Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Firefox Goored Redirect - comes back... [Closed] [Solved]

Started by TommyK , Apr 14 2009 10:45 PM

  • This topic is locked This topic is locked

#1
TommyK
Posted 14 April 2009 - 10:45 PM

TommyK

    Member

  • Member
  • PipPip
  • 15 posts
Hi guys -

I have been having google redirects using Firefox. I have followed all Malware removal instructions including using gooredfix (found and removed goored, repeatedly). I have uninstalled firefox and reinstalled. The gooredfix program continues to find the bad file.

How do I get clean? Thanks!, Tom

Here you go:
GooredFix v1.92 by jpshortstuff
Log created at 00:13 on 15/04/2009 running Option #1 (Tom)
Firefox version 3.0.8 (en-US)

=====Suspect Goored Entries=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}"="C:\Documents and Settings\Tom\Local Settings\Application Data\{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}"

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}"="C:\Documents and Settings\Tom\Local Settings\Application Data\{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{000a9d1c-beef-4f90-9363-039d445309b8}"="C:\Program Files\Google\Google Gears\Firefox\"





OTListIt logfile created on: 4/15/2009 12:32:50 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tom\Desktop\Tech\Computer Clean-up
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 72.31% Memory free
3.60 Gb Paging File | 3.20 Gb Available in Paging File | 88.87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.23 Gb Total Space | 129.78 Gb Free Space | 71.22% Space Free | Partition Type: NTFS
Drive D: | 4.06 Gb Total Space | 2.38 Gb Free Space | 58.70% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 74.51 Gb Total Space | 21.50 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMSNEWDESKTOP
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaSafeConnectWatcher.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaAgent.exe ()
PRC - C:\Program Files\Sana Security\Primary Response SafeConnect\agent\bin\SanaSafeConnect.exe (Sana Security)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Program Files\SlimBrowser\sbrowser.exe (FlashPeak, Inc.)
PRC - C:\Documents and Settings\Tom\Desktop\Tech\Computer Clean-up\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (CarboniteService [Auto | Running]) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McrdSvc [Auto | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PatchLink Update [Disabled | Stopped]) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe (PatchLink Corporation)
SRV - (PrismXL [Disabled | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SanaSafeConnectAgent [Auto | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaAgent.exe ()
SRV - (SanaSafeConnectWatcher [Auto | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaSafeConnectWatcher.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CamDrL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (dfmirage [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dfmirage.sys (DemoForge, LLC)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SanaSafeConnectDriver [On_Demand | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\driver\platform_XP\SafeConnectDriver.sys (Sana Security, Inc.)
DRV - (SanaSafeConnectFilter [On_Demand | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\driver\platform_XP\SafeConnectFilter.sys (Sana Security, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...h...DTP&M=T6532
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T6532
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_page_URL = http://www.gateway.c...h...DTP&M=T6532
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.gateway.c...h...DTP&M=T6532
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0



IE - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\S-1-5-21-2919136098-2494697476-672956410-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\S-1-5-21-2919136098-2494697476-672956410-1007\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2008/12/01 12:06:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2007/04/14 10:28:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/11 08:51:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/05 14:12:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}: C:\DOCUMENTS AND SETTINGS\TOM\LOCAL SETTINGS\APPLICATION DATA\{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68} [2009/04/15 00:10:55 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0\extensions\\Components: C:\PROGRAM FILES\FLOCK\COMPONENTS [2009/03/29 09:00:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\PROGRAM FILES\FLOCK\PLUGINS [2009/03/29 09:00:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/04 23:02:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/04 23:01:26 | 00,000,000 | ---D | M]

[2009/04/04 23:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Extensions
[2008/11/02 17:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/04/04 23:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/14 10:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions
[2009/04/05 18:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{0dad0080-ca5a-11da-a94d-0800200c9a66}
[2009/04/07 21:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/12 02:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/04/04 23:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/04/12 01:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/12 02:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\[email protected]
[2006/05/18 19:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\qkwm0r3b.default\extensions
[2009/04/14 10:08:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/04 23:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/08 00:11:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/04/13 09:12:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/15 09:11:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/19 22:23:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/17 09:23:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/13 09:38:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/11 08:52:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [Ivemecebepagu] rundll32.exe "C:\WINDOWS\afiqejivul.dll",e (Mozilla Foundation)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SanaSafeConnect] "C:\Program Files\Sana Security\Primary Response SafeConnect\agent\bin\SanaSafeConnect.exe" (Sana Security)
O4 - HKU\.DEFAULT..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\.DEFAULT..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-18..\Run: [Picasa Media Detector] C:\Program Files\Picasa2\PicasaMediaDetector.exe (Google Inc.)
O4 - HKU\S-1-5-18..\Run: [Power2GoExpress] NA File not found
O4 - HKU\S-1-5-21-2919136098-2494697476-672956410-1007..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: CDRAutoRun = 0
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKU\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O7 - HKU\S-1-5-21-2919136098-2494697476-672956410-1007_Classes\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O15 - HKU\.DEFAULT\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-18\..Trusted Domains: 48 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} http://esupport.cf1l.../weblaunch2.cab (CWebLaunchCtl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O32 - Autorun File - F:\AUTOEXEC.BAT () - [ NTFS ]
O33 - MountPoints2\{283b87f1-92d3-11da-9815-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{283b87f1-92d3-11da-9815-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/15 00:10:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}
[2009/04/14 12:21:58 | 00,091,056 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\k3logos.jpg
[2009/04/14 12:05:17 | 02,326,192 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Excerpt-EmailHandbook.pdf
[2009/04/14 09:47:02 | 04,123,263 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\April-14-Holistic-Release-on-Appearance.mp3
[2009/04/14 09:11:45 | 00,952,057 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\503_Lyris_Guru'sGuide_2008.pdf
[2009/04/13 23:05:22 | 01,774,592 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\four hour work week.msam
[2009/04/12 00:55:34 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/12 00:53:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/12 00:42:12 | 00,000,000 | ---D | C] -- C:\SDFix
[2009/04/11 23:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2009/04/11 23:39:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/11 23:39:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/11 23:39:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/11 23:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/11 23:34:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/11 23:09:27 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/04/11 22:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\MSConfig CleanUp
[2009/04/11 22:02:18 | 00,603,014 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\NicheBlackBook.pdf
[2009/04/11 21:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/04/11 21:31:53 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2009/04/11 21:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2009/04/10 23:16:46 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/10 23:16:46 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/08 21:37:16 | 00,303,104 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ciplListBar.ocx
[2009/04/08 21:37:16 | 00,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/08 21:37:16 | 00,155,648 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ciplImageList.ocx
[2009/04/08 21:37:16 | 00,036,864 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ascbalon.dll
[2009/04/08 21:37:15 | 00,217,088 | ---- | C] (Ascentive) -- C:\WINDOWS\System32\ConTest.dll
[2009/04/08 21:37:15 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/04/08 21:37:10 | 00,000,000 | ---D | C] -- C:\Program Files\Ascentive
[2009/04/07 21:53:39 | 00,642,694 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\lakshmi.jpg
[2009/04/07 17:45:37 | 00,102,118 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\interviewsnatch_april.pdf
[2009/04/07 11:24:17 | 14,855,628 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\lauriesatsang.mp3
[2009/04/06 23:36:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Jack -list building
[2009/04/06 21:46:43 | 00,000,427 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\HowtoSaveTimeandMoney.pdf
[2009/04/06 19:49:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sess_8f55e84060955e485a786d26bd49438d
[2009/04/06 19:26:18 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\What these tests revealed is that essential oils.doc
[2009/04/06 08:33:20 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/05 14:51:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009/04/05 14:09:44 | 00,000,000 | ---D | C] -- C:\4b461ddc7050f3a5d65ea115
[2009/04/05 14:09:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/05 14:01:14 | 00,000,000 | RH-D | C] -- C:\AHCache
[2009/04/05 12:33:33 | 00,318,061 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\bloodpressure-product.pdf
[2009/04/05 00:48:38 | 00,270,336 | ---- | C] (CodeName MANA) -- C:\WINDOWS\the eipiphiny.Scr
[2009/04/05 00:48:38 | 00,161,280 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\WINDOWS\fmod.dll
[2009/04/05 00:43:09 | 00,000,000 | ---D | C] -- C:\Program Files\Eipiphiny
[2009/04/04 23:37:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\PCF-VLC
[2009/04/04 23:29:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Participatory Culture Foundation
[2009/04/04 23:29:16 | 00,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2009/04/04 23:28:55 | 00,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2009/04/04 22:01:31 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\IRS.doc
[2009/04/02 21:37:29 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\quotes.doc
[2009/04/02 09:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Consulting
[2009/03/28 22:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\AIM Toolbar
[2009/03/28 00:11:11 | 00,001,529 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Launch IBP.lnk
[2009/03/28 00:10:56 | 00,000,000 | ---D | C] -- C:\Program Files\IBP 10
[2009/03/28 00:10:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\IBP
[2009/03/27 23:48:43 | 00,401,606 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\conferenceiqinfo.pdf
[2009/03/27 13:06:22 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sess_13ea33be5d8031bdb9032000c0bcdf36
[2009/03/22 11:07:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Jjarive.bin
[2009/03/22 11:07:51 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Lwixa.dat
[2009/03/22 00:29:09 | 00,537,365 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\SAVE0039.JPG
[2009/03/21 13:04:36 | 14,935,3184 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2009/03/21 11:53:59 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\PsychicSalesLetter.lnk
[2009/03/21 11:53:49 | 00,000,000 | ---D | C] -- C:\Program Files\PsychicSalesLetter
[2009/03/21 11:46:02 | 57,613,628 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\90daygoal.mp3
[2009/03/21 09:08:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\FREEPAGE
[2009/03/21 09:02:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Shawn Casey-Biz Box
[2009/03/20 15:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Citrix
[2009/03/20 13:52:39 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sess_d61063c6b0cf4978fdfa4bcf329ce222
[2009/03/16 21:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Niche Ferret Squeeze Generator
[2009/03/16 10:48:39 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Adobe AIR
[2009/03/13 23:22:34 | 00,000,616 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/16 22:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/09 22:47:25 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\RemoteControl.dll
[2008/01/04 17:58:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 17:56:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/26 18:21:20 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/02 15:13:07 | 02,768,896 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2006/12/02 15:13:07 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\psparam.ini
[2006/10/31 13:31:12 | 00,001,530 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/10/31 13:31:12 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/10/31 13:31:10 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2006/05/29 18:42:05 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/05/29 17:25:25 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2006/05/29 17:25:15 | 00,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2006/05/29 17:24:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2006/05/29 17:24:39 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2006/05/17 22:25:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/05/17 21:48:28 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/05/17 21:48:12 | 00,000,074 | ---- | C] () -- C:\WINDOWS\EPSONC88.ini
[2006/05/17 21:47:53 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/05/17 20:41:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/31 23:48:31 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/01/31 23:48:31 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/01/31 23:48:31 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/01/31 23:44:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/31 23:20:51 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/31 23:20:51 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/31 23:20:50 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/31 23:20:48 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/31 23:20:48 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/31 23:20:48 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/01/31 23:20:46 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/10/14 17:09:48 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 19:49:16 | 00,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 00,000,492 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:33 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 19:48:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/28 03:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/15 00:11:42 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/15 00:10:52 | 00,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/15 00:10:28 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/15 00:10:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/15 00:10:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/15 00:10:16 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/04/15 00:10:14 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/04/15 00:08:30 | 00,000,000 | ---- | M] () -- C:\WINDOWS\Jjarive.bin
[2009/04/14 23:51:11 | 00,000,408 | ---- | M] () -- C:\WINDOWS\Lwixa.dat
[2009/04/14 20:17:06 | 00,245,760 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/14 12:21:59 | 00,091,056 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\k3logos.jpg
[2009/04/14 12:05:20 | 02,326,192 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Excerpt-EmailHandbook.pdf
[2009/04/14 09:47:05 | 04,123,263 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\April-14-Holistic-Release-on-Appearance.mp3
[2009/04/14 09:11:48 | 00,952,057 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\503_Lyris_Guru'sGuide_2008.pdf
[2009/04/13 23:16:22 | 01,774,592 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\four hour work week.msam
[2009/04/12 01:59:25 | 00,524,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/12 01:59:25 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/12 01:59:25 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/12 00:56:58 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/12 00:55:34 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/11 23:00:58 | 00,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/11 23:00:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/11 23:00:58 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/04/11 22:02:19 | 00,603,014 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\NicheBlackBook.pdf
[2009/04/11 21:31:53 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2009/04/11 17:33:13 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/10 23:16:46 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/07 21:53:42 | 00,642,694 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\lakshmi.jpg
[2009/04/07 17:45:37 | 00,102,118 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\interviewsnatch_april.pdf
[2009/04/07 11:24:52 | 14,855,628 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\lauriesatsang.mp3
[2009/04/06 21:46:44 | 00,000,427 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\HowtoSaveTimeandMoney.pdf
[2009/04/06 19:53:51 | 00,000,008 | ---- | M] () -- C:\WINDOWS\sess_8f55e84060955e485a786d26bd49438d
[2009/04/06 19:47:51 | 00,000,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090406-195258.backup
[2009/04/06 19:26:19 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\What these tests revealed is that essential oils.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 14:53:50 | 00,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/05 12:33:37 | 00,318,061 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\bloodpressure-product.pdf
[2009/04/04 23:29:16 | 00,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2009/04/04 22:01:31 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IRS.doc
[2009/04/04 11:06:48 | 00,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/04/02 21:37:30 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\quotes.doc
[2009/03/28 00:11:11 | 00,001,529 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Launch IBP.lnk
[2009/03/27 23:48:45 | 00,401,606 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\conferenceiqinfo.pdf
[2009/03/27 13:11:02 | 00,000,008 | ---- | M] () -- C:\WINDOWS\sess_13ea33be5d8031bdb9032000c0bcdf36
[2009/03/24 23:18:12 | 00,058,368 | -HS- | M] () -- C:\Documents and Settings\Tom\My Documents\Thumbs.db
[2009/03/24 10:21:55 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2009/03/22 01:11:19 | 00,537,365 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\SAVE0039.JPG
[2009/03/21 13:12:01 | 14,935,3184 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2009/03/21 11:53:59 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\PsychicSalesLetter.lnk
[2009/03/21 11:48:47 | 57,613,628 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\90daygoal.mp3
[2009/03/20 14:55:02 | 00,000,008 | ---- | M] () -- C:\WINDOWS\sess_d61063c6b0cf4978fdfa4bcf329ce222
[2009/03/20 14:50:50 | 00,217,088 | ---- | M] (Ascentive) -- C:\WINDOWS\System32\ConTest.dll
< End of report >

OTListIt Extras logfile created on: 4/15/2009 12:32:50 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tom\Desktop\Tech\Computer Clean-up
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.36 Gb Available Physical Memory | 72.31% Memory free
3.60 Gb Paging File | 3.20 Gb Available in Paging File | 88.87% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.23 Gb Total Space | 129.78 Gb Free Space | 71.22% Space Free | Partition Type: NTFS
Drive D: | 4.06 Gb Total Space | 2.38 Gb Free Space | 58.70% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 74.51 Gb Total Space | 21.50 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMSNEWDESKTOP
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = Reg Error: Value error.] -- Reg Error: Key error. File not found
.js [@ = JSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\CScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

[HKEY_USERS\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application (Microsoft Corporation)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\WINDOWS\LMI3.tmp\rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\WINDOWS\LMIC.tmp\rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\Program Files\Microsoft ActiveSync\rapimgr.exe:*:Enabled:ActiveSync RAPI Manager (Microsoft Corporation)
C:\Program Files\MBTrading\MBT Navigator\MbtNav.exe:*:Enabled:MbtNav.exe File not found
C:\Program Files\Microsoft ActiveSync\WCESMgr.exe:*:Enabled:ActiveSync Application (Microsoft Corporation)
C:\Program Files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager (Microsoft Corporation)
C:\WINDOWS\LMI1.tmp\rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer (Microsoft Corporation)
C:\WINDOWS\LMI13.tmp\rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\WINDOWS\LMI5.tmp\rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes (Apple Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\msnmsgr.exe:*:Enabled:Windows Live Messenger (Microsoft Corporation)
C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) (Microsoft Corporation)
C:\WINDOWS\LMI5.tmp\lmi_rescue.exe:*:Enabled:LogMeIn Rescue File not found
C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype. The whole world can talk for free. (Skype Technologies S.A.)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Participatory Culture Foundation\Miro\Miro_Downloader.exe:*:Enabled:Miro_Downloader ()
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00010409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Professional
"{0228e555-4f9c-4e35-a3ec-b109a192b4c2}" = Google Gmail Notifier
"{04B0AC33-7D0E-4D4C-841A-4E8B77DFC6D5}" = PatchLink Update Agent
"{0609D0AF-1382-42BE-81DB-CF30F8B0F6E2}" = Serif PhotoPlus 6.0
"{15377C3E-9655-400F-B441-E69F0A6BEAFE}" = Recovery Software Suite eMachines
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{1D243F00-1389-4C63-A7E9-B17E967D1901}" = WebEx Recorder and Player
"{1FBF6C24-C1FD-4101-A42B-0C564F9E8E79}" = DVD Solution
"{23C3F5C0-566B-478B-AAB6-197ADAD0C945}" = Uniblue SpeedUpMyPC 2009
"{24D753CA-6AE9-4E30-8F5F-EFC93E08BF3D}" = Skype™ 4.0
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{2A9C3F41-DACA-37AB-84FB-2E6193C42151}" = Google Gears
"{3248F0A8-6813-11D6-A77B-00B0D0150020}" = J2SE Runtime Environment 5.0 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160000}" = Java™ SE Runtime Environment 6
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{3248F0A8-6813-11D6-A77B-00B0D0160020}" = Java™ 6 Update 2
"{3248F0A8-6813-11D6-A77B-00B0D0160030}" = Java™ 6 Update 3
"{3248F0A8-6813-11D6-A77B-00B0D0160050}" = Java™ 6 Update 5
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3BD8F690-F840-4BC1-8C28-D10C95FAA951}" = Ad Word Analyzer
"{3DE5E7D4-7B88-403C-A3FD-2017A8240C5B}" = Google Earth
"{40BF1E83-20EB-11D8-97C5-0009C5020658}" = Power2Go 4.0
"{43872222-776B-719B-8B2A-CD235C1DF0E9}" = WordButler
"{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5D95AD35-368F-47D5-B63A-A082DDF00111}" = Microsoft Digital Image Starter Edition 2006 Editor
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{691F4068-81BF-49E3-B32E-FE3E16400111}" = Microsoft Digital Image Starter Edition 2006 Library
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6D52C408-B09A-4520-9B18-475B81D393F1}" = Microsoft Works
"{6E44B678-82D0-44B6-A096-ECE7C8CC8BF7}" = lightSOURCE with Hemi-Sync
"{6E66ECBD-FCA7-4AE1-A8C5-1CA78BEEB057}" = Multimedia Keyboard Driver
"{6E93572D-F31E-496F-8B2F-F400B3A2BC4E}" = iTunes
"{76EFFC7C-17A6-479D-9E47-8E658C1695AE}" = Windows Backup Utility
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7BB40A22-8D98-43F9-A08A-E7EFF5AB1324}" = Camtasia Studio 5
"{88B32652-CAE0-4909-A463-5840D2689D93}" = FUJIFILM FinePixViewer S Ver.2.1
"{8ADFC4160D694100B5B8A22DE9DCABD9}" = DivX Player
"{8DCE550C-CA43-4E82-92DF-FFC4A48F5BE1}" = Napster Burn Engine
"{90E00409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Outlook 2003
"{937B232D-9776-471E-92BD-D424E514EF14}" = Logitech QuickCam
"{95A890AA-B3B1-44B6-9C18-A8F7AB3EE7FC}" = QuickTime
"{97F77B0E-DB04-4417-936C-73DDA5CDE5E1}" = Jing
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9E9B6244-325E-4FA6-BB49-6535D2AFD719}" = Primary Response SafeConnect
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A1070D14-1A0D-BB63-EA19-F13E2672FC08}" = Market Samurai
"{A1C8D94A-4303-4489-B585-4B6E6CD408CB}" = OpenOffice.org 2.2
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A50C25D7-62E9-4511-AD70-8E2DA5E79B7D}" = Apple Software Update
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AC76BA86-7AD7-1033-7B44-A70900000002}" = Adobe Reader 7.0.9
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B208806F-A231-4FA0-AB3F-5C1B8979223E}" = Microsoft ActiveSync 4.0
"{B26B00DA-2E5D-4CF2-83C5-911198C0F009}" = GoodSync V6
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDF3606C-63B5-4BA1-BA14-6158F36756B1}" = Google Desktop Plugin - Goocal
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D050D7362D214723AD585B541FFB6C11}" = DivX Content Uploader
"{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}" = Realtek High Definition Audio Driver
"{F320737F-4C7D-45FF-A638-83AF490177E8}" = The Eipiphiny
"ActiveTouchMeetingClient" = WebEx
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AI RoboForm" = AI RoboForm (All Users)
"AIM Toolbar" = AIM Toolbar
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"ArcSoft PhotoStudio 2000" = ArcSoft PhotoStudio 2000
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.2 (Unicode)
"AudibleManager" = AudibleManager
"avast!" = avast! Antivirus
"Carbonite Backup" = HiWired Data Backup
"CCleaner" = CCleaner (remove only)
"CleanUp!" = CleanUp!
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200014F1" = Soft Data Fax Modem with SmartCP
"com.wordbutler.13FCB0B6275C3160FCD95186E02772F95FE48115.1" = WordButler
"Combined Community Codec Pack_is1" = Combined Community Codec Pack 2008-01-24
"CometEditor_is1" = CometEditor 3.06
"DOC to Image Converter_is1" = DOC to Image Converter 2.0
"Dream Manifestation Wizard_is1" = Dream Manifestation Wizard 1.5
"DYMO Label Software" = DYMO Label Software
"FileZilla" = FileZilla (remove only)
"Flock (2.0)" = Flock (2.0)
"Free Download Manager_is1" = Free Download Manager 2.0
"Free PS Convert driver_is1" = Free PS Convert driver
"Golden Cash Compass1.0.4.3" = Golden Cash Compass
"Good Sync_is1" = Good Sync version 4.5.0
"Google Desktop" = Google Desktop
"HijackThis" = HijackThis 2.0.2
"IBP10_is1" = IBP 10.4.1
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{4AC55A61-BA20-4DF5-ABFF-8F4819E0C875}" = Digital Media Reader
"lvdrivers_11.90" = Logitech QuickCam Driver Package
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Medved QuoteTracker_is1" = Medved QuoteTracker
"MemoriesOnWeb_is1" = MemoriesOnWeb 3.1.7
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Miro" = Miro
"Mozilla Firefox (3.0.8)" = Mozilla Firefox (3.0.8)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSConfig CleanUp_is1" = MSConfig CleanUp 1.2
"Niche Ferret Squeeze Generator_is1" = Niche Ferret Squeeze Generator v2.0
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NVIDIA Drivers" = NVIDIA Drivers
"Nvu_is1" = Nvu 1.0
"Pamela" = Pamela Pro 4.0
"Picasa2" = Picasa 2
"PictureItSuiteTrial_v11" = Microsoft Digital Image Starter Edition 2006
"PsychicSalesLetter_is1" = PsychicSalesLetter 2.10
"QuizCreator_is1" = QuizCreator 2.07
"RealPlayer 6.0" = RealPlayer
"RegistryBooster2_is1" = Uniblue RegistryBooster2
"SlimBrowser" = SlimBrowser (remove only)
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"System Tweaker_is1" = Uniblue System Tweaker
"The Wild Divine Grapher" = The Wild Divine Grapher
"Uniblue SpeedUpMyPC 2009" = Uniblue SpeedUpMyPC 2009
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinGimp-2.0_is1" = Gimp 2.6.0
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== HKEY_USERS Uninstall List ==========

[HKEY_USERS\S-1-5-21-2919136098-2494697476-672956410-1007\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 4/6/2008 9:20:47 AM | Computer Name = TOMSNEWDESKTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

Error - 4/7/2008 8:55:51 AM | Computer Name = TOMSNEWDESKTOP | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function C0000005.

[ Application Events ]
Error - 2/15/2009 11:56:46 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 3/5/2009 9:19:24 AM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 3/6/2009 9:06:31 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 3/6/2009 10:06:05 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 3/6/2009 11:06:45 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 3/6/2009 11:38:25 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 3/7/2009 12:09:37 AM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 5013
Description = Volume Shadow Copy Service error: Shadow Copy writer RemovableStorageManager
called routine OpenNtmsSessionW which failed with status 0x80070422 (converted
to 0x800423f4).

Error - 3/7/2009 5:28:25 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error DeviceIoControl(00000220,0x0053c008,00039CF8,0,00038CF0,4096,[0]).
hr = 0x800705aa.

Error - 3/7/2009 5:34:25 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error DeviceIoControl(000001F0,0x0053c008,00039CF8,0,00038CF0,4096,[0]).
hr = 0x800705aa.

Error - 3/7/2009 5:40:27 PM | Computer Name = TOMSNEWDESKTOP | Source = VSS | ID = 12289
Description = Volume Shadow Copy Service error: Unexpected error DeviceIoControl(00000228,0x0053c008,00039CF8,0,00038CF0,4096,[0]).
hr = 0x800705aa.

[ System Events ]
Error - 4/12/2009 12:53:07 AM | Computer Name = TOMSNEWDESKTOP | Source = Service Control Manager | ID = 7001
Description = The DNS Client service depends on the TCP/IP Protocol Driver service
which failed to start because of the following error: %%31

Error - 4/12/2009 12:53:07 AM | Computer Name = TOMSNEWDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/12/2009 12:53:07 AM | Computer Name = TOMSNEWDESKTOP | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 AFD aswSP aswTdi Fips IPSec MRxSmb NetBIOS NetBT Processor RasAcd Rdbss Tcpip

Error - 4/12/2009 1:00:20 AM | Computer Name = TOMSNEWDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/12/2009 11:19:15 AM | Computer Name = TOMSNEWDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/12/2009 9:52:24 PM | Computer Name = TOMSNEWDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/12/2009 10:24:22 PM | Computer Name = TOMSNEWDESKTOP | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service upnphost with
arguments "" in order to run the server: {204810B9-73B2-11D4-BF42-00B0D0118B56}

Error - 4/13/2009 8:55:09 AM | Computer Name = TOMSNEWDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/14/2009 8:47:38 AM | Computer Name = TOMSNEWDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058

Error - 4/15/2009 12:10:34 AM | Computer Name = TOMSNEWDESKTOP | Source = Service Control Manager | ID = 7001
Description = The Media Center Extender Service service depends on the SSDP Discovery
Service service which failed to start because of the following error: %%1058


< End of report >
  • 0

Advertisements

#2
Rorschach112
Posted 15 April 2009 - 06:03 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Post the Rooter log


Please double-click GooredFix.exe on your Desktop to run it.
  • Select "2. Fix Goored" by typing 2 and pressing Enter.
  • Make sure all instances of Firefox are closed at this point.
  • Type y at the prompt and press Enter again.
  • A log will open, please post the contents of that log in your next reply (it can also be found on your desktop, called GooredLog.txt).
Note: If you receive a message saying that GooredFix needs your system to be restarted, please close all applications and reboot your system. Please also allow any registry changes that may be prompted by any of your security programs.




Run OTList2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - Reg Error: Key error. File not found
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [Ivemecebepagu] rundll32.exe "C:\WINDOWS\afiqejivul.dll",e (Mozilla Foundation)
O33 - MountPoints2\{283b87f1-92d3-11da-9815-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{283b87f1-92d3-11da-9815-806d6172696f}\Shell\AutoRun - "" = Auto&Play
[2009/03/22 11:07:52 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Jjarive.bin
[2009/03/22 11:07:51 | 00,000,408 | ---- | C] () -- C:\WINDOWS\Lwixa.dat
[2009/03/20 14:50:50 | 00,217,088 | ---- | M] (Ascentive) -- C:\WINDOWS\System32\ConTest.dll

:Services

:Reg

:Files

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time, and don't run the Custom Scan )

  • 0

#3
TommyK
Posted 15 April 2009 - 03:01 PM

TommyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
here ya go...



OTListIt logfile created on: 4/15/2009 4:53:58 PM - Run 3
OTListIt2 by OldTimer - Version 2.0.14.0 Folder = C:\Documents and Settings\Tom\Desktop\Tech\Computer Clean-up
Windows XP Media Center Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1.87 Gb Total Physical Memory | 1.42 Gb Available Physical Memory | 75.83% Memory free
3.60 Gb Paging File | 3.25 Gb Available in Paging File | 90.28% Paging File free
Paging file location(s): C:\pagefile.sys 0 0;

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 182.23 Gb Total Space | 129.93 Gb Free Space | 71.30% Space Free | Partition Type: NTFS
Drive D: | 4.06 Gb Total Space | 2.38 Gb Free Space | 58.70% Space Free | Partition Type: FAT32
E: Drive not present or media not loaded
Drive F: | 74.51 Gb Total Space | 21.50 Gb Free Space | 28.85% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: TOMSNEWDESKTOP
Current User Name: Tom
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
PRC - C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
PRC - C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
PRC - C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
PRC - C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaSafeConnectWatcher.exe ()
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaAgent.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\Sana Security\Primary Response SafeConnect\agent\bin\SanaSafeConnect.exe (Sana Security)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
PRC - C:\Program Files\Microsoft ActiveSync\wcescomm.exe (Microsoft Corporation)
PRC - C:\Program Files\Microsoft ActiveSync\rapimgr.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Tom\Desktop\Tech\Computer Clean-up\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (CarboniteService [Auto | Running]) -- C:\Program Files\Carbonite\Carbonite Backup\carboniteservice.exe (Carbonite, Inc. (www.carbonite.com))
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (ehRecvr [Auto | Running]) -- C:\WINDOWS\eHome\ehRecvr.exe (Microsoft Corporation)
SRV - (ehSched [Auto | Running]) -- C:\WINDOWS\eHome\ehSched.exe (Microsoft Corporation)
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager [On_Demand | Stopped]) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe (Google)
SRV - (gupdate [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Stopped]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LVPrcSrv [Auto | Running]) -- C:\Program Files\Common Files\LogiShrd\LVMVFM\LVPrcSrv.exe (Logitech Inc.)
SRV - (McrdSvc [Auto | Stopped]) -- C:\WINDOWS\ehome\mcrdsvc.exe (Microsoft Corporation)
SRV - (MHN [On_Demand | Stopped]) -- C:\WINDOWS\System32\mhn.dll (Microsoft Corporation)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (NVSvc [Auto | Running]) -- C:\WINDOWS\system32\nvsvc32.exe (NVIDIA Corporation)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PatchLink Update [Disabled | Stopped]) -- C:\Program Files\PatchLink\Update Agent\GravitixService.exe (PatchLink Corporation)
SRV - (PrismXL [Disabled | Stopped]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (SanaSafeConnectAgent [Auto | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaAgent.exe ()
SRV - (SanaSafeConnectWatcher [Auto | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\Bin\SanaSafeConnectWatcher.exe ()
SRV - (usnjsvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (WLSetupSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe (Microsoft Corporation)
SRV - (WMPNetworkSvc [On_Demand | Stopped]) -- C:\Program Files\Windows Media Player\WMPNetwk.exe (Microsoft Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (CamDrL [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\Camdrl.sys (Logitech Inc.)
DRV - (Cdr4_xp [System | Running]) -- C:\WINDOWS\System32\drivers\cdr4_xp.sys (Sonic Solutions)
DRV - (Cdralw2k [System | Running]) -- C:\WINDOWS\System32\drivers\cdralw2k.sys (Sonic Solutions)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (dfmirage [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\dfmirage.sys (DemoForge, LLC)
DRV - (FilterService [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\lvuvcflt.sys (Logitech Inc.)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (HdAudAddService [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\HdAudio.sys (Windows ® Server 2003 DDK provider)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DPV [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DPV.sys (Conexant Systems, Inc.)
DRV - (IntcAzAudAddService [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\RtkHDAud.sys (Realtek Semiconductor Corp.)
DRV - (LVPr2Mon [On_Demand | Running]) -- C:\WINDOWS\system32\Drivers\LVPr2Mon.sys ()
DRV - (LVRS [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvrs.sys (Logitech Inc.)
DRV - (LVUSBSta [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\LVUSBSta.sys (Logitech Inc.)
DRV - (LVUVC [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\lvuvc.sys (Logitech Inc.)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (mxnic [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mxnic.sys (Macronix International Co., Ltd. )
DRV - (nv [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (NVENETFD [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NVENETFD.sys (NVIDIA Corporation)
DRV - (nvnetbus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\nvnetbus.sys (NVIDIA Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (SanaSafeConnectDriver [On_Demand | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\driver\platform_XP\SafeConnectDriver.sys (Sana Security, Inc.)
DRV - (SanaSafeConnectFilter [On_Demand | Running]) -- C:\Program Files\Sana Security\Primary Response SafeConnect\agent\driver\platform_XP\SafeConnectFilter.sys (Sana Security, Inc.)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (usbaudio [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\usbaudio.sys (Microsoft Corporation)
DRV - (usb_rndisx [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\usb8023x.sys (Microsoft Corporation)
DRV - (wanatw [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL =
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

========== FireFox ==========

FF - prefs.js..browser.search.selectedEngine: "Google"

FF - HKLM\software\mozilla\Firefox\Extensions\\{000a9d1c-beef-4f90-9363-039d445309b8}: C:\PROGRAM FILES\GOOGLE\GOOGLE GEARS\FIREFOX\ [2008/12/01 12:06:24 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2007/04/14 10:28:32 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/11 08:51:47 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\MICROSOFT.NET\FRAMEWORK\V3.5\WINDOWS PRESENTATION FOUNDATION\DOTNETASSISTANTEXTENSION\ [2009/04/05 14:12:48 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{C89202D2-E14A-4485-A8D5-21BAB7332004}: C:\DOCUMENTS AND SETTINGS\TOM\LOCAL SETTINGS\APPLICATION DATA\{C89202D2-E14A-4485-A8D5-21BAB7332004} [2009/04/15 16:44:01 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0\extensions\\Components: C:\PROGRAM FILES\FLOCK\COMPONENTS [2009/03/29 09:00:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock 2.0\extensions\\Plugins: C:\PROGRAM FILES\FLOCK\PLUGINS [2009/03/29 09:00:43 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/04/04 23:02:37 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.8\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/04/04 23:01:26 | 00,000,000 | ---D | M]

[2009/04/04 23:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Extensions
[2008/11/02 17:22:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Extensions\{a463f10c-3994-11da-9945-000d60ca027b}
[2009/04/04 23:02:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/14 10:08:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions
[2009/04/05 18:22:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{0dad0080-ca5a-11da-a94d-0800200c9a66}
[2009/04/07 21:11:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/12 02:05:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{c1dffba0-628e-11d9-9669-0800200c9a66}
[2009/04/04 23:17:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{d57c9ff1-6389-48fc-b770-f78bd89b6e8a}
[2009/04/12 01:12:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\{DDC359D1-844A-42a7-9AA1-88A850A938A8}
[2009/04/12 02:12:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\24ie2uek.default\extensions\[email protected]
[2006/05/18 19:43:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Tom\Application Data\mozilla\Firefox\Profiles\qkwm0r3b.default\extensions
[2009/04/14 10:08:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/04 23:01:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2007/04/08 00:11:39 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/04/13 09:12:44 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA}
[2007/08/15 09:11:07 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA}
[2007/10/19 22:23:19 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA}
[2008/03/17 09:23:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
[2008/07/13 09:38:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/03/11 08:52:08 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/03/26 15:11:21 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/03/26 15:11:22 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/03/26 14:56:22 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/03/26 14:56:22 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/03/26 14:56:22 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/03/26 14:56:22 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/26 14:56:22 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/03/26 14:56:22 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/03/26 14:56:22 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (686 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (AIM Toolbar Loader) - {b0cda128-b425-4eef-a174-61a11ac5dbf8} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Google Gears Helper) - {E0FEFE40-FBF9-42AE-BA58-794CA7E3FB53} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (AIM Toolbar) - {61539ecd-cc67-4437-a03c-9aaccbd14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {61539ECD-CC67-4437-A03C-9AACCBD14326} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Carbonite Backup] C:\Program Files\Carbonite\Carbonite Backup\CarboniteUI.exe (Carbonite, Inc.)
O4 - HKLM..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup (NVIDIA Corporation)
O4 - HKLM..\Run: [SanaSafeConnect] "C:\Program Files\Sana Security\Primary Response SafeConnect\agent\bin\SanaSafeConnect.exe" (Sana Security)
O4 - HKCU..\Run: [H/PC Connection Agent] "C:\Program Files\Microsoft ActiveSync\wcescomm.exe" (Microsoft Corporation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 149
O9 - Extra 'Tools' menuitem : &Gears Settings - {09C04DA7-5B76-4EBC-BBEE-B25EAC5965F5} - C:\Program Files\Google\Google Gears\Internet Explorer\0.5.4.2\gears.dll (Google Inc.)
O9 - Extra Button: AIM Toolbar - {0b83c99c-1efa-4259-858f-bcb33e007a5b} - C:\Program Files\AIM Toolbar\aimtb.dll (AOL LLC.)
O9 - Extra Button: Create Mobile Favorite - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Create Mobile Favorite... - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Program Files\Microsoft ActiveSync\INetRepl.dll (Microsoft Corporation)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://download.micr...heckControl.cab (Windows Genuine Advantage Validation Tool)
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} http://housecall65.t...ivex/hcImpl.cab (Trend Micro ActiveX Scan Agent 6.6)
O16 - DPF: {3E68E405-C6DE-49FF-83AE-41EE9F4C36CE} http://office.micros...ntent/opuc3.cab (Office Update Installation Engine)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {97BB6657-DC7F-4489-9067-51FAB9D8857E} http://esupport.cf1l.../weblaunch2.cab (CWebLaunchCtl Object)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D821DC4A-0814-435E-9820-661C543A4679} http://drmlicense.on...e/en/crlocx.ocx (CRLDownloadWrapper Class)
O16 - DPF: Microsoft XML Parser for Java (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\msitss.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\skype4com {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\Program Files\Common Files\Skype\Skype4COM.dll (Skype Technologies)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~3\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - Autorun File - C:\AUTOEXEC.BAT () - [ NTFS ]
O32 - Autorun File - D:\Autorun.inf () - [ FAT32 ]
O32 - Autorun File - F:\AUTOEXEC.BAT () - [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\*.tmp files]
[2009/04/15 16:48:13 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/04/15 16:44:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\{C89202D2-E14A-4485-A8D5-21BAB7332004}
[2009/04/15 16:30:11 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\GooredFixBackups
[2009/04/14 12:21:58 | 00,091,056 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\k3logos.jpg
[2009/04/14 12:05:17 | 02,326,192 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Excerpt-EmailHandbook.pdf
[2009/04/14 09:47:02 | 04,123,263 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\April-14-Holistic-Release-on-Appearance.mp3
[2009/04/14 09:11:45 | 00,952,057 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\503_Lyris_Guru'sGuide_2008.pdf
[2009/04/13 23:05:22 | 01,774,592 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\four hour work week.msam
[2009/04/12 00:55:34 | 00,578,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/12 00:53:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERUNT
[2009/04/11 23:39:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Malwarebytes
[2009/04/11 23:39:44 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/11 23:39:41 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/11 23:39:40 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/04/11 23:39:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/11 23:34:08 | 00,000,000 | ---D | C] -- C:\Program Files\Trend Micro
[2009/04/11 23:09:27 | 00,000,000 | ---D | C] -- C:\Program Files\CleanUp!
[2009/04/11 22:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\MSConfig CleanUp
[2009/04/11 22:02:18 | 00,603,014 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\NicheBlackBook.pdf
[2009/04/11 21:32:05 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\MarketSamurai.6E37012E1CBD7F47B14488FCC715944F3EBDCEDC.1
[2009/04/11 21:31:53 | 00,000,744 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2009/04/11 21:31:52 | 00,000,000 | ---D | C] -- C:\Program Files\Market Samurai
[2009/04/10 23:16:46 | 00,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2009/04/10 23:16:46 | 00,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2009/04/08 21:37:16 | 00,303,104 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ciplListBar.ocx
[2009/04/08 21:37:16 | 00,223,232 | ---- | C] () -- C:\WINDOWS\System32\sqlite3.dll
[2009/04/08 21:37:16 | 00,155,648 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ciplImageList.ocx
[2009/04/08 21:37:16 | 00,036,864 | ---- | C] (CIPL) -- C:\WINDOWS\System32\ascbalon.dll
[2009/04/08 21:37:15 | 00,086,016 | ---- | C] () -- C:\WINDOWS\System32\SQLiteWrapper.dll
[2009/04/08 21:37:10 | 00,000,000 | ---D | C] -- C:\Program Files\Ascentive
[2009/04/07 21:53:39 | 00,642,694 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\lakshmi.jpg
[2009/04/07 17:45:37 | 00,102,118 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\interviewsnatch_april.pdf
[2009/04/07 11:24:17 | 14,855,628 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\lauriesatsang.mp3
[2009/04/06 23:36:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Jack -list building
[2009/04/06 21:46:43 | 00,000,427 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\HowtoSaveTimeandMoney.pdf
[2009/04/06 19:49:45 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sess_8f55e84060955e485a786d26bd49438d
[2009/04/06 19:26:18 | 00,019,968 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\What these tests revealed is that essential oils.doc
[2009/04/06 08:33:20 | 01,089,593 | ---- | C] () -- C:\WINDOWS\System32\dllcache\ntprint.cat
[2009/04/05 14:51:50 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{51019853-129C-4EDE-9030-D5FD7BBD9AD0}
[2009/04/05 14:09:44 | 00,000,000 | ---D | C] -- C:\4b461ddc7050f3a5d65ea115
[2009/04/05 14:09:23 | 00,000,000 | ---D | C] -- C:\WINDOWS\SxsCaPendDel
[2009/04/05 14:01:14 | 00,000,000 | RH-D | C] -- C:\AHCache
[2009/04/05 12:33:33 | 00,318,061 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\bloodpressure-product.pdf
[2009/04/05 00:48:38 | 00,270,336 | ---- | C] (CodeName MANA) -- C:\WINDOWS\the eipiphiny.Scr
[2009/04/05 00:48:38 | 00,161,280 | ---- | C] (Firelight Technologies Pty, Ltd) -- C:\WINDOWS\fmod.dll
[2009/04/05 00:43:09 | 00,000,000 | ---D | C] -- C:\Program Files\Eipiphiny
[2009/04/04 23:37:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\PCF-VLC
[2009/04/04 23:29:55 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\Participatory Culture Foundation
[2009/04/04 23:29:16 | 00,001,861 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2009/04/04 23:28:55 | 00,000,000 | ---D | C] -- C:\Program Files\Participatory Culture Foundation
[2009/04/04 22:01:31 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\IRS.doc
[2009/04/02 21:37:29 | 00,019,456 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\quotes.doc
[2009/04/02 09:01:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Consulting
[2009/03/28 22:34:40 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\AIM Toolbar
[2009/03/28 00:11:11 | 00,001,529 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\Launch IBP.lnk
[2009/03/28 00:10:56 | 00,000,000 | ---D | C] -- C:\Program Files\IBP 10
[2009/03/28 00:10:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Application Data\IBP
[2009/03/27 23:48:43 | 00,401,606 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\conferenceiqinfo.pdf
[2009/03/27 13:06:22 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sess_13ea33be5d8031bdb9032000c0bcdf36
[2009/03/22 00:29:09 | 00,537,365 | ---- | C] () -- C:\Documents and Settings\Tom\My Documents\SAVE0039.JPG
[2009/03/21 13:04:36 | 14,935,3184 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2009/03/21 11:53:59 | 00,000,844 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\PsychicSalesLetter.lnk
[2009/03/21 11:53:49 | 00,000,000 | ---D | C] -- C:\Program Files\PsychicSalesLetter
[2009/03/21 11:46:02 | 57,613,628 | ---- | C] () -- C:\Documents and Settings\Tom\Desktop\90daygoal.mp3
[2009/03/21 09:08:28 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\FREEPAGE
[2009/03/21 09:02:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Desktop\Shawn Casey-Biz Box
[2009/03/20 15:51:50 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Tom\Local Settings\Application Data\Citrix
[2009/03/20 13:52:39 | 00,000,008 | ---- | C] () -- C:\WINDOWS\sess_d61063c6b0cf4978fdfa4bcf329ce222
[2009/03/16 21:16:01 | 00,000,000 | ---D | C] -- C:\Program Files\Niche Ferret Squeeze Generator
[2009/03/13 23:22:34 | 00,000,616 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2008/12/16 22:58:54 | 00,025,624 | ---- | C] () -- C:\WINDOWS\System32\drivers\LVPr2Mon.sys
[2008/12/16 22:50:56 | 00,013,584 | ---- | C] () -- C:\WINDOWS\System32\drivers\iKeyLgFT.dll
[2008/12/09 22:47:25 | 00,175,104 | ---- | C] () -- C:\WINDOWS\System32\RemoteControl.dll
[2008/01/04 17:58:50 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dtu100.dll.manifest
[2008/01/04 17:57:22 | 00,000,416 | ---- | C] () -- C:\WINDOWS\System32\dpl100.dll.manifest
[2008/01/04 17:56:24 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/26 18:21:20 | 00,081,110 | ---- | C] () -- C:\WINDOWS\System32\lvcoinst.ini
[2006/12/02 15:13:07 | 02,768,896 | ---- | C] () -- C:\WINDOWS\System32\GSDLL32.dll
[2006/12/02 15:13:07 | 00,000,137 | ---- | C] () -- C:\WINDOWS\System32\psparam.ini
[2006/10/31 13:31:12 | 00,001,530 | ---- | C] () -- C:\WINDOWS\pstudio.ini
[2006/10/31 13:31:12 | 00,000,028 | ---- | C] () -- C:\WINDOWS\album.ini
[2006/10/31 13:31:10 | 00,000,021 | ---- | C] () -- C:\WINDOWS\Ps_setup.ini
[2006/05/29 18:42:05 | 00,032,397 | ---- | C] () -- C:\WINDOWS\SGTBox.INI
[2006/05/29 17:25:25 | 00,000,056 | ---- | C] () -- C:\WINDOWS\Addrfixr.ini
[2006/05/29 17:25:15 | 00,007,803 | ---- | C] () -- C:\WINDOWS\System32\dymourl.ini
[2006/05/29 17:24:39 | 00,057,344 | ---- | C] () -- C:\WINDOWS\System32\DYMOCFG.DLL
[2006/05/29 17:24:39 | 00,002,560 | ---- | C] () -- C:\WINDOWS\System32\lmmonres.dll
[2006/05/17 22:25:25 | 00,000,036 | ---- | C] () -- C:\WINDOWS\iltwain.ini
[2006/05/17 21:48:28 | 00,000,097 | ---- | C] () -- C:\WINDOWS\System32\PICSDK.ini
[2006/05/17 21:48:12 | 00,000,074 | ---- | C] () -- C:\WINDOWS\EPSONC88.ini
[2006/05/17 21:47:53 | 00,000,051 | ---- | C] () -- C:\WINDOWS\System32\EAL32.INI
[2006/05/17 20:41:39 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/01/31 23:48:31 | 00,532,544 | ---- | C] () -- C:\WINDOWS\PIC.dll
[2006/01/31 23:48:31 | 00,024,576 | ---- | C] () -- C:\WINDOWS\HKNTDLL.dll
[2006/01/31 23:48:31 | 00,011,776 | ---- | C] () -- C:\WINDOWS\HIDMNT.dll
[2006/01/31 23:44:38 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/01/31 23:20:51 | 01,662,976 | ---- | C] () -- C:\WINDOWS\System32\nvwdmcpl.dll
[2006/01/31 23:20:51 | 01,019,904 | ---- | C] () -- C:\WINDOWS\System32\nvwimg.dll
[2006/01/31 23:20:50 | 00,466,944 | ---- | C] () -- C:\WINDOWS\System32\nvshell.dll
[2006/01/31 23:20:48 | 01,466,368 | ---- | C] () -- C:\WINDOWS\System32\nview.dll
[2006/01/31 23:20:48 | 00,573,440 | ---- | C] () -- C:\WINDOWS\System32\nvhwvid.dll
[2006/01/31 23:20:48 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\nvnt4cpl.dll
[2006/01/31 23:20:46 | 00,046,080 | ---- | C] () -- C:\WINDOWS\System32\nvapi.dll
[2005/10/14 17:09:48 | 00,051,304 | ---- | C] () -- C:\WINDOWS\System32\drivers\atnt40k.sys
[2005/08/06 01:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/01/12 13:38:00 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/01/09 19:49:16 | 00,001,436 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/01/09 19:49:16 | 00,000,492 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/01/09 19:48:33 | 00,000,658 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/01/09 19:48:30 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[2001/10/28 03:42:30 | 00,116,224 | ---- | C] () -- C:\WINDOWS\System32\prnmnt.dll
[1999/01/22 14:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL

========== Files - Modified Within 30 Days ==========

[6 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/04/15 16:51:05 | 00,030,277 | ---- | M] () -- C:\WINDOWS\System32\nvapps.xml
[2009/04/15 16:50:41 | 00,001,170 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/04/15 16:50:09 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachine.job
[2009/04/15 16:50:01 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/04/15 16:49:58 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/04/15 16:49:56 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\lvuvc.hs
[2009/04/15 16:49:54 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\drivers\logiflt.iad
[2009/04/14 20:17:06 | 00,245,760 | ---- | M] () -- C:\Documents and Settings\Tom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/04/14 12:21:59 | 00,091,056 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\k3logos.jpg
[2009/04/14 12:05:20 | 02,326,192 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Excerpt-EmailHandbook.pdf
[2009/04/14 09:47:05 | 04,123,263 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\April-14-Holistic-Release-on-Appearance.mp3
[2009/04/14 09:11:48 | 00,952,057 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\503_Lyris_Guru'sGuide_2008.pdf
[2009/04/13 23:16:22 | 01,774,592 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\four hour work week.msam
[2009/04/12 01:59:25 | 00,524,736 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/12 01:59:25 | 00,444,028 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/04/12 01:59:25 | 00,071,904 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/04/12 00:56:58 | 00,000,686 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\HOSTS
[2009/04/12 00:55:34 | 00,578,560 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\user32.dll
[2009/04/11 23:00:58 | 00,000,658 | ---- | M] () -- C:\WINDOWS\win.ini
[2009/04/11 23:00:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/04/11 23:00:58 | 00,000,209 | -HS- | M] () -- C:\boot.ini
[2009/04/11 22:02:19 | 00,603,014 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\NicheBlackBook.pdf
[2009/04/11 21:31:53 | 00,000,744 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Market Samurai.lnk
[2009/04/11 17:33:13 | 00,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2009/04/10 23:16:46 | 00,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2009/04/07 21:53:42 | 00,642,694 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\lakshmi.jpg
[2009/04/07 17:45:37 | 00,102,118 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\interviewsnatch_april.pdf
[2009/04/07 11:24:52 | 14,855,628 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\lauriesatsang.mp3
[2009/04/06 21:46:44 | 00,000,427 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\HowtoSaveTimeandMoney.pdf
[2009/04/06 19:53:51 | 00,000,008 | ---- | M] () -- C:\WINDOWS\sess_8f55e84060955e485a786d26bd49438d
[2009/04/06 19:47:51 | 00,000,734 | R--- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts.20090406-195258.backup
[2009/04/06 19:26:19 | 00,019,968 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\What these tests revealed is that essential oils.doc
[2009/04/06 15:32:54 | 00,038,496 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/04/06 15:32:46 | 00,015,504 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/04/05 14:53:50 | 00,169,096 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/04/05 12:33:37 | 00,318,061 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\bloodpressure-product.pdf
[2009/04/04 23:29:16 | 00,001,861 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Miro.lnk
[2009/04/04 22:01:31 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\IRS.doc
[2009/04/04 11:06:48 | 00,000,036 | ---- | M] () -- C:\WINDOWS\iltwain.ini
[2009/04/02 21:37:30 | 00,019,456 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\quotes.doc
[2009/03/28 00:11:11 | 00,001,529 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\Launch IBP.lnk
[2009/03/27 23:48:45 | 00,401,606 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\conferenceiqinfo.pdf
[2009/03/27 13:11:02 | 00,000,008 | ---- | M] () -- C:\WINDOWS\sess_13ea33be5d8031bdb9032000c0bcdf36
[2009/03/24 23:18:12 | 00,058,368 | -HS- | M] () -- C:\Documents and Settings\Tom\My Documents\Thumbs.db
[2009/03/24 10:21:55 | 00,009,662 | ---- | M] () -- C:\WINDOWS\EPISME00.SWB
[2009/03/22 01:11:19 | 00,537,365 | ---- | M] () -- C:\Documents and Settings\Tom\My Documents\SAVE0039.JPG
[2009/03/21 13:12:01 | 14,935,3184 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\OOo_3.0.1_Win32Intel_install_wJRE_en-US.exe
[2009/03/21 11:53:59 | 00,000,844 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\PsychicSalesLetter.lnk
[2009/03/21 11:48:47 | 57,613,628 | ---- | M] () -- C:\Documents and Settings\Tom\Desktop\90daygoal.mp3
[2009/03/20 14:55:02 | 00,000,008 | ---- | M] () -- C:\WINDOWS\sess_d61063c6b0cf4978fdfa4bcf329ce222
< End of report >

GooredFix v1.92 by jpshortstuff
Log created at 16:30 on 15/04/2009 running Option #2 (Tom)
Firefox version 3.0.8 (en-US)

=====Goored Deletions=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}"="C:\Documents and Settings\Tom\Local Settings\Application Data\{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}"
->Backing up value... Done.
->Deleting value... Done.

C:\Documents and Settings\Tom\Local Settings\Application Data\{FAFBEB7A-0380-4BCD-A87B-C2CBC11B1D68}
->Backing up folder... Done.
->Emptying folder... Done.
->Deleting folder... Done.

=====Dumping Registry Values=====

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Plugins"="C:\Program Files\Mozilla Firefox\plugins"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Mozilla Firefox 3.0.8\extensions]
"Components"="C:\Program Files\Mozilla Firefox\components"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{20a82645-c095-46ed-80e3-08825760534b}"="C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"[email protected]"="C:\Program Files\Java\jre6\lib\deploy\jqs\ff"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{22119944-ED35-4ab1-910B-E619EA06A115}"="C:\Program Files\Siber Systems\AI RoboForm\Firefox"

[HKEY_LOCAL_MACHINE\SOFTWARE\Mozilla\Firefox\extensions]
"{000a9d1c-beef-4f90-9363-039d445309b8}"="C:\Program Files\Google\Google Gears\Firefox\"
  • 0

#4
Rorschach112
Posted 16 April 2009 - 05:20 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download ATF Cleaner by Atribune.
Double-click ATF-Cleaner.exe to run the program.
Under Main choose: Select All
Click the Empty Selected button.
If you use Firefox browserClick Firefox at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
If you use Opera browserClick Opera at the top and choose: Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.
Click Exit on the Main menu to close the program.




Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.






Go to Kaspersky website and perform an online antivirus scan.

  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

  • 0

#5
Rorschach112
Posted 20 April 2009 - 03:01 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#6
Rorschach112
Posted 21 April 2009 - 03:47 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
post the logs
  • 0

#7
TommyK
Posted 21 April 2009 - 07:17 AM

TommyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
Malwarebytes' Anti-Malware 1.36
Database version: 2016
Windows 5.1.2600 Service Pack 3

4/20/2009 8:27:03 PM
mbam-log-2009-04-20 (20-27-03).txt

Scan type: Quick Scan
Objects scanned: 84617
Time elapsed: 3 minute(s), 36 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Tuesday, April 21, 2009
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Tuesday, April 21, 2009 01:45:46
Records in database: 2064606
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\
I:\
J:\

Scan statistics:
Files scanned: 159107
Threat name: 3
Infected objects: 2
Suspicious objects: 4
Duration of the scan: 04:11:19


File name / Threat name / Threats count
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe Infected: not-a-virus:AdWare.Win32.SearchIt.t 1
F:\Documents and Settings\Tom\Desktop\Site Development\Articles\ezinetactics.zip Infected: not-a-virus:AdWare.Win32.WebStars.b 1
F:\Documents and Settings\Tom\Local Settings\Application Data\Microsoft\Outlook\archive.pst Suspicious: Exploit.HTML.Iframe.FileDownload 4

The selected area was scanned.
  • 0

#8
Rorschach112
Posted 21 April 2009 - 07:19 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hello

Please download OTMoveIt3 by OldTimer
  • Save it to your desktop.
  • Please double-click OTMoveIt3.exe to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
  • Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

    :Processes
explorer.exe

:Services

:Reg

:Files
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe 
F:\Documents and Settings\Tom\Desktop\Site Development\Articles\ezinetactics.zip

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Return to OTMoveIt3, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
  • Click the red Moveit! button.
  • Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
  • Close OTMoveIt3
Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.



Download RootRepeal.zip and unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post


Also tell me how its running
  • 0

#9
TommyK
Posted 21 April 2009 - 03:54 PM

TommyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
========== PROCESSES ==========
Process explorer.exe killed successfully.
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
D:\i386\Apps\App17981\comps\toolbar\toolbr.exe moved successfully.
F:\Documents and Settings\Tom\Desktop\Site Development\Articles\ezinetactics.zip moved successfully.
========== COMMANDS ==========
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\WCESLog.log scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~DF63CC.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~DF7973.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFC55D.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFDB7E.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFE0E4.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFEBEF.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~WRD0005.doc scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~WRF0000.tmp scheduled to be deleted on reboot.
File delete failed. C:\DOCUME~1\Tom\LOCALS~1\Temp\~WRS3048.tmp scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\ads[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\ads[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\index[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\mail[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\mail[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\planner[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\render[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\render[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\rpc_relay[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\translate_n[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\translate_n[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\blank_quirks[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\creativeblogsolutions_com[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\Firefox-Goored-Redirect-comes-back-t235676[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\mail[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\monetizedesigncenter_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\translate[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\ads[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\B3316080[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\ddc[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\get_widget[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\iframe3[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\iframe[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\ifr[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\iwillmakeyourich_blogspot_com[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\mail[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\navbar[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\susan-boyle-eclipsed-by-12-year-old-talent[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\buying-email-lists-the-ugly-truth[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\mail[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\mail[2].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\mail[3].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\st[1] scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\Transitions_Desc_draft1[1].doc scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\translate[1].htm scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
User's Temporary Internet Files folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\History\History.IE5\index.dat scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temp\Cookies\index.dat scheduled to be deleted on reboot.
Local Service Temp folder emptied.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_574.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
FireFox cache emptied.
Temp folders emptied.
Explorer started successfully

OTMoveIt3 by OldTimer - Version 1.0.11.0 log created on 04212009_171330

Files moved on Reboot...
C:\DOCUME~1\Tom\LOCALS~1\Temp\WCESLog.log moved successfully.
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~DF63CC.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~DF7973.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFC55D.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFDB7E.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFE0E4.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~DFEBEF.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~WRD0005.doc not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~WRF0000.tmp not found!
File C:\DOCUME~1\Tom\LOCALS~1\Temp\~WRS3048.tmp not found!
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\ads[2].htm moved successfully.
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\ads[3].htm moved successfully.
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\index[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\mail[2].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\mail[3].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\planner[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\render[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\render[2].htm not found!
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\rpc_relay[1].htm moved successfully.
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\translate_n[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\WVR7O7JB\translate_n[2].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\blank_quirks[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\creativeblogsolutions_com[2].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\Firefox-Goored-Redirect-comes-back-t235676[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\mail[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\monetizedesigncenter_com[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\MQI0V20Q\translate[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\ads[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\B3316080[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\ddc[1].htm not found!
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\get_widget[1].htm moved successfully.
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\iframe3[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\iframe[1].htm not found!
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\ifr[1].htm moved successfully.
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\iwillmakeyourich_blogspot_com[1].htm moved successfully.
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\mail[2].htm not found!
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\navbar[1].htm moved successfully.
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\9MJG59BX\susan-boyle-eclipsed-by-12-year-old-talent[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\buying-email-lists-the-ugly-truth[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\mail[1].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\mail[2].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\mail[3].htm not found!
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\st[1] not found!
C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\Transitions_Desc_draft1[1].doc moved successfully.
File C:\Documents and Settings\Tom\Local Settings\Temporary Internet Files\Content.IE5\1092P6DN\translate[1].htm not found!
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
DllUnregisterServer procedure not found in C:\WINDOWS\temp\logishrd\LVPrcInj01.dll
C:\WINDOWS\temp\logishrd\LVPrcInj01.dll NOT unregistered.
File move failed. C:\WINDOWS\temp\logishrd\LVPrcInj01.dll scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_574.dat moved successfully.
File C:\WINDOWS\temp\Perflib_Perfdata_7b0.dat not found!






ROOTREPEAL © AD, 2007-2008
==================================================
Scan Time: 2009/04/21 17:40
Program Version: Version 1.2.3.0
Windows Version: Windows XP Media Center Edition SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xB611E000 Size: 98304 File Visible: No
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xBA66A000 Size: 8192 File Visible: No
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xB4659000 Size: 45056 File Visible: No
Status: -

Hidden/Locked Files
-------------------
Path: C:\System Volume Information\1{3808876b-c176-4e48-b7ae-04046e6cc752}
Status: Invisible to the Windows API!

Path: C:\Documents and Settings\Tom\Local Settings\Apps\2.0\K21J0N4D.BAY\ZHMJCMLH.ET2\goog...app_9a8dfcd080ccb114_0001.0002_a1e972be441e20b4\clic...exe_9a8dfcd080ccb114_0001.0002_none_19406a31b53cc9d1.cdf-ms
Status: Locked to the Windows API!

Path: C:\Documents and Settings\Tom\Local Settings\Apps\2.0\K21J0N4D.BAY\ZHMJCMLH.ET2\goog...app_9a8dfcd080ccb114_0001.0002_a1e972be441e20b4\clic...exe_9a8dfcd080ccb114_0001.0002_none_19406a31b53cc9d1.manifest
Status: Locked to the Windows API!

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb68556b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6855574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb6855a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685514c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685564e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685508c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb68550f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685576e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb685572e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xb68558ae
  • 0

#10
Rorschach112
Posted 21 April 2009 - 05:49 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
hows it running
  • 0

Advertisements

#11
TommyK
Posted 21 April 2009 - 08:48 PM

TommyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
how's it running? the computer is running fine. is the problem gone? well hard to say. the only symptom I had previously was the google search redirect in firefox. I have not been using firefox during this clean-up process and have done no searching. should I assume the malware is gone and begin searching with firefox again? I don't want to risk sharing info. thanks. tk
  • 0

#12
Rorschach112
Posted 22 April 2009 - 04:29 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
yes give firefox a go there
  • 0

#13
TommyK
Posted 22 April 2009 - 02:48 PM

TommyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
ok. no problems yet. will keep an eye out. should I search for the goored files with gooredfix?

how do I prevent reinfection? thanks, tk
  • 0

#14
Rorschach112
Posted 22 April 2009 - 03:29 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
your logs are clean

Now we need to create a new System Restore point.

Click Start Menu > Run > type (or copy and paste)

%SystemRoot%\System32\restore\rstrui.exe

Press OK. Choose Create a Restore Point then click Next. Name it and click Create, when the confirmation screen shows the restore point has been created click Close.

Next goto Start Menu > Run > type

cleanmgr

Click OK, Disk Cleanup will open and start calculating the amount of space that can be freed, Once thats finished it will open the Disk Cleanup options screen, click the More Options tab then click Clean up on the system restore area and choose Yes at the confirmation window which will remove all the restore points except the one we just created.

To close Disk Cleanup and remove the Temporary Internet Files detected in the initial scan click OK then choose Yes on the confirmation window.



Download ToolsCleaner2 to your desktop and run it ( by de A.Rothstein & Dj Quiou )
  • Click the Pt. Restauration button and press OK to the prompts.
  • Click the Corbeille button and press OK to the prompt.
  • Click the Fichiers temp button and press OK to the prompt.
  • Click the Recherche button and let it run ( it may look like it freezes but let it continue )
  • Once it is done click the Suppression button and let it remove anything it finds.
  • Close the program


Your using an old version of Adobe Acrobat Reader, this can leave your pc open to vulnerabilities, you can update it here :
http://www.adobe.com.../readstep2.html




Below I have included a number of recommendations for how to protect your computer against malware infections.
  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

  • Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
    secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
    blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
    Here


    If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
    • McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling

  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.

  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.

  • Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.

  • FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.

  • Please read my guide on how to prevent malware and about safe computing here
Thank you for your patience, and performing all of the procedures requested.
  • 0

#15
TommyK
Posted 22 April 2009 - 06:58 PM

TommyK

    Member

  • Topic Starter
  • Member
  • PipPip
  • 15 posts
thank you! I'll let you know if it becomes a problem again. tk
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP