INI
[2007/08/30 23:00:45 | 00,000,036 | ---- | C] () -- C:\WINDOWS\webica.ini
[2007/02/16 17:24:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\vpc32.INI
[2007/01/17 00:30:37 | 00,000,723 | ---- | C] () -- C:\WINDOWS\GMUD32.INI
[2007/01/17 00:25:55 | 00,000,561 | -HS- | C] () -- C:\WINDOWS\System32\mmf.sys
[2007/01/17 00:25:54 | 00,045,056 | ---- | C] () -- C:\WINDOWS\mmfs.dll
[2006/08/19 23:37:08 | 01,592,316 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/08/14 23:51:38 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/08/14 19:57:41 | 00,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/08/14 19:45:12 | 00,000,221 | ---- | C] () -- C:\WINDOWS\HP_RedboxHprblog_HPSU.ini
[2006/08/13 20:23:51 | 00,070,016 | ---- | C] () -- C:\WINDOWS\System32\drivers\LxrSII1d.sys
[2006/08/13 19:26:45 | 00,077,824 | R--- | C] () -- C:\WINDOWS\System32\hpzids01.dll
[2006/04/26 11:10:16 | 00,135,168 | ---- | C] () -- C:\WINDOWS\System32\RtlCPAPI.dll
[2006/04/26 11:05:41 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/08/06 00:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 12:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 18:49:16 | 00,001,386 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 18:49:16 | 00,000,468 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 18:48:33 | 00,001,034 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 18:48:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini

========== Files - Modified Within 30 Days ==========

[5 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[1 C:\DOCUME~1\ALLUSE~1\Application Data\*.tmp files]
[23 C:\DOCUME~1\Mandee\My Documents\*.tmp files]
[2009/04/15 13:48:25 | 00,501,248 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\Mandee\Desktop\OTListIt2.exe
[2009/04/15 13:46:33 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\Mandee\Desktop\Rooter.exe
[2009/04/15 13:44:32 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/15 13:33:56 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/15 13:33:02 | 00,000,561 | -HS- | M] () -- C:\WINDOWS\System32\mmf.sys
[2009/04/15 13:32:22 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/15 13:32:10 | 38,479,8720 | -HS- | M] () -- C:\hiberfil.sys
[2009/04/15 12:25:55 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/15 12:25:05 | 02,967,800 | ---- | M] (Malwarebytes Corporation ) -- C:\DOCUME~1\Mandee\Desktop\mbam-setup.exe
[2009/04/15 12:23:10 | 00,000,611 | ---- | M] () -- C:\DOCUME~1\Mandee\Desktop\NTREGOPT.lnk
[2009/04/15 12:23:10 | 00,000,592 | ---- | M] () -- C:\DOCUME~1\Mandee\Desktop\ERUNT.lnk
[2009/04/15 12:22:49 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\DOCUME~1\Mandee\Desktop\erunt_setup.exe
[2009/04/15 12:20:24 | 00,021,504 | ---- | M] (Doug Knox) -- C:\DOCUME~1\Mandee\Desktop\SysRestorePoint.exe
[2009/04/09 07:51:12 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/04/08 13:48:46 | 00,001,734 | ---- | M] () -- C:\DOCUME~1\Mandee\Desktop\HijackThis.lnk
[2009/04/08 13:32:01 | 00,486,449 | ---- | M] ( ) -- C:\DOCUME~1\Mandee\Desktop\Fixwareout.exe
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/06 11:04:27 | 00,094,208 | ---- | M] () -- C:\DOCUME~1\Mandee\Desktop\GooredFix.exe
[2009/04/03 01:50:35 | 00,001,602 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Mozilla Firefox.lnk
[2009/04/02 11:41:05 | 00,000,077 | -HS- | M] () -- C:\DOCUME~1\Mandee\My Documents\desktop.ini
[2009/04/02 11:34:50 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/02 11:23:50 | 00,355,840 | -HS- | M] () -- C:\DOCUME~1\Mandee\My Documents\Thumbs.db
[2009/04/02 11:04:46 | 00,153,221 | ---- | M] () -- C:\DOCUME~1\Mandee\My Documents\20090424flyerweb.jpg
[2009/04/01 23:56:56 | 00,027,136 | ---- | M] () -- C:\DOCUME~1\Mandee\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/01 23:44:19 | 00,477,186 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/01 23:44:19 | 00,406,658 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/01 23:44:19 | 00,063,732 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/03/25 11:59:32 | 02,835,078 | ---- | M] () -- C:\DOCUME~1\Mandee\My Documents\RCI.jpg
[2009/03/25 11:58:57 | 36,566,416 | ---- | M] () -- C:\DOCUME~1\Mandee\My Documents\RCI.psd
< End of report >


OTLI EXTRAS:

OTListIt Extras logfile created on: 4/15/2009 1:49:02 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Mandee\Desktop
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

366.91 Mb Total Physical Memory | 53.08 Mb Available Physical Memory | 14.47% Memory free
885.84 Mb Paging File | 466.07 Mb Available in Paging File | 52.61% Paging File free
Paging file location(s): C:\pagefile.sys 552 1104;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 145.04 Gb Total Space | 84.99 Gb Free Space | 58.60% Space Free | Partition Type: NTFS
Drive D: | 4.00 Gb Total Space | 2.38 Gb Free Space | 59.52% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded
Drive J: | 74.31 Gb Total Space | 55.80 Gb Free Space | 75.09% Space Free | Partition Type: FAT32

Computer Name: YOUR-2479443122
Current User Name: Mandee
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Application Loader (AOL LLC)
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltsmon.exe:*:Enabled:AOLTsMon (America Online, Inc)
C:\Program Files\Common Files\AOL\TopSpeed\2.0\aoltpspd.exe:*:Enabled:AOLTopSpeed (America Online Inc)
C:\Program Files\Common Files\AOL\1146067985\EE\AOLServiceHost.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL (America Online Inc.)
C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\AOL Spyware Protection\asp.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AolCoach\en_en\player\AOLNySEV.exe:*:Enabled:AOL File not found
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\MSN Messenger\msncall.exe:*:Enabled:Windows Live Messenger 8.0 (Phone) File not found
C:\Program Files\Common Files\AOL\1146067985\EE\aolsoftware.exe:*:Enabled:AOL Services (America Online, Inc.)
C:\Program Files\Common Files\AOL\1146067985\EE\aim6.exe:*:Enabled:AIM (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Last.fm\LastFM.exe:*:Enabled:Last.fm (Last.fm)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire PRO 4.9.23 File not found
C:\Program Files\Macromedia\Dreamweaver 8\Dreamweaver.exe:*:Disabled:Dreamweaver 8 (Macromedia, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger File not found
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server File not found
C:\Program Files\Yahoo!\Yahoo! Music Jukebox\YahooMusicEngine.exe:*:Enabled:Yahoo! Music Jukebox File not found
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Vuze\Azureus.exe:*:Disabled:Azureus (Azureus Inc)
C:\Program Files\MSN Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger 8.1 (Microsoft Corporation)
C:\Program Files\MSN Messenger\livecall.exe:*:Enabled:Windows Live Messenger 8.1 (Phone) (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\OUTLOOK.EXE:*:Enabled:Microsoft Office Outlook (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\GROOVE.EXE:*:Enabled:Microsoft Office Groove (Microsoft Corporation)
C:\Program Files\Microsoft Office\Office12\ONENOTE.EXE:*:Enabled:Microsoft Office OneNote (Microsoft Corporation)
%windir%\system32\drivers\svchost.exe:*:Enabled:svchost File not found
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00203668-8170-44A0-BE44-B632FA4D780F}" = Adobe AIR
"{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{0837A661-FEC3-48B3-876C-91E7D32048A9}" = Macromedia Dreamweaver 8
"{09984AEC-6B9F-4ca7-B78D-CB44D4771DA3}" = Destinations
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2624B680-02BC-4CBC-839C-DA20DF6EF6EC}" = Citrix Presentation Server Client - Web Only
"{30C19FF2-7FBA-4d09-B9DE-1659977F64F6}" = TrayApp
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{33CFCF98-F8D6-4549-B469-6F4295676D83}" = Symantec AntiVirus
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3819891A-030B-4a4e-98ED-B28A649E48AB}" = HP Deskjet 3900 series
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = Browser Address Error Redirector
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{42F6BED9-41DD-40F1-85A8-8E0350493626}" = HPDeskjet3900Series
"{49672EC2-171B-47B4-8CE7-50D7806360D7}" = Windows Live Sign-in Assistant
"{4998FF95-709A-430A-B104-92A009ABB848}" = QuickConnect
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{5421155F-B033-49DB-9B33-8F80F233D4D5}" = GdiplusUpgrade
"{5546CDB5-2CE2-498B-B059-5B3BF81FC41F}" = Macromedia Extension Manager
"{56F8AFC3-FA98-4ff1-9673-8A026CBF85BE}" = WebReg
"{571700F0-DB9D-4B3A-B03D-35A14BB5939F}" = Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{5F26311C-B135-4F7F-B11E-8E650F83651E}" = DeviceFunctionQFolder
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{685A56F8-75B6-44AD-B3DA-FB0A3266B47C}" = Adobe Flash Player 9 ActiveX
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6994491D-D491-48F1-AE1F-E179C1FFFC2F}" = HP Photosmart Essential
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{77DCDCE3-2DED-62F3-8154-05E745472D07}" = Acrobat.com
"{7AACE39E-A19F-468A-B130-6DBA27203075}" = Wood Workshop
"{8C6027FD-53DC-446D-BB75-CACD7028A134}" = HP Update
"{8EDBA74D-0686-4C99-BFDD-F894678E5101}" = Adobe Common File Installer
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0015-0409-0000-0000000FF1CE}" = Microsoft Office Access MUI (English) 2007
"{90120000-0015-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0019-0409-0000-0000000FF1CE}" = Microsoft Office Publisher MUI (English) 2007
"{90120000-0019-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001A-0409-0000-0000000FF1CE}" = Microsoft Office Outlook MUI (English) 2007
"{90120000-001A-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_ENTERPRISE_{3EC77D26-799B-4CD8-914F-C1565E796173}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_ENTERPRISE_{430971B1-C31E-45DA-81E0-72C095BAB72C}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_ENTERPRISE_{F7A31780-33C4-4E39-951A-5EC9B91D7BF1}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-0030-0000-0000-0000000FF1CE}" = Microsoft Office Enterprise 2007
"{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{BEE75E01-DD3F-4D5F-B96C-609E6538D419}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0044-0409-0000-0000000FF1CE}" = Microsoft Office InfoPath MUI (English) 2007
"{90120000-0044-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-00BA-0409-0000-0000000FF1CE}" = Microsoft Office Groove MUI (English) 2007
"{90120000-00BA-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0114-0409-0000-0000000FF1CE}" = Microsoft Office Groove Setup Metadata MUI (English) 2007
"{90120000-0114-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_ENTERPRISE_{FAD8A83E-9BAC-4179-9268-A35948034D85}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{90120000-0117-0409-0000-0000000FF1CE}" = Microsoft Office Access Setup Metadata MUI (English) 2007
"{90120000-0117-0409-0000-0000000FF1CE}_ENTERPRISE_{4CA4ECC1-DBD4-4591-8F4C-AA12AD2D3E59}" = 2007 Microsoft Office Suite Service Pack 1 (SP1)
"{95120000-00B9-0409-0000-0000000FF1CE}" = Microsoft Application Error Reporting
"{9692FD03-6662-4E62-B08C-30DFF51651E1}" = Actiontec Gateway
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A49F249F-0C91-497F-86DF-B2585E8E76B7}" = Microsoft Visual C++ 2005 Redistributable
"{A63E18AC-B504-4045-AFE6-A279BBABB988}" = Qwest QuickAssist Desktop Tools
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1
"{ACCA20B0-C4D1-4BF5-BF21-0A0EB5EF9730}" = REALTEK GbE & FE Ethernet PCI NIC Driver
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007
"{AF5937B6-B68F-4197-8854-5079D5D1CC2B}" = QuickConnect
"{B2AE44CB-2AAB-4C08-A54B-D264BD604DA8}" = Citrix Presentation Server Client
"{B508B3F1-A24A-32C0-B310-85786919EF28}" = Microsoft .NET Framework 2.0 Service Pack 1
"{B996AE66-10DB-4ac5-B151-E8B4BFBC42FC}" = BufferChm
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{E3F90083-80D4-4b5a-87C7-E97E12F5516D}" = HPProductAssistant
"{EA103B64-C0E4-4C0E-A506-751590E1653D}" = SolutionCenter
"{EFB21DE7-8C19-4A88-BB28-A766E16493BC}" = Adobe Photoshop CS
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F4C2E5F5-2970-45f4-ABD3-C180C4D961C4}" = Status
"Adobe AIR" = Adobe AIR
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer 3.0
"AIM_6" = AIM 6
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"ATI Display Driver" = ATI Display Driver
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.2 (Unicode)
"BigFix" = BigFix
"ChromaticaV1.0" = Chromatica
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.adobe.mauby.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1" = Acrobat.com
"Creative PD1110" = Creative WebCam NX Driver (1.02.01.0827)
"ENTERPRISE" = Microsoft Office Enterprise 2007
"ERUNT_is1" = ERUNT 1.1j
"Eye Candy 4000" = Eye Candy 4000
"FoxyTunesForFirefox" = FoxyTunes for Firefox
"HijackThis" = HijackThis 2.0.2
"HP Imaging Device Functions" = HP Imaging Device Functions 5.0
"HP Solution Center & Imaging Support Tools" = HP Solution Center & Imaging Support Tools 5.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{0405E51E-9582-4207-8F38-AC44201D3808}" = VeohTV BETA
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"LastFM_is1" = Last.fm 1.5.1.29527
"LiveUpdate" = LiveUpdate 3.1 (Symantec Corporation)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Money2006b" = Microsoft Money 2006
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"Port Magic" = Pure Networks Port Magic
"QwestQuickCare_is1" = Qwest QuickCare 2.2
"RAYflect Four Seasons 1.0" = RAYflect Four Seasons 1.0
"RealPlayer 6.0" = RealPlayer Basic
"ShockwaveFlash" = Macromedia Flash Player 8
"SysInfo" = Creative System Information
"The Black Box v2.10" = The Black Box v2.10
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{97C82B44-D408-4F14-9252-47FC1636D23E}_is1" = IZArc 3.81
"{AD88355B-A4E0-4DA1-BAC3-EA4FEA930691}" = Ipswitch WS_FTP Professional 2007

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 4/3/2009 9:41:46 PM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/4/2009 4:03:29 PM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/6/2009 1:18:15 PM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/7/2009 1:58:27 PM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/8/2009 3:10:22 AM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/8/2009 12:37:42 PM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application firefox.exe, version 1.9.0.3372, faulting module
unknown, version 0.0.0.0, fault address 0x10001e39.

Error - 4/8/2009 2:28:02 PM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 8.0.6001.18702, faulting
module mshtml.dll, version 8.0.6001.18702, fault address 0x001c90f5.

Error - 4/9/2009 6:41:42 PM | Computer Name = YOUR-2479443122 | Source = Symantec AntiVirus | ID = 16711725
Description = Risk: C:\WINDOWS\system32\services.exe in File: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
by: Tamper Protection scan. Action: Blocked. Action Description:

Error - 4/13/2009 1:04:42 PM | Computer Name = YOUR-2479443122 | Source = Symantec AntiVirus | ID = 16711725
Description = Risk: C:\WINDOWS\system32\services.exe in File: C:\Program Files\Symantec\LiveUpdate\LuComServer_3_1.EXE
by: Tamper Protection scan. Action: Blocked. Action Description:

Error - 4/15/2009 2:43:15 PM | Computer Name = YOUR-2479443122 | Source = Application Error | ID = 1000
Description = Faulting application svchost.exe, version 5.1.2600.5512, faulting
module unknown, version 0.0.0.0, fault address 0x10001e39.

[ System Events ]
Error - 4/9/2009 6:41:16 PM | Computer Name = YOUR-2479443122 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 4/9/2009 6:41:37 PM | Computer Name = YOUR-2479443122 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
1 time(s).

Error - 4/10/2009 12:44:39 PM | Computer Name = YOUR-2479443122 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/12/2009 10:45:34 PM | Computer Name = YOUR-2479443122 | Source = Dhcp | ID = 1000
Description = Your computer has lost the lease to its IP address 192.168.0.100 on
the Network Card with network address 001676665322.

Error - 4/12/2009 10:46:27 PM | Computer Name = YOUR-2479443122 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.

Error - 4/13/2009 1:03:58 PM | Computer Name = YOUR-2479443122 | Source = DCOM | ID = 10005
Description = DCOM got error "%1053" attempting to start the service LiveUpdate
with arguments "" in order to run the server: {03E0E6C2-363B-11D3-B536-00902771A435}

Error - 4/13/2009 1:04:38 PM | Computer Name = YOUR-2479443122 | Source = Service Control Manager | ID = 7009
Description = Timeout (30000 milliseconds) waiting for the LiveUpdate service to
connect.

Error - 4/13/2009 1:04:38 PM | Computer Name = YOUR-2479443122 | Source = Service Control Manager | ID = 7000
Description = The LiveUpdate service failed to start due to the following error:
%%1053

Error - 4/13/2009 1:04:38 PM | Computer Name = YOUR-2479443122 | Source = Service Control Manager | ID = 7034
Description = The LiveUpdate service terminated unexpectedly. It has done this
2 time(s).

Error - 4/14/2009 10:46:10 PM | Computer Name = YOUR-2479443122 | Source = Windows Update Agent | ID = 16
Description = Unable to Connect: Windows is unable to connect to the automatic updates
service and therefore cannot download and install updates according to the set
schedule. Windows will continue to try to establish a connection.


< End of report >

Edited by Mandee!, 15 April 2009 - 12:54 PM.

  • 0

#4
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Let's start the cleaningprocess then.

Step 1.
Unistall unwanted software:

Please go to Start > Control Panel > Add/Remove Programs and remove the following:

Viewpoint Media Player


Step 2.
OTL-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
    O4 - HKCU..\Run: [] File not found
    O33 - MountPoints2\{03ee7943-ea3b-11da-a989-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{03ee7943-ea3b-11da-a989-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\Shell - "" = AutoRun
    O33 - MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\Shell\AutoRun\command - "" = J:\LaunchU3.exe -- File not found
    O33 - MountPoints2\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\Shell - "" = AutoRun
    O33 - MountPoints2\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\Shell\AutoRun - "" = Auto&Play
    O33 - MountPoints2\D\Shell - "" = AutoRun
    O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
    [2009/04/08 13:33:09 | 00,000,000 | ---D | C] -- C:\fixwareout
    [2009/04/08 13:31:57 | 00,486,449 | ---- | C] ( ) -- C:\DOCUME~1\Mandee\Desktop\Fixwareout.exe
    [2009/04/06 11:29:59 | 00,000,000 | ---D | C] -- C:\DOCUME~1\Mandee\Desktop\GooredFixBackups
    [2009/04/06 11:04:27 | 00,094,208 | ---- | C] () -- C:\DOCUME~1\Mandee\Desktop\GooredFix.exe
    :Reg
    [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
    C:\Program Files\LimeWire\LimeWire.exe=-
    C:\Program Files\Vuze\Azureus.exe=-
    :Files
    C:\Program Files\Viewpoint
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 3.
Goored-scan:

Please download GooredFix from one of the locations below and save it to your Desktop
Download Mirror #1
Download Mirror #2
  • Double-click GooredFix.exe to run it.
  • Select 1. Find Goored (no fix) by typing 1 and pressing Enter.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: Do not run Option #2 yet.

Step 4.
Lop S&D:

Disable resident protections (Antivirus...); you'll re-enable them after the scan

Download Lop S&D < here and save it to the desktop

Double-click Lop S&D.exe
Choose the language, then choose Option 1 (Search)
Wait till the end of the scan
Post the log which is created: (%SystemDrive%\lopR.txt)

Step 5.
Things I would like to see in your reply:

  • The content of the fixlog from OTL2 in step 2.
  • The content of GooredLog.txt from step 3.
  • The content of C:\lopR.txt from step 4.
  • Information on how your computer is running after these steps.

  • 0

#5
Mandee!

Mandee!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTLISTIT FIX LOG:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{7E853D72-626A-48EC-A868-BA8D5E23E045}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ee7943-ea3b-11da-a989-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ee7943-ea3b-11da-a989-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{03ee7943-ea3b-11da-a989-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{03ee7943-ea3b-11da-a989-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e98d2f2-ed46-11dc-a564-001676665322}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e98d2f2-ed46-11dc-a564-001676665322}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3e98d2f2-ed46-11dc-a564-001676665322}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3e98d2f2-ed46-11dc-a564-001676665322}\ not found.
File J:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{bf67a7f1-d53c-11da-9f5c-806d6172696f}\ not found.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
File not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File not found.
C:\fixwareout moved successfully.
File C:\DOCUME~1\Mandee\Desktop\Fixwareout.exe not found.
Folder C:\DOCUME~1\Mandee\Desktop\GooredFixBackups not found.
File C:\DOCUME~1\Mandee\Desktop\GooredFix.exe not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\LimeWire\LimeWire.exe deleted successfully.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\Vuze\Azureus.exe deleted successfully.
========== FILES ==========
File/Folder C:\Program Files\Viewpoint not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Temp\etilqs_27vmY03lpcLXVMKsxQsA scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04152009_181837

Files moved on Reboot...
File C:\Documents and Settings\Mandee\Local Settings\Temp\etilqs_27vmY03lpcLXVMKsxQsA not found!
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...

________________________________
GOOREDFIX LOG:

GooredFix v1.92 by jpshortstuff
Log created at 18:38 on 15/04/2009 running Option #1 (Mandee)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

_____________________________
LOPR LOG:

--------------------\\ Lop S&D 4.2.5-0 XP/Vista

Microsoft Windows XP Professional ( v5.1.2600 ) Service Pack 3
X86-based PC ( Uniprocessor Free : Intel® Celeron® D CPU 3.33GHz )
BIOS : Default System BIOS
USER : Mandee ( Administrator )
BOOT : Normal boot
Antivirus : Symantec AntiVirus Corporate Edition 10.1.5.5001 (Activated)
C:\ (Local Disk) - NTFS - Total:145 Go (Free:86 Go)
D:\ (Local Disk) - FAT32 - Total:3 Go (Free:2 Go)
F:\ (USB)
G:\ (USB)
H:\ (USB)
I:\ (USB)

"C:\Lop SD" ( MAJ : 19-12-2008|23:40 )
Option : [1] ( Wed 04/15/2009|18:48 )

--------------------\\ Listing folders in APPLIC~1

[08/25/2008|10:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Adobe
[08/29/2007|08:45] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> AOL
[01/09/2005|08:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Identities
[08/25/2008|10:43] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Macromedia
[08/29/2006|12:31] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> Microsoft
[04/26/2006|11:13] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> SampleView
[04/26/2006|11:14] C:\DOCUME~1\ADMINI~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[03/19/2009|12:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> {00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[06/17/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> acccore
[04/15/2009|11:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe
[09/04/2006|02:21] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Adobe Systems
[06/17/2008|06:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL
[08/29/2007|08:31] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL Downloads
[01/17/2007|11:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> AOL OCP
[06/24/2008|07:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple
[12/04/2006|09:51] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Apple Computer
[07/20/2008|10:53] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Azureus
[08/13/2006|08:10] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> CyberLink
[03/18/2009|05:23] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Google
[08/13/2006|07:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> HP
[04/07/2008|01:05] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Ipswitch
[06/24/2008|07:41] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Last.fm
[08/16/2006|09:46] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macromedia
[08/30/2006|08:01] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Macrovision
[04/15/2009|12:25] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Malwarebytes
[10/09/2006|11:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> MCA3E5.tmp
[04/26/2006|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee
[02/16/2007|05:30] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com
[02/05/2007|12:37] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[12/12/2008|09:06] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft
[03/22/2009|11:16] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Microsoft Help
[04/26/2006|10:59] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Prism Deploy
[04/26/2006|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Pure Networks
[04/26/2006|11:13] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> QuickTime
[08/21/2008|07:50] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> SupportSoft
[02/16/2007|05:12] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Symantec
[06/17/2008|06:26] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Viewpoint
[08/14/2006|06:03] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Windows Genuine Advantage
[08/22/2008|04:47] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo
[02/09/2008|09:58] C:\DOCUME~1\ALLUSE~1\APPLIC~1\<DIR> Yahoo!

[08/29/2007|08:45] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> AOL
[01/09/2005|08:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Identities
[04/26/2006|11:12] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> Microsoft
[04/26/2006|11:13] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> SampleView
[04/26/2006|11:14] C:\DOCUME~1\DEFAUL~1\APPLIC~1\<DIR> You've Got Pictures Screensaver

[10/17/2007|08:08] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Google
[08/13/2006|07:40] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> McAfee.com Personal Firewall
[12/12/2008|09:06] C:\DOCUME~1\LOCALS~1\APPLIC~1\<DIR> Microsoft


[01/09/2005|08:19] C:\DOCUME~1\NETWOR~1\APPLIC~1\<DIR> Microsoft


--------------------\\ Scheduled Tasks located in C:\WINDOWS\Tasks

[04/09/2009 07:51 AM][--a------] C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[04/15/2009 06:23 PM][--ah-----] C:\WINDOWS\tasks\SA.DAT
[08/10/2004 02:00 PM][-r-h-----] C:\WINDOWS\tasks\desktop.ini

--------------------\\ Listing Folders in C:\Program Files

[08/21/2008|06:28] C:\Program Files\<DIR> 2Wire
[08/21/2008|06:28] C:\Program Files\<DIR> Actiontec
[03/17/2009|01:35] C:\Program Files\<DIR> Adobe
[06/17/2008|06:29] C:\Program Files\<DIR> AIM6
[04/01/2009|11:56] C:\Program Files\<DIR> America Online 9.0
[12/04/2006|09:48] C:\Program Files\<DIR> AOD
[12/04/2006|09:48] C:\Program Files\<DIR> AOL
[09/01/2008|11:13] C:\Program Files\<DIR> Apple Software Update
[07/20/2008|10:49] C:\Program Files\<DIR> AskSBar
[03/02/2008|10:23] C:\Program Files\<DIR> Audacity 1.3 Beta (Unicode)
[01/21/2009|01:33] C:\Program Files\<DIR> Audible
[04/26/2006|11:12] C:\Program Files\<DIR> BigFix
[03/19/2009|12:49] C:\Program Files\<DIR> Bonjour
[08/29/2007|08:12] C:\Program Files\<DIR> Citrix
[11/24/2008|01:51] C:\Program Files\<DIR> Common Files
[01/09/2005|08:07] C:\Program Files\<DIR> ComPlus Applications
[04/26/2006|10:55] C:\Program Files\<DIR> CONEXANT
[11/13/2008|08:14] C:\Program Files\<DIR> Creative
[02/09/2008|09:39] C:\Program Files\<DIR> Creative Installation Information
[04/26/2006|11:02] C:\Program Files\<DIR> CyberLink
[04/26/2006|11:07] C:\Program Files\<DIR> Digital Media Reader
[12/07/2007|11:15] C:\Program Files\<DIR> DivX
[04/15/2009|12:23] C:\Program Files\<DIR> ERUNT
[09/19/2007|06:43] C:\Program Files\<DIR> GnuWin32
[03/18/2009|05:24] C:\Program Files\<DIR> Google
[04/08/2009|01:48] C:\Program Files\<DIR> HijackThis
[03/28/2007|05:25] C:\Program Files\<DIR> HP
[11/13/2008|08:14] C:\Program Files\<DIR> InstallShield Installation Information
[04/03/2009|01:29] C:\Program Files\<DIR> Internet Explorer
[03/19/2009|12:53] C:\Program Files\<DIR> iPod
[04/07/2008|01:05] C:\Program Files\<DIR> Ipswitch
[03/19/2009|12:53] C:\Program Files\<DIR> iTunes
[04/23/2008|10:03] C:\Program Files\<DIR> IZArc
[04/26/2006|11:08] C:\Program Files\<DIR> Java
[06/24/2008|07:43] C:\Program Files\<DIR> Last.fm
[08/22/2008|04:43] C:\Program Files\<DIR> LimeWire
[08/16/2006|09:46] C:\Program Files\<DIR> Macromedia
[04/15/2009|12:25] C:\Program Files\<DIR> Malwarebytes' Anti-Malware
[04/26/2006|11:16] C:\Program Files\<DIR> McAfee
[09/21/2008|11:48] C:\Program Files\<DIR> Messenger
[04/26/2006|11:11] C:\Program Files\<DIR> Microsoft Digital Image 2006
[01/09/2005|08:13] C:\Program Files\<DIR> microsoft frontpage
[08/13/2006|07:02] C:\Program Files\<DIR> Microsoft Money 2006
[11/24/2008|01:29] C:\Program Files\<DIR> Microsoft Office
[08/29/2006|02:57] C:\Program Files\<DIR> Microsoft Visual Studio
[11/24/2008|01:08] C:\Program Files\<DIR> Microsoft Visual Studio 8
[11/24/2008|01:30] C:\Program Files\<DIR> Microsoft Works
[11/24/2008|01:27] C:\Program Files\<DIR> Microsoft.NET
[09/21/2008|11:39] C:\Program Files\<DIR> Movie Maker
[04/15/2009|06:29] C:\Program Files\<DIR> Mozilla Firefox
[08/29/2007|08:54] C:\Program Files\<DIR> Mozilla Thunderbird
[11/24/2008|01:29] C:\Program Files\<DIR> MSBuild
[02/05/2008|07:16] C:\Program Files\<DIR> MSECache
[01/09/2005|08:05] C:\Program Files\<DIR> MSN
[04/26/2006|11:11] C:\Program Files\<DIR> MSN Encarta Plus
[01/09/2005|08:05] C:\Program Files\<DIR> MSN Gaming Zone
[09/22/2008|09:17] C:\Program Files\<DIR> MSN Messenger
[11/17/2006|07:21] C:\Program Files\<DIR> MSXML 4.0
[07/02/2008|05:49] C:\Program Files\<DIR> mTC
[02/25/2007|03:22] C:\Program Files\<DIR> MUD
[09/21/2008|11:33] C:\Program Files\<DIR> NetMeeting
[08/15/2006|06:27] C:\Program Files\<DIR> New Folder
[01/09/2005|08:09] C:\Program Files\<DIR> Online Services
[09/21/2008|11:33] C:\Program Files\<DIR> Outlook Express
[04/26/2006|11:13] C:\Program Files\<DIR> Pure Networks
[03/19/2009|12:48] C:\Program Files\<DIR> QuickTime
[08/21/2008|06:37] C:\Program Files\<DIR> Qwest
[01/06/2009|06:38] C:\Program Files\<DIR> RAYflect Four Seasons 1.0
[04/26/2006|11:13] C:\Program Files\<DIR> Real
[04/26/2006|11:09] C:\Program Files\<DIR> Realtek
[09/21/2007|07:10] C:\Program Files\<DIR> Spiral Graphics
[02/16/2007|05:15] C:\Program Files\<DIR> Symantec
[04/15/2009|06:44] C:\Program Files\<DIR> Symantec AntiVirus
[04/08/2009|01:48] C:\Program Files\<DIR> Trend Micro
[01/09/2005|08:19] C:\Program Files\<DIR> Uninstall Information
[09/26/2008|04:47] C:\Program Files\<DIR> Veoh Networks
[03/08/2009|11:56] C:\Program Files\<DIR> Vuze
[08/22/2008|03:50] C:\Program Files\<DIR> WinAce
[07/26/2007|05:35] C:\Program Files\<DIR> Windows Media Connect 2
[07/26/2007|05:35] C:\Program Files\<DIR> Windows Media Player
[04/01/2009|11:42] C:\Program Files\<DIR> Windows NT
[01/09/2005|08:06] C:\Program Files\<DIR> Windows Plus
[01/09/2005|08:10] C:\Program Files\<DIR> WindowsUpdate
[01/09/2005|08:13] C:\Program Files\<DIR> xerox
[08/22/2008|04:46] C:\Program Files\<DIR> Yahoo!

--------------------\\ Listing Folders in C:\Program Files\Common Files

[03/17/2009|01:35] C:\Program Files\Common Files\<DIR> Adobe
[08/25/2008|10:43] C:\Program Files\Common Files\<DIR> Adobe AIR
[08/30/2006|08:01] C:\Program Files\Common Files\<DIR> Adobe Systems Shared
[08/29/2007|08:45] C:\Program Files\Common Files\<DIR> AOL
[04/26/2006|11:14] C:\Program Files\Common Files\<DIR> aolshare
[03/19/2009|12:53] C:\Program Files\Common Files\<DIR> Apple
[11/24/2008|01:51] C:\Program Files\Common Files\<DIR> DESIGNER
[08/14/2006|08:05] C:\Program Files\Common Files\<DIR> HP
[04/26/2006|11:08] C:\Program Files\Common Files\<DIR> InstallShield
[04/26/2006|11:07] C:\Program Files\Common Files\<DIR> Java
[08/16/2006|09:48] C:\Program Files\Common Files\<DIR> Macromedia
[11/24/2008|02:51] C:\Program Files\Common Files\<DIR> Microsoft Shared
[01/09/2005|08:09] C:\Program Files\Common Files\<DIR> MSSoap
[04/26/2006|10:59] C:\Program Files\Common Files\<DIR> New Boundary
[04/26/2006|11:14] C:\Program Files\Common Files\<DIR> Nullsoft
[01/09/2005|12:00] C:\Program Files\Common Files\<DIR> ODBC
[04/26/2006|11:13] C:\Program Files\Common Files\<DIR> Real
[01/09/2005|08:09] C:\Program Files\Common Files\<DIR> Services
[01/09/2005|12:00] C:\Program Files\Common Files\<DIR> SpeechEngines
[08/21/2008|06:38] C:\Program Files\Common Files\<DIR> supportsoft
[02/16/2007|05:15] C:\Program Files\Common Files\<DIR> Symantec Shared
[11/24/2008|01:43] C:\Program Files\Common Files\<DIR> System

--------------------\\ Process

( 47 Processes )

... OK !

--------------------\\ Searching with S_Lop

No Lop folder found !

--------------------\\ Searching for Lop Files - Folders

No Lop folder found !

--------------------\\ Searching within the Registry

..... OK !

--------------------\\ Checking the Hosts file

Hosts file CLEAN


--------------------\\ Searching for hidden files with Catchme

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-15 18:54:37
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden files ...
scan completed successfully
hidden processes: 0
hidden files: 353

--------------------\\ Searching for other infections

--------------------\\ Cracks & Keygens ..

C:\DOCUME~1\Mandee\Application Data\Azureus\torrents\[isoHunt] Microsoft Office 2007 with crack [smaragdtorrent.to].torrent
C:\DOCUME~1\Mandee\My Documents\Adobe Photoshop CS 8 (serial include)\Adobe Photoshop CS 8.0\crack
C:\DOCUME~1\Mandee\My Documents\Adobe Photoshop CS 8 (serial include)\Adobe Photoshop CS 8.0\crack\AdobeLM.dll
C:\DOCUME~1\Mandee\My Documents\Adobe Photoshop CS 8 (serial include)\Adobe Photoshop CS 8.0\crack\Tw10122.dat
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - ColorSafe 1.5\Crack
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Silverfast Scan Software\CRACK.EXE
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Art Texture 1.0\Crack
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Art Texture 1.0\Crack\crack.com
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Web PlugIn 1.0\Crack
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Web PlugIn 1.0\Crack\CRACK.EXE
C:\DOCUME~1\Mandee\My Documents\My Music\Brand New\Deja Entendu\11 Play Crack the Sky.wma
C:\DOCUME~1\Mandee\My Documents\My Music\iTunes\iTunes Music\Brand New\Deja Entendu\11 Play Crack the Sky.m4a
C:\DOCUME~1\Mandee\My Documents\Resources\brushes\pretty_cuts_and_cracks.abr


[F:27][D:2]-> C:\DOCUME~1\Mandee\LOCALS~1\Temp
[F:1][D:0]-> C:\DOCUME~1\Mandee\Cookies
[F:6][D:4]-> C:\DOCUME~1\Mandee\LOCALS~1\TEMPOR~1\content.IE5

1 - "C:\Lop SD\LopR_1.txt" - Wed 04/15/2009|18:58 - Option : [1]

--------------------\\ Scan completed at 18:58:56

___________________

Google is still redirecting searches in Firefox, but far less often and it still is crashing. It doesn't seem to be redirecting Google searches in IE or crashing either, but I primarily use Firefox so I haven't noticed anything yet.

Edited by Mandee!, 15 April 2009 - 10:28 PM.

  • 0

#6
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Lets continue

The source of your infections is likely related to all the cracks and keygens that I found on your computer. If you are truly interested in staying clean in the future, I strongly recommend that you stay away from Cracks and Keygens. Failure to heed my warning may result in the reinfection of your computer. If you choose to continue down this path, we may not be able to help you here in the future.

Step 1.
OTL2-fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    :Files
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus
    C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint
    C:\Program Files\LimeWire
    C:\Program Files\Vuze
    C:\DOCUME~1\Mandee\Application Data\Azureus
    C:\DOCUME~1\Mandee\My Documents\Adobe Photoshop CS 8 (serial include)
    C:\DOCUME~1\Mandee\My Documents\Azureus Downloads
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the OTL2 fixlog

Step 2.
ComboFix:

Please visit this webpage for download links, and instructions for running the tool:

http://www.bleepingc...to-use-combofix

* Ensure you have disabled all anti virus and anti malware programs so they do not interfere with the running of ComboFix.

Please include the C:\ComboFix.txt in your next reply for further review.

Step 3.
Things I would like to see in your reply:

  • The content of the fixlog from OTL2 in step 1.
  • The content of C:\ComboFix.txt in step 2.

  • 0

#7
Mandee!

Mandee!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
OTL2 FIX LOG:

========== OTLISTIT ==========
Process explorer.exe killed successfully!
========== FILES ==========
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Azureus moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint\AxMetaStream_Win moved successfully.
C:\DOCUME~1\ALLUSE~1\APPLIC~1\Viewpoint moved successfully.
C:\Program Files\LimeWire moved successfully.
C:\Program Files\Vuze\plugins\azupnpav moved successfully.
C:\Program Files\Vuze\plugins\azupdater moved successfully.
C:\Program Files\Vuze\plugins\azrating moved successfully.
C:\Program Files\Vuze\plugins\azplugins moved successfully.
C:\Program Files\Vuze\plugins\azemp moved successfully.
C:\Program Files\Vuze\plugins moved successfully.
C:\Program Files\Vuze\.install4j moved successfully.
C:\Program Files\Vuze moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\updates moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\torrents moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\tmp moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\subs moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\shares moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\plugins moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\net moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\media\azpd moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\media moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\logs\save moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\logs moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\dht moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\cache moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus\active moved successfully.
C:\DOCUME~1\Mandee\Application Data\Azureus moved successfully.
C:\DOCUME~1\Mandee\My Documents\Adobe Photoshop CS 8 (serial include)\Adobe Photoshop CS 8.0\crack moved successfully.
C:\DOCUME~1\Mandee\My Documents\Adobe Photoshop CS 8 (serial include)\Adobe Photoshop CS 8.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Adobe Photoshop CS 8 (serial include) moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\The Truth moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Word.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Updates moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Rosebud.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Publisher.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Proofing.en-us\Proof.fr moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Proofing.en-us\Proof.es moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Proofing.en-us\Proof.en moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Proofing.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\PowerPoint.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Outlook.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\OneNote.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Office64.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Office.en-us\1033 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Office.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\InfoPath.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Groove.en-us\Groove.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Groove.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Excel.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Enterprise.WW moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Catalog moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\zh-tw moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\zh-cn moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\ko-kr moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\ja-jp moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\it-it moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\fr-fr moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\es-es moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin\de-de moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Admin moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Access.en-us\Access.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007\Access.en-us moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\office 2007 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Bleeding Through Declar moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\bleeding through moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Visual Plugins moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - VIMAS Jpeg V1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Vertigo 3D HotText moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Web PlugIn 1.0\Crack moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Web PlugIn 1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Ulead Type.Plugin 1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Art Texture 1.0\Crack moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ulead Art Texture 1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Textissimo 2.0\Vignette moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Textissimo 2.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Silverfast Scan Software moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Rubberman moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Rayflect Four Seasons v1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - PSX moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Plasticthough Quickspace 3D moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Pic Press moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - PhotoSpray v1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Pattern Workshop v1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Particle 1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Panopticum Lens V1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Ottopath v1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Magic Separator\MAGIC.SEPARATOR.FOR.PHOTOSHOP moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Magic Separator moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - LensFlare & Glow moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Impressionist moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - IMAGENIE.V1.1 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - HVS JPEG v2.16 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - HVS Color v1.53 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Funhouse Effect moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - FM Tile Tools moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Flux moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Flare Effect v2.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - FantasyWarp 1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Cytopia PhotoOptics moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - CSI Photooptics Filters moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - ColorSafe 1.5 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Cinemate moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Chromatica Plugin moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Chromatica 1.2\DISK2 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Chromatica 1.2\DISK1 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Chromatica 1.2 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Boxtop moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Border FX 1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop PlugIn - Blade Pro moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Photoshop Plugin - Arrivoselect v1.2 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\P5Fonts_Thai for Photoshop moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\KPT Gel v1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\Tutorials\KPT SkyEffects moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\Tutorials\KPT SceneBuilder moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\Tutorials moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Web\Torus Buttons moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Web\Square Buttons moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Web\Round Buttons moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Web\Rectangle Buttons moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Web moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Primitives moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Packaging moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Miscellaneous moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Fun moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Fruits moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Characters\Upper Case moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Characters\Other moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Characters\Lower Case moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Characters\Figure moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects\Characters moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\KPT SceneBuilder Objects moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0\auto95 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Kai's Power Tools v.6.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis.Portfolio.Web.Edition.v4.0.2\Extensis.Portfolio.Web.Edition.v4.0.2DiZ.FiX moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis.Portfolio.Web.Edition.v4.0.2 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis PhotoTools V3.03 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis Phototools 3.0.6 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis PhotoText Ver2.0.2 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis Photo Graphics V1.01 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis Photo Frame V2.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis Mask Pro v2.04 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Extensis Intellihance Pro V4.03 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\AlienSkin Eyecandy 3.1 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Alien Skin Eye Candy 4000 v4.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\Alien Black Box 21 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack\4 Seasons v1.0 moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads\Adobe PhotoShop Plug-ins Pack moved successfully.
C:\DOCUME~1\Mandee\My Documents\Azureus Downloads moved successfully.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Temp\etilqs_z7hq8TkpT7KLAbTD8vPY scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Temp\Photoshop Temp1006456 scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
Windows Temp folder emptied.
Java cache emptied.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_001_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_002_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_003_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_MAP_ scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\urlclassifier3.sqlite scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\XUL.mfl scheduled to be deleted on reboot.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.14.0 log created on 04162009_110019

Files moved on Reboot...
File C:\Documents and Settings\Mandee\Local Settings\Temp\etilqs_z7hq8TkpT7KLAbTD8vPY not found!
File C:\Documents and Settings\Mandee\Local Settings\Temp\Photoshop Temp1006456 not found!
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_001_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_002_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_003_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\Cache\_CACHE_MAP_ moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\urlclassifier3.sqlite moved successfully.
C:\Documents and Settings\Mandee\Local Settings\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\XUL.mfl moved successfully.

Registry entries deleted on Reboot...
  • 0

#8
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
I'll be waiting for the log from ComboFix
  • 0

#9
Mandee!

Mandee!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
The website you gave me for ComboFix shows up as a white, blank screen.
  • 0

#10
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Hm...
Something is blocking you from going to that site.
I'll give you the basic need of instructions here then.

Download ComboFix from one of these locations:

Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.
  • 0

Advertisements


#11
Mandee!

Mandee!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
ComboFix Log:

ComboFix 09-04-17.01 - Mandee 04/16/2009 18:03.1 - NTFSx86
Running from: c:\documents and settings\Mandee\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-03-17 to 2009-04-17 )))))))))))))))))))))))))))))))
.

2009-04-16 12:51 . 2009-04-16 12:51 -------- d-----w c:\documents and settings\LocalService\Local Settings\Application Data\Apple
2009-04-15 23:39 . 2009-04-15 23:58 -------- d-----w C:\Lop SD
2009-04-15 23:19 . 2009-03-06 14:22 284160 -c----w c:\windows\system32\dllcache\pdh.dll
2009-04-15 23:19 . 2009-02-09 12:10 473600 -c----w c:\windows\system32\dllcache\fastprox.dll
2009-04-15 23:19 . 2009-02-09 12:10 401408 -c----w c:\windows\system32\dllcache\rpcss.dll
2009-04-15 23:19 . 2009-02-06 11:11 110592 -c----w c:\windows\system32\dllcache\services.exe
2009-04-15 23:19 . 2009-02-06 10:10 227840 -c----w c:\windows\system32\dllcache\wmiprvse.exe
2009-04-15 23:19 . 2009-02-09 12:10 729088 -c----w c:\windows\system32\dllcache\lsasrv.dll
2009-04-15 23:19 . 2009-02-09 12:10 453120 -c----w c:\windows\system32\dllcache\wmiprvsd.dll
2009-04-15 23:19 . 2009-02-09 12:10 617472 -c----w c:\windows\system32\dllcache\advapi32.dll
2009-04-15 23:19 . 2009-02-09 12:10 714752 -c----w c:\windows\system32\dllcache\ntdll.dll
2009-04-15 23:18 . 2009-04-15 23:18 -------- d-----w C:\_OTListIt
2009-04-15 18:46 . 2009-04-15 18:47 -------- d-----w C:\Rooter$
2009-04-15 17:25 . 2009-04-15 17:25 -------- d-----w c:\documents and settings\Mandee\Application Data\Malwarebytes
2009-04-15 17:25 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-04-15 17:25 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-04-15 17:25 . 2009-04-15 17:25 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-15 17:25 . 2009-04-15 17:25 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-04-15 17:23 . 2009-04-15 17:23 -------- d-----w c:\program files\ERUNT
2009-04-08 18:48 . 2009-04-08 18:48 -------- d-----w c:\program files\Trend Micro
2009-04-03 06:37 . 2009-04-03 06:37 -------- d-sh--w c:\documents and settings\Mandee\PrivacIE
2009-04-03 06:25 . 2009-04-03 06:26 -------- dc-h--w c:\windows\ie8
2009-04-02 17:00 . 2009-04-02 17:00 -------- d-sh--w c:\windows\system32\config\systemprofile\IETldCache
2009-04-02 16:40 . 2009-04-02 16:40 -------- d-sh--w c:\documents and settings\Mandee\IETldCache
2009-03-23 16:48 . 2009-03-23 16:52 -------- d-----w c:\documents and settings\Mandee\Application Data\Move Networks
2009-03-21 14:06 . 2009-03-21 14:06 989696 -c----w c:\windows\system32\dllcache\kernel32.dll
2009-03-19 05:53 . 2009-03-19 05:53 -------- d-----w c:\program files\iPod
2009-03-19 05:52 . 2009-03-19 05:53 -------- d-----w c:\documents and settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
2009-03-19 05:49 . 2009-03-19 05:49 -------- d-----w c:\program files\Bonjour
2009-03-19 05:47 . 2009-03-19 05:48 -------- d-----w c:\program files\QuickTime
2009-03-19 05:43 . 2009-03-06 04:59 1900544 ----a-w c:\windows\system32\usbaaplrc.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-04-16 22:51 . 2007-02-16 22:12 -------- d-----w c:\program files\Symantec AntiVirus
2009-04-16 16:24 . 2008-11-24 06:05 -------- d-----w c:\documents and settings\All Users\Application Data\Microsoft Help
2009-04-15 23:58 . 2009-04-15 23:40 15291 ----a-w C:\lopR.txt
2009-04-15 18:47 . 2009-04-15 18:47 3063 ----a-w C:\Rooter.txt
2009-04-02 04:56 . 2006-04-26 16:13 -------- d-----w c:\program files\America Online 9.0
2009-03-19 05:53 . 2006-12-05 02:55 -------- d-----w c:\program files\iTunes
2009-03-19 05:53 . 2008-06-25 00:53 -------- d-----w c:\program files\Common Files\Apple
2009-03-18 22:24 . 2006-04-26 16:04 -------- d-----w c:\program files\Google
2009-03-17 18:35 . 2006-04-26 16:10 -------- d-----w c:\program files\Common Files\Adobe
2009-03-08 09:34 . 2005-01-09 23:48 914944 ----a-w c:\windows\system32\wininet.dll
2009-03-08 09:34 . 2005-01-09 23:48 43008 ----a-w c:\windows\system32\licmgr10.dll
2009-03-08 09:33 . 2005-01-09 23:47 18944 ----a-w c:\windows\system32\corpol.dll
2009-03-08 09:33 . 2005-01-09 23:48 420352 ----a-w c:\windows\system32\vbscript.dll
2009-03-08 09:32 . 2005-01-09 23:47 72704 ----a-w c:\windows\system32\admparse.dll
2009-03-08 09:32 . 2005-01-09 23:48 71680 ----a-w c:\windows\system32\iesetup.dll
2009-03-08 09:31 . 2005-01-09 23:48 34816 ----a-w c:\windows\system32\imgutil.dll
2009-03-08 09:31 . 2005-01-09 23:48 48128 ----a-w c:\windows\system32\mshtmler.dll
2009-03-08 09:31 . 2005-01-09 23:48 45568 ----a-w c:\windows\system32\mshta.exe
2009-03-08 09:22 . 2005-01-09 23:48 156160 ----a-w c:\windows\system32\msls31.dll
2009-03-06 14:22 . 2005-01-09 23:48 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-06 04:59 . 2008-06-25 00:53 36864 ----a-w c:\windows\system32\drivers\usbaapl.sys
2009-02-27 23:53 . 2008-02-10 03:11 -------- d-----w c:\documents and settings\Mandee\Application Data\Creative
2009-02-27 23:53 . 2007-08-31 03:59 -------- d-----w c:\documents and settings\Mandee\Application Data\Citrix
2009-02-27 23:53 . 2008-02-29 01:45 -------- d-----w c:\documents and settings\Mandee\Application Data\Audacity
2009-02-27 23:53 . 2006-08-20 01:50 -------- d-----w c:\documents and settings\Mandee\Application Data\Apple Computer
2009-02-27 23:53 . 2006-08-15 04:59 -------- d-----w c:\documents and settings\Mandee\Application Data\acccore
2009-02-09 12:10 . 2005-01-09 23:48 729088 ----a-w c:\windows\system32\lsasrv.dll
2009-02-09 12:10 . 2005-01-09 23:48 401408 ----a-w c:\windows\system32\rpcss.dll
2009-02-09 12:10 . 2005-01-09 23:48 714752 ----a-w c:\windows\system32\ntdll.dll
2009-02-09 12:10 . 2005-01-09 23:47 617472 ----a-w c:\windows\system32\advapi32.dll
2009-02-09 11:13 . 2005-01-09 23:48 1846784 ----a-w c:\windows\system32\win32k.sys
2009-02-08 00:02 . 2004-08-04 05:59 2066048 ----a-w c:\windows\system32\ntkrnlpa.exe
2009-02-06 11:11 . 2005-01-09 23:48 110592 ----a-w c:\windows\system32\services.exe
2009-02-06 11:08 . 2005-01-09 23:48 2189056 ----a-w c:\windows\system32\ntoskrnl.exe
2009-02-06 10:39 . 2005-01-09 23:48 35328 ----a-w c:\windows\system32\sc.exe
2009-02-03 19:59 . 2005-01-09 23:48 56832 ----a-w c:\windows\system32\secur32.dll
2009-02-02 18:33 . 2007-01-17 05:27 2317 ---ha-w C:\IPH.PH
2009-01-03 20:44 . 2006-08-20 20:29 514 -c--a-w c:\documents and settings\Mandee\Application Data\wklnhst.dat
2008-12-11 16:09 . 2006-08-15 00:02 91504 -c--a-w c:\documents and settings\Mandee\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-09-02 01:29 . 2005-01-10 01:26 77128 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2006-08-29 17:33 . 2006-08-29 17:33 136 -c--a-w c:\documents and settings\Administrator\Local Settings\Application Data\fusioncache.dat
2006-08-15 00:34 . 2006-08-15 00:34 129 -c--a-w c:\documents and settings\Mandee\Local Settings\Application Data\fusioncache.dat
2008-09-22 13:44 . 2008-09-22 13:47 32768 -csha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008092220080923\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-07-01 68856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="c:\windows\ehome\ehtray.exe" [2005-08-06 64512]
"readericon"="c:\program files\Digital Media Reader\readericon45G.exe" [2005-12-10 139264]
"Recguard"="c:\windows\SMINST\RECGUARD.EXE" [2002-09-14 212992]
"Reminder"="c:\windows\Creator\Remind_XP.exe" [2005-02-26 966656]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2006-07-20 52896]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2006-10-25 125120]
"MSKDetectorExe"="c:\program files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 1121280]
"QuickCare2.2"="c:\program files\Qwest\QuickCare\bin\sprtcmd.exe" [2007-05-04 198184]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2007-08-24 33648]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-03-13 342312]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-04-05 16120832]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"Power2GoExpress"="NA" [X]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
Adobe Gamma.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-8-15 113664]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.clmp3enc"= c:\progra~1\CYBERL~1\Power2Go\CLMP3Enc.ACM

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltsmon.exe"=
"c:\\Program Files\\Common Files\\AOL\\TopSpeed\\2.0\\aoltpspd.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146067985\\EE\\AOLServiceHost.exe"=
"c:\\Program Files\\Common Files\\AOL\\System Information\\sinf.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146067985\\EE\\aolsoftware.exe"=
"c:\\Program Files\\Common Files\\AOL\\1146067985\\EE\\aim6.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Last.fm\\LastFM.exe"=
"c:\\Program Files\\Macromedia\\Dreamweaver 8\\Dreamweaver.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\MSN Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"%windir%\\system32\\drivers\\svchost.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

R3 SavRoam;SavRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2006-10-25 116416]
R4 Mcsagpted;Mcsagpted; [x]
S2 LicCtrlService;LicCtrl Service;c:\windows\runservice.exe [2007-01-17 2560]
S2 LxrSII1d;Secure II Driver;c:\windows\system32\Drivers\LxrSII1d.sys [2005-05-19 70016]
S2 sprtlisten;SupportSoft Listener Service;c:\program files\Common Files\supportsoft\bin\sprtlisten.exe [2008-01-08 1213728]
S3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2009-02-26 101936]


[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-04-16 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-Aim6 - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://us.mcafee.com/apps/msk/en-us/msk7/setexp.asp?systempopup=true&affid=370-16
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
FF - ProfilePath - c:\documents and settings\Mandee\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\
FF - prefs.js: browser.startup.homepage - about:blank
FF - prefs.js: keyword.URL - hxxp://www.ask.com/web?o=101447&l=dis&q=
FF - plugin: c:\documents and settings\Mandee\Application Data\Mozilla\Firefox\Profiles\e4j0z96t.default\extensions\[email protected]\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava11.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava12.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava13.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava14.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJava32.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPJPI150_02.dll
FF - plugin: c:\program files\Java\jre1.5.0_02\bin\NPOJI610.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPMGWRAP.DLL
FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll
FF - plugin: c:\program files\Veoh Networks\Veoh\Plugins\noreg\NPVeohVersion.dll

---- FIREFOX POLICIES ----
FF - user.js: general.useragent.extra.zencast - Creative ZENcast v1.02.12);user_pref(general.useragent.extra.zencast, .

**************************************************************************

catchme 0.3.1375 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-04-16 18:09
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8]
"1"=hex:ed,4b,4a,ed,15,23,49,74,5a,62,6c,ea,06,f6,a6,df
"2"=hex:a9,40,80,f3,45,2c,d5,a1,17,53,11,d7,21,de,a4,9e,70,5f,a0,52,5b,27,ae,
65,1c,9d,59,02,eb,37,2c,7a,87,23,4c,1a,3f,83,53,96
"3"=hex:ed,4b,4a,ed,15,23,49,74,b0,26,52,ff,a0,7d,07,31,e6,5f,d4,da,fb,3f,90,
71,75,14,ea,42,77,9a,7a,ec,d4,b7,cc,3b,f4,0a,33,5b,a4,1e,da,46,25,2d,2a,72,\

[HKEY_LOCAL_MACHINE\software\LicCtrl\LicCtrl\LicCtrl\LicCtrl*lkzs$i&#&y@^t! #^$ g9^$&pgb SDB36o \DA9879757777DAE8\A4C6DC1D7052183A161573F7BA846387]
"1"=hex:1a,dd,98,10,b1,7c,5d,e1
"2"=hex:67,36,6f,c1,0f,6f,49,c8
"3"=hex:81,20,8f,ab,28,6a,52,9c
"4"=hex:2f,ad,a2,e7,8a,bf,05,5e
"5"=hex:bf,e5,23,7b,b0,66,d6,fc,b8,e8,6b,a0,96,52,f7,32,80,09,8f,24,b7,b3,55,
1a,98,d1,47,16,02,43,61,1c,b9,d5,8f,2a,7b,81,b1,fb,95,22,f8,b3,2c,53,9d,ae,\
"6"=hex:bf,e5,23,7b,b0,66,d6,fc,bc,64,22,fb,7e,d3,39,3e,a3,00,33,13,c0,21,f4,
51,6c,4e,0c,96,e2,dd,ad,8a,b6,c4,05,e8,5a,bd,9a,e9,d4,1a,3d,68,9d,00,32,20
"7"=hex:ed,4b,4a,ed,15,23,49,74,5a,02,d0,c7,f9,dd,f2,e5,3e,e0,99,3d,a8,68,9c,
4f,1f,71,fc,13,23,3b,2c,6b,94,db,ee,08,97,0d,d7,27,bf,b9,1b,eb,26,77,8c,fe,\
"8"=hex:f8,a1,0d,ff,94,af,9e,4a,41,ed,ed,ab,d2,2a,a0,0c,97,dc,c5,44,de,96,13,
41
"9"=hex:81,20,8f,ab,28,6a,52,9c
"18"=hex:b6,dd,00,4d,9d,38,11,d1
"10"=hex:81,20,8f,ab,28,6a,52,9c
"11"=hex:81,20,8f,ab,28,6a,52,9c
"12"=hex:81,20,8f,ab,28,6a,52,9c
"13"=hex:81,20,8f,ab,28,6a,52,9c
"14"=hex:81,20,8f,ab,28,6a,52,9c
"24"=hex:81,20,8f,ab,28,6a,52,9c
"26"=hex:81,20,8f,ab,28,6a,52,9c
"19"=hex:81,20,8f,ab,28,6a,52,9c
"22"=hex:81,20,8f,ab,28,6a,52,9c

[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\RunOnceEx\0001]
@Denied: (A B C D 2) (S-1-5-21-2480187832-2030268292-2868436889-1007)
@Denied: (A B C D 2) (LocalSystem)
@Denied: (A B C D 2) (Administrators)
"*FixWareOut"="c:\\WINDOWS\\system32\\cmd.exe /c c:\\fixwareout\\FindT\\XP-2K2.cmd"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(520)
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-04-16 18:15
ComboFix-quarantined-files.txt 2009-04-16 23:14

Pre-Run: 92,853,907,456 bytes free
Post-Run: 92,835,942,400 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

244 --- E O F --- 2009-04-16 16:28
  • 0

#12
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Are you still getting redirected in Firefox?
And what about in Internet Explorer?

  • 0

#13
Mandee!

Mandee!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
So far I haven't noticed any redirections in FF or IE and they aren't crashing either.

Thank you so much for your help.
  • 0

#14
heir

heir

    Trusted Helper

  • Malware Removal
  • 5,427 posts
Good :)
Let's continue with a couple of scans in case something is hiding in there.

Step 1.
Clean temp locations:

Please download ATF Cleaner by Atribune.
Caution: This program is for Windows 2000, XP and Vista onlyDouble-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.
For Technical Support, double-click the e-mail address located at the bottom of each menu.

Step 2.
Scan with MBAM:

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.


Step 3.
Scan with Kaspersky Online Scanner:

Please do an online scan with Kaspersky Online Scanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below under Upgrading Java, to download and install the latest vesion.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button.
  • Please post this log in your next reply.

Upgrading Java:

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 13.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u13-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u13-windows-i586-p.exe and select "Run as an Administrator.")

Step 4.
Things I would like to see in your reply:

  • The content of the report from MBAM from Step 2.
  • The content of the report from Kaspersky Online Scanner from Step 3.

  • 0

#15
Mandee!

Mandee!

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
MBAM LOG:
Malwarebytes' Anti-Malware 1.36
Database version: 1945
Windows 5.1.2600 Service Pack 3

4/20/2009 11:47:49 AM
mbam-log-2009-04-20 (11-47-49).txt

Scan type: Quick Scan
Objects scanned: 82012
Time elapsed: 12 minute(s), 6 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

___________________________________________________
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP