Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

I think it started with AntiVirus2009? [Solved]


  • This topic is locked This topic is locked

#1
shaly777

shaly777

    Member

  • Member
  • PipPip
  • 74 posts
Hi guys! I was directed here by Broni.
http://www.geekstogo...CD-t238105.html

I have done all he recommended and now I suppose I am being passed to yall. :)
Above link will take you to my original issue as well as update you on actions taken thus far.


Here is my rooter log:


Microsoft Windows XP Home Edition (5.1.2600) Service Pack 3

C:\ [Fixed] - NTFS - (Total:35181 Mo/Free:2140 Mo)
D:\ [CD-Rom] (Total:0 Mo/Free:0 Mo)

Thu 05/07/2009|22:57

----------------------\\ Processes..

--Locked-- [System Process]
---------- System
---------- \SystemRoot\System32\smss.exe
---------- \??\C:\WINDOWS\system32\csrss.exe
---------- \??\C:\WINDOWS\system32\winlogon.exe
---------- C:\WINDOWS\system32\services.exe
---------- C:\WINDOWS\system32\lsass.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\System32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashServ.exe
---------- C:\WINDOWS\Explorer.EXE
---------- C:\WINDOWS\system32\spoolsv.exe
---------- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
---------- C:\WINDOWS\system32\dla\tfswctrl.exe
---------- C:\Program Files\Real\RealPlayer\RealPlay.exe
---------- C:\Program Files\Common Files\Dell\EUSW\Support.exe
---------- C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
---------- C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
---------- C:\Program Files\Common Files\AOL\1227810304\ee\AOLSoftware.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\Program Files\Java\jre6\bin\jusched.exe
---------- C:\WINDOWS\system32\hkcmd.exe
---------- C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
---------- C:\WINDOWS\system32\ctfmon.exe
---------- C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
---------- C:\Program Files\Digital Line Detect\DLG.exe
---------- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
---------- C:\Program Files\Bonjour\mDNSResponder.exe
---------- C:\Program Files\Java\jre6\bin\jqs.exe
---------- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
---------- C:\WINDOWS\system32\svchost.exe
---------- C:\WINDOWS\system32\wdfmgr.exe
---------- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
---------- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
---------- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
---------- C:\WINDOWS\system32\wbem\wmiprvse.exe
---------- C:\WINDOWS\System32\alg.exe
---------- C:\Program Files\Mozilla Firefox\firefox.exe
---------- C:\WINDOWS\system32\cmd.exe
---------- C:\Rooter$\RK.exe

----------------------\\ Search..

----------------------\\ ROOTKIT !!


----------------------\\ Cracks & Keygens..

C:\DOCUME~1\shannon\My Documents\Fonts\fonts\crackman.zip


1 - "C:\Rooter$\Rooter_1.txt" - Thu 05/07/2009|22:58

----------------------\\ Scan completed at 22:58




And my OTListIt.Txt


OTListIt logfile created on: 5/7/2009 11:10:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\shannon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 112.63 Mb Available Physical Memory | 22.08% Memory free
862.58 Mb Paging File | 436.19 Mb Available in Paging File | 50.57% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 18.09 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF4Y9F61
Current User Name: shannon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
PRC - C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Real\RealPlayer\RealPlay.exe (RealNetworks, Inc.)
PRC - C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
PRC - C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe (Motive, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\Common Files\AOL\1227810304\ee\AOLSoftware.exe (America Online, Inc.)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
PRC - C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Documents and Settings\shannon\Desktop\OTListIt2.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (AOL ACS [Auto | Running]) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (America Online, Inc.)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Automatic LiveUpdate Scheduler [Auto | Stopped]) -- File not found
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Bonjour Service [Auto | Running]) -- C:\Program Files\Bonjour\mDNSResponder.exe (Apple Inc.)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (LiveUpdate [On_Demand | Stopped]) -- File not found
SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
SRV - (McShield [Unknown | Stopped]) -- File not found
SRV - (McSysmon [On_Demand | Stopped]) -- File not found
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CA561 [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS (SP)
DRV - (CmdIde [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\system32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (HSFHWBS2 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (HSF_DP [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (mdmxsdk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys (Conexant)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mraid35x [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\system32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (pcouffin [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\pcouffin.sys (VSO Software)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\senfilt.sys (Sensaura)
DRV - (sisagp [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (Sparrow [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\system32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\system32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\system32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Stopped]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (wanatw [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\wanatw4.sys (America Online, Inc.)
DRV - (winachsf [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...x?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.itsyourturn.com/"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {67E713BF-4489-4506-8B0D-860F274AFB43}:1.0
FF - prefs.js..extensions.enabledItems: {E7A896B8-06FE-48CF-B442-027B82F407EF}:1.0
FF - prefs.js..extensions.enabledItems: {17AB44F1-3471-425F-834B-12363F2F0E9F}:1.0
FF - prefs.js..extensions.enabledItems: {EA371BF4-3539-4C1F-969A-EE2BC53805C5}:1.0
FF - prefs.js..extensions.enabledItems: {49CB0F59-F861-45C4-BF70-64023D1C25DF}:1.0
FF - prefs.js..extensions.enabledItems: {5E966B9C-55BB-48B6-ACF0-A92BB99BBE62}:1.0
FF - prefs.js..extensions.enabledItems: {7DB22281-3493-475D-AA8B-0E8A629A88A2}:1.0
FF - prefs.js..extensions.enabledItems: {C36B2675-2861-419B-85B2-7E96AF40FE8E}:1.0
FF - prefs.js..extensions.enabledItems: {F10717EC-59E6-4880-93B3-64C8516138C3}:1.0
FF - prefs.js..extensions.enabledItems: {22070566-98CA-43CC-9665-56619E74D7F1}:1.0
FF - prefs.js..extensions.enabledItems: {61C3F8C2-8807-4634-9EC3-DD1501F5C1F1}:1.0
FF - prefs.js..extensions.enabledItems: {660D75A8-0521-48E2-B1BD-A5749EE052EC}:1.0
FF - prefs.js..extensions.enabledItems: {75A89601-55ED-4667-9860-517F982CB8E4}:1.0
FF - prefs.js..extensions.enabledItems: {80B801CE-8A72-48BB-82E9-FB26C4B1A1FD}:1.0
FF - prefs.js..extensions.enabledItems: {93F87A09-DA82-47D4-A9C1-A0EB7073199F}:1.0
FF - prefs.js..extensions.enabledItems: {B9BF3C67-EBE5-4960-A25D-7E2247F15D89}:1.0
FF - prefs.js..extensions.enabledItems: {32966796-92CA-43A1-B0DB-993693FBF566}:1.0
FF - prefs.js..extensions.enabledItems: {8BC2DAF3-31E9-4D57-9891-3D5B6FBC2687}:1.0
FF - prefs.js..extensions.enabledItems: {897D1EF9-A127-420F-8015-5B36DE94DC0F}:1.0
FF - prefs.js..extensions.enabledItems: {DB23FAED-C0FD-4193-B67F-AE5A5E2327AB}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www.fastbrows...43E1E922C4}&q="

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/20 14:44:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/07 00:58:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/07 00:54:32 | 00,000,000 | ---D | M]

[2009/04/16 12:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions
[2008/12/05 10:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/16 12:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions\[email protected]
[2009/05/07 21:46:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions
[2009/02/12 13:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/25 03:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/05/06 17:06:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\[email protected]
[2009/05/07 20:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\[email protected]
[2009/05/07 21:46:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/24 16:02:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{17AB44F1-3471-425F-834B-12363F2F0E9F}
[2009/05/04 15:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{22070566-98CA-43CC-9665-56619E74D7F1}
[2009/05/05 06:52:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{32966796-92CA-43A1-B0DB-993693FBF566}
[2009/04/27 13:11:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{49CB0F59-F861-45C4-BF70-64023D1C25DF}
[2009/04/28 15:38:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5E966B9C-55BB-48B6-ACF0-A92BB99BBE62}
[2009/05/04 14:51:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{61C3F8C2-8807-4634-9EC3-DD1501F5C1F1}
[2009/05/04 15:43:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{660D75A8-0521-48E2-B1BD-A5749EE052EC}
[2009/04/22 09:23:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{67E713BF-4489-4506-8B0D-860F274AFB43}
[2009/05/04 15:51:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{75A89601-55ED-4667-9860-517F982CB8E4}
[2009/05/01 15:00:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7DB22281-3493-475D-AA8B-0E8A629A88A2}
[2009/05/04 14:54:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{80B801CE-8A72-48BB-82E9-FB26C4B1A1FD}
[2009/05/05 14:03:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{897D1EF9-A127-420F-8015-5B36DE94DC0F}
[2009/05/05 12:10:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8BC2DAF3-31E9-4D57-9891-3D5B6FBC2687}
[2009/05/04 15:50:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{93F87A09-DA82-47D4-A9C1-A0EB7073199F}
[2009/05/04 21:55:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/04 15:58:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B9BF3C67-EBE5-4960-A25D-7E2247F15D89}
[2009/05/01 15:50:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C36B2675-2861-419B-85B2-7E96AF40FE8E}
[2009/03/20 14:45:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/14 14:57:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/06 11:01:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DB23FAED-C0FD-4193-B67F-AE5A5E2327AB}
[2009/04/23 07:45:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E7A896B8-06FE-48CF-B442-027B82F407EF}
[2009/04/24 16:52:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{EA371BF4-3539-4C1F-969A-EE2BC53805C5}
[2009/05/04 09:52:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F10717EC-59E6-4880-93B3-64C8516138C3}
[2009/05/04 21:55:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/04 21:55:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/04 21:55:11 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/04 21:55:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/04 21:55:11 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/04 21:55:11 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/28 22:49:53 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/03/28 22:49:53 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/05/04 21:55:11 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/04 21:55:11 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/04 21:55:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (0 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - Reg Error: Key error. File not found
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - Reg Error: Key error. File not found
O4 - HKLM..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe (America Online, Inc)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227810304\ee\AOLSoftware.exe (America Online, Inc.)
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k File not found
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT-5-7-09\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O15 - HKCU\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sur...ge/w4sgeen9.exe (Reg Error: Key error.)
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1217652500267 (MUWebControl Class)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...129/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - AppInit_DLLs: (c:\windows\system32\tovebogi.dll) - c:\windows\system32\tovebogi.dll File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/07 23:05:40 | 00,502,272 | ---- | C] (OldTimer Tools) -- C:\DOCUME~1\shannon\Desktop\OTListIt2.exe
[2009/05/07 22:57:12 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/05/07 22:56:58 | 00,267,612 | ---- | C] () -- C:\DOCUME~1\shannon\Desktop\Rooter.exe
[2009/05/07 20:45:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/07 20:44:45 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/07 20:44:40 | 00,000,650 | ---- | C] () -- C:\DOCUME~1\shannon\Desktop\NTREGOPT.lnk
[2009/05/07 20:44:40 | 00,000,631 | ---- | C] () -- C:\DOCUME~1\shannon\Desktop\ERUNT.lnk
[2009/05/07 20:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT-5-7-09
[2009/05/06 20:45:55 | 53,484,3392 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/06 18:03:42 | 00,001,709 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/06 18:03:41 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 18:03:40 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 18:03:40 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 18:03:35 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 18:03:32 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 18:03:32 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 18:03:31 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 18:03:31 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 18:03:06 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 18:03:06 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 18:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/06 13:53:44 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/06 13:52:33 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\HouseCall 6.6
[2009/05/06 13:51:47 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/05 16:00:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/05 11:54:40 | 00,000,696 | ---- | C] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 11:54:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 11:54:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 11:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/04 15:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/03 09:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/05/03 09:22:30 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/01 15:55:06 | 00,000,000 | ---D | C] -- C:\Cache
[2009/04/29 16:17:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Malwarebytes
[2009/04/29 16:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/29 15:53:02 | 00,004,566 | ---- | C] () -- C:\WINDOWS\System32\tmp.reg
[2009/04/27 23:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety CenterRebootActions
[2009/04/27 20:46:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/04/27 15:52:44 | 00,000,479 | ---- | C] () -- C:\xcrashdump.dat
[2009/04/27 14:15:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/27 11:27:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/27 07:11:13 | 00,000,001 | ---- | C] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/25 10:58:08 | 00,001,631 | ---- | C] () -- C:\DOCUME~1\shannon\Desktop\Dell Support.lnk
[2009/04/24 22:39:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\pezatehe.exe
[2009/04/24 22:39:05 | 00,002,713 | -HS- | C] () -- C:\WINDOWS\System32\kilatape.dll
[2009/04/24 11:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Logs
[2009/04/24 11:07:27 | 00,000,000 | ---D | C] -- C:\My Downloads
[2009/04/24 07:02:41 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/23 06:51:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2009/04/22 10:34:27 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\McAfee
[2009/04/21 16:51:33 | 00,005,677 | ---- | C] () -- C:\Documents and Settings\shannon\My Documents\black theme.Theme
[2009/04/14 16:33:41 | 00,284,160 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\pdh.dll
[2009/04/14 16:33:39 | 00,401,408 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\rpcss.dll
[2009/04/14 16:33:39 | 00,035,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\sc.exe
[2009/04/14 16:33:38 | 00,110,592 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\services.exe
[2009/04/14 16:33:37 | 00,473,600 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\fastprox.dll
[2009/04/14 16:33:36 | 00,227,840 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvse.exe
[2009/04/14 16:33:35 | 00,453,120 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wmiprvsd.dll
[2009/04/14 16:33:34 | 00,729,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\lsasrv.dll
[2009/04/14 16:33:33 | 00,617,472 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\advapi32.dll
[2009/04/14 16:33:32 | 00,714,752 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\ntdll.dll
[2009/04/14 16:30:08 | 00,002,560 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\xpsp4res.dll
[2009/04/14 16:30:06 | 01,203,922 | ---- | C] () -- C:\WINDOWS\System32\dllcache\sysmain.sdb
[2009/04/14 16:30:05 | 00,215,552 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\wordpad.exe
[2009/04/09 08:53:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/04/09 07:49:29 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2009/04/09 07:42:40 | 00,008,092 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
[2008/11/27 13:22:46 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/11/01 23:21:53 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/06/27 22:33:38 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/30 18:57:52 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/05/30 18:57:51 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2008/05/18 15:20:11 | 00,000,128 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/05/13 22:05:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/23 15:22:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/23 15:10:45 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/23 14:32:02 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,958 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/07 23:05:41 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\DOCUME~1\shannon\Desktop\OTListIt2.exe
[2009/05/07 22:56:59 | 00,267,612 | ---- | M] () -- C:\DOCUME~1\shannon\Desktop\Rooter.exe
[2009/05/07 22:46:02 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/05/07 21:42:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/07 21:42:12 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\shannon\Local Settings\DESKTOP.INI
[2009/05/07 21:41:56 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/07 21:41:48 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/07 21:27:55 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/07 20:44:45 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/07 20:44:40 | 00,000,650 | ---- | M] () -- C:\DOCUME~1\shannon\Desktop\NTREGOPT.lnk
[2009/05/07 20:44:40 | 00,000,631 | ---- | M] () -- C:\DOCUME~1\shannon\Desktop\ERUNT.lnk
[2009/05/06 20:22:57 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/06 19:47:58 | 00,000,958 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/06 19:47:58 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/05/06 19:47:58 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/05/06 18:03:42 | 00,001,709 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\avast! Antivirus.lnk
[2009/05/06 13:51:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/05 11:54:40 | 00,000,696 | ---- | M] () -- C:\DOCUME~1\ALLUSE~1\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/02 23:53:04 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/01 11:43:21 | 00,000,479 | ---- | M] () -- C:\xcrashdump.dat
[2009/04/29 15:55:29 | 00,004,566 | ---- | M] () -- C:\WINDOWS\System32\tmp.reg
[2009/04/27 23:51:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\nuhuroju
[2009/04/27 07:11:13 | 00,000,001 | ---- | M] () -- C:\WINDOWS\System32\uniq.tll
[2009/04/25 10:58:08 | 00,001,631 | ---- | M] () -- C:\DOCUME~1\shannon\Desktop\Dell Support.lnk
[2009/04/24 22:39:05 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\pezatehe.exe
[2009/04/24 22:39:05 | 00,002,713 | -HS- | M] () -- C:\WINDOWS\System32\kilatape.dll
[2009/04/24 07:02:41 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/21 16:51:37 | 00,005,677 | ---- | M] () -- C:\Documents and Settings\shannon\My Documents\black theme.Theme
[2009/04/14 18:20:10 | 00,381,692 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2009/04/14 18:20:10 | 00,053,436 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT
[2009/04/14 18:20:09 | 00,441,626 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/04/14 17:47:30 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/04/09 07:47:26 | 00,008,092 | ---- | M] () -- C:\Documents and Settings\All Users\Application Data\LUUnInstall.LiveUpdate
< End of report >



WOW! That's LONG! :)
And my Extras.Txt:


OTListIt Extras logfile created on: 5/7/2009 11:10:07 PM - Run 1
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\shannon\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 112.63 Mb Available Physical Memory | 22.08% Memory free
862.58 Mb Paging File | 436.19 Mb Available in Paging File | 50.57% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 18.09 Gb Free Space | 52.65% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF4Y9F61
Current User Name: shannon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0x00000000
"FirewallDisableNotify" = 0x00000000
"UpdatesDisableNotify" = 0x00000000
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Disabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Disabled:@xpsp2res.dll,-22008

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL (America Online, Inc)
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:America Online 9.0 (America Online, Inc.)
C:\Program Files\AOL\RC\regclient.exe:*:Enabled:AOL (AOL LLC)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server (Yahoo! Inc.)
C:\Program Files\Messenger\msmsgs.exe:*:Enabled:Windows Messenger (Microsoft Corporation)
C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire File not found
C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpaceIM File not found
%windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 (Microsoft Corporation)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (America Online, Inc.)
C:\WINDOWS\explorer.exe:*:Enabled:Explorer (Microsoft Corporation)
C:\WINDOWS\SYSTEM32\dwwin.exe:*:Enabled:dwwin (Microsoft Corporation)
C:\Program Files\Dell\Support\Alert\bin\DBGLogger.exe:*:Enabled:DBGLogger ( )
C:\Program Files\Common Files\Dell\EUSW\DSLog.exe:*:Enabled:DSLog (Dell)
C:\WINDOWS\SYSTEM32\taskmgr.exe:*:Enabled:taskmgr (Microsoft Corporation)
C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour (Apple Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{216AB108-2AE1-4130-B3D5-20B2C4C80F8F}" = QuickTime
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{26A24AE4-039D-4CA4-87B4-2F83216012FF}" = Java™ 6 Update 13
"{3248F0A8-6813-11D6-A77B-00B0D0160060}" = Java™ 6 Update 6
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{341201D4-4F61-4ADB-987E-9CCE4D83A58D}" = Windows Live Toolbar Extension (Windows Live Toolbar)
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = NetWaiting
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{43FCA273-9534-40DB-B7C5-D7758875616A}" = Dell Support
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{548B3DC6-2300-47E1-BA7B-74AD25F8DEBF}" = Form Fill (Windows Live Toolbar)
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7745B7A9-F323-4BB9-9811-01BF57A028DA}" = Map Button (Windows Live Toolbar)
"{786C4AD1-DCBA-49A6-B0EF-B317A344BD66}" = Windows Live Favorites for Windows Live Toolbar
"{78C496B9-5A6B-4692-8C2E-AFFFC34E4961}" = Jasc Paint Shop Pro Studio, Dell Editon
"{7A3F0566-5E05-4919-9C98-456F6B5CF831}" = Get High Speed Internet!
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{90840409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Excel Viewer 2003
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B5FDA445-CAC4-4BA6-A8FB-A7212BD439DE}" = Microsoft XML Parser
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{D5A145FC-D00C-4F1A-9119-EB4D9D659750}" = Windows Live Toolbar
"{DBA4DB9D-EE51-4944-A419-98AB1F1249C8}" = LiveUpdate Notice (Symantec Corporation)
"{E646DCF0-5A68-11D5-B229-002078017FBF}" = Digital Line Detect
"{EC4455AB-F155-4CC1-A4C5-88F3777F9886}" = Apple Mobile Device Support
"{F084395C-40FB-4DB3-981C-B51E74E1E83D}" = Smart Menus (Windows Live Toolbar)
"{F48C6EA5-3B43-11D6-86A6-0050BA0259A2}" = Philips PC Camera
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11
"AOL Connectivity Services" = AOL Connectivity Services
"AOL Regclient" = AOL Registration
"AOL Uninstaller" = AOL Uninstaller (Choose which Products to Remove)
"AOLCoach" = AOL Coach Version 1.0(Build:20040229.1 en)
"AT&T Yahoo! Activation" = AT&T Yahoo! Activation
"avast!" = avast! Antivirus
"BroadJump Client Foundation" = BroadJump Client Foundation
"CNXT_MODEM_PCI_VEN_14F1&DEV_2F20&SUBSYS_200F14F1" = Conexant D850 56K V.9x DFVc Modem
"ERUNT_is1" = ERUNT 1.1j
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Imikimi Plugin" = Imikimi Plugin
"InstallShield_{89EE857B-8970-4F9F-AB58-A1C873AC72B3}" = Broadcom Management Programs
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Mozilla Firefox (3.0.10)" = Mozilla Firefox (3.0.10)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"RealPlayer 6.0" = RealPlayer Basic
"SBC.MCCInstall" = AT&T Self Support Tool
"StreetPlugin" = Learn2 Player (Uninstall Only)
"Trend Micro HouseCall 6.6" = HouseCall 6.6
"ViewpointMediaPlayer" = Viewpoint Media Player
"Windows Live OneCare safety scanner" = Windows Live OneCare safety scanner
"Windows Live Toolbar" = Windows Live Toolbar
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Applications" = AT&T Yahoo! Applications
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"digifast" = DigiFast
"Octoshape add-in for Adobe Flash Player" = Octoshape add-in for Adobe Flash Player

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 5/6/2009 9:21:12 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 5/6/2009 9:21:12 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 5/6/2009 9:21:15 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 5/6/2009 9:21:39 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 5/6/2009 9:21:39 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 5/6/2009 9:21:43 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 5/6/2009 9:37:12 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = Error in aswChestC: chestOpenList Error 1753.

Error - 5/6/2009 9:37:12 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::LoadFiles()
chestOpenList() failed: 2147422219.

Error - 5/6/2009 9:37:17 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 5/6/2009 9:48:29 PM | Computer Name = DF4Y9F61 | Source = avast! | ID = 33554522
Description = Internal error has occurred in module aswar scan function failed!,
function A0000111.

[ Application Events ]
Error - 5/6/2009 12:07:14 PM | Computer Name = DF4Y9F61 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\6ec986.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 5/6/2009 12:07:14 PM | Computer Name = DF4Y9F61 | Source = MsiInstaller | ID = 1008
Description = The installation of C:\WINDOWS\Installer\6ec986.msi is not permitted
due to an error in software restriction policy processing. The object cannot be
trusted.

Error - 5/6/2009 12:07:19 PM | Computer Name = DF4Y9F61 | Source = WmiAdapter | ID = 4099
Description = Open of service failed.

Error - 5/6/2009 8:12:07 PM | Computer Name = DF4Y9F61 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/6/2009 9:25:38 PM | Computer Name = DF4Y9F61 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/6/2009 9:33:19 PM | Computer Name = DF4Y9F61 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/6/2009 9:46:12 PM | Computer Name = DF4Y9F61 | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 5/6/2009 11:34:38 PM | Computer Name = DF4Y9F61 | Source = Application Error | ID = 1000
Description = Faulting application iexplore.exe, version 7.0.6000.16827, faulting
module urlmon.dll, version 7.0.6000.16825, fault address 0x0002011a.

Error - 5/7/2009 12:39:49 AM | Computer Name = DF4Y9F61 | Source = Application Hang | ID = 1002
Description = Hanging application regedit.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 5/8/2009 12:09:26 AM | Computer Name = DF4Y9F61 | Source = Application Hang | ID = 1002
Description = Hanging application OTListIt2.exe, version 2.0.15.4, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 5/6/2009 9:36:31 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
Aavmker4 aswSP Fips intelppm

Error - 5/6/2009 9:45:14 PM | Computer Name = DF4Y9F61 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 5/6/2009 9:46:49 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 5/6/2009 9:46:49 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 5/7/2009 10:38:17 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7031
Description = The DCOM Server Process Launcher service terminated unexpectedly.
It has done this 1 time(s). The following corrective action will be taken in 60000
milliseconds: Reboot the machine.

Error - 5/7/2009 10:38:17 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7034
Description = The Terminal Services service terminated unexpectedly. It has done
this 1 time(s).

Error - 5/7/2009 10:42:07 PM | Computer Name = DF4Y9F61 | Source = sr | ID = 1
Description = The System Restore filter encountered the unexpected error '0xC0000001'
while processing the file '' on the volume 'HarddiskVolume2'. It has stopped monitoring
the volume.

Error - 5/7/2009 10:43:37 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7000
Description = The Automatic LiveUpdate Scheduler service failed to start due to
the following error: %%2

Error - 5/7/2009 10:43:37 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7000
Description = The McAfee Real-time Scanner service failed to start due to the following
error: %%2

Error - 5/7/2009 10:43:37 PM | Computer Name = DF4Y9F61 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
abp480n5 adpu160m agp440 agpCPQ Aha154x aic78u2 aic78xx AliIde alim1541 amdagp amsint asc asc3350p
asc3550
cbidf
cd20xrnt
CmdIde
Cpqarray
dac2w2k
dac960nt
dpti2o
hpn
i2omp
ini910u
IntelIde
mraid35x
perc2
perc2hib
ql1080
Ql10wnt
ql12160
ql1240
ql1280
sisagp
Sparrow
symc810
symc8xx
sym_hi
sym_u3
TosIde
ultra
viaagp
ViaIde


< End of report >

Ok...I hope there's nothing too seriously out of whack here. I appreciate you guys so much. If there are things you see that I don't really need (i.e. AOl;Symantec) let me know. There is also another user on this computer and it doesn't look like it scanned her stuff? Does that make a difference? THANKS!
Whatever else I can do, let me know!



UPDATE:5-8-09
1) See this link http://www.geekstogo...ls-t238278.html
for some other updated info.

2) Went into My Pictures folder and found two items there:
desktop.ini
and thumbs.db

Having absolutely no idea why they were there I tried to delete them...
and it said
"Thumbs.db is a system file
If you remove it your computer or one of your programs may no longer work correctly. Are you sure you want to move it to the Recycle Bin?"
Of course I said NO
The other one said the same thing.
What is that all about??? :)
Thank you!!!!! I'm gonna get this running right again YET! Thanks GtoG!

Edited by shaly777, 08 May 2009 - 03:00 PM.

  • 0

Advertisements


#2
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi shaly777 ,

Welcome to Geeks to Go!
I am sage5, and I will be helping you with this problem.

There are a some things that I need to make clear to you, before we continue, that will help us both:
  • Please read all of my instructions, in each post, before you continue with the fix. (If there is anything that you need clarified/don't understand, please ask)
  • Please don't perform any steps/fixes with tools that I have not asked you to do. Many of the fixes require specific steps to be taken in a set order.
  • Make sure that all of the logs/reports, that I ask for, get posted completely.
  • Check out the information Here, if you are unsure how to send replies etc

OK, on with the fix:
Please download the following & save to your Desktop:
ComboFix from one of these locations:
Link 1
Link 2
Link 3


* IMPORTANT !!! Save ComboFix.exe to your Desktop


  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools

  • Double click on ComboFix.exe & follow the prompts.

  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.

  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.


Posted Image



Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the text from C:\ComboFix.txt in your next reply.

Cheers,

sage5
  • 0

#3
shaly777

shaly777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts

(If there is anything that you need clarified/don't understand, please ask)


One quick question: In regards to disabling my avast & superantispyware...I'm not sure I fully understand what you are telling me to do. And so I just want to clarify.
I did right click on the icons on taskbar...but no option was listed for 'disable'. I have no problem completely uninstalling (temporarily) the SUPERantispyware. However I'd rather not uninstall avast! So.....can you tell me in a little more detail how to effectively disable avast? Sorry for my ignorance...but, :) that's why I am seeking help from GtoG!
Thank You!!

  • 0

#4
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi shaly777 ,
To disable SuperAntiSpyware:
Go to the Disable Real-time Protection thread.

For aVast:
Check out This Thread, right at the top of the page.
Or for a more complete picture, download the appropriate manual, either the
aVast Home manual or the
aVast Professional manual & check out pages 20 & 21

Cheers,

sage5

Edited by sage5, 14 May 2009 - 03:37 PM.

  • 0

#5
shaly777

shaly777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Ok sage...the link that you sent me for the SUPERantispyware was no good...so I just uninstalled it (I hope I didn't screw up)
and if you think I should, I will RE-install it.
I do have malwarebytes though...is that the equivilent to SUPERanti? ....or no?

I disabled the avast (which I have now ENabled back...).
I ran the ComboFix and got the log :) Here it is:


ComboFix 09-05-14.03 - shannon 05/14/2009 22:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.144 [GMT -5:00]
Running from: c:\documents and settings\shannon\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090514-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\danielle\Local Settings\Temporary Internet Files\Cpvff.stt
c:\documents and settings\shannon\Application Data\inst.exe
c:\documents and settings\shannon\Local Settings\Temporary Internet Files\Cpvff.stt
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\kilatape.dll
c:\windows\system32\pezatehe.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
C:\xcrashdump.dat

.
((((((((((((((((((((((((( Files Created from 2009-04-15 to 2009-05-15 )))))))))))))))))))))))))))))))
.

2009-05-10 23:41 . 2009-05-10 23:41 -------- d-----w c:\documents and settings\shannon\Application Data\Uniblue
2009-05-10 23:40 . 2009-05-10 23:40 -------- d-----w c:\program files\Uniblue
2009-05-10 23:39 . 2009-05-10 23:40 -------- dc-h--w c:\documents and settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
2009-05-08 18:39 . 2009-05-08 18:39 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-08 18:39 . 2009-05-15 03:09 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-08 18:39 . 2009-05-08 18:39 -------- d-----w c:\documents and settings\shannon\Application Data\SUPERAntiSpyware.com
2009-05-08 04:27 . 2009-05-08 04:28 -------- d-----w C:\GeekstoGo
2009-05-08 01:44 . 2009-05-08 01:46 -------- d-----w c:\program files\ERUNT-5-7-09
2009-05-06 23:03 . 2009-05-06 23:03 -------- d-----w c:\program files\Alwil Software
2009-05-06 18:53 . 2007-12-24 22:37 138384 ----a-w c:\windows\system32\drivers\tmcomm.sys
2009-05-06 18:51 . 2009-05-06 18:51 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-05 16:54 . 2009-05-05 16:54 -------- d-----w c:\documents and settings\danielle\Application Data\Malwarebytes
2009-05-05 16:54 . 2009-04-06 20:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-05 16:54 . 2009-04-06 20:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-05 16:54 . 2009-05-05 16:54 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-03 14:22 . 2009-05-03 14:22 -------- d-----w c:\program files\Bonjour
2009-05-01 20:55 . 2009-05-01 20:55 -------- d-----w C:\Cache
2009-04-29 21:17 . 2009-04-29 21:17 -------- d-----w c:\documents and settings\shannon\Application Data\Malwarebytes
2009-04-29 21:17 . 2009-04-29 21:17 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-04-29 12:18 . 2009-04-29 12:18 -------- d-----w c:\documents and settings\Guest\Local Settings\Application Data\Mozilla
2009-04-28 04:51 . 2009-04-28 17:00 -------- d-----w c:\program files\Windows Live Safety CenterRebootActions
2009-04-28 01:46 . 2009-04-28 01:46 -------- d-----w c:\program files\Microsoft Windows OneCare Live
2009-04-27 19:15 . 2009-04-28 14:29 -------- d-----w c:\program files\Windows Live Safety Center
2009-04-27 16:27 . 2009-04-27 16:32 -------- d-----w c:\windows\system32\NtmsData
2009-04-26 05:31 . 2009-04-26 05:31 -------- d-----w c:\documents and settings\NetworkService\Local Settings\Application Data\Mozilla
2009-04-25 19:40 . 2009-04-25 22:40 0 ----a-w c:\temp\clipstreamsa.dll
2009-04-25 16:41 . 2009-04-25 16:41 -------- d-----w c:\documents and settings\shannon\Local Settings\Application Data\Citrix
2009-04-25 16:41 . 2009-04-25 16:41 61224 ----a-w c:\documents and settings\shannon\GoToAssistDownloadHelper.exe
2009-04-24 21:57 . 2009-04-24 21:57 -------- d-----w c:\documents and settings\Administrator\Local Settings\Application Data\Mozilla
2009-04-24 21:52 . 2009-05-04 15:46 46704 ----a-w c:\documents and settings\Administrator\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-24 16:13 . 2009-04-24 16:13 -------- d-----w c:\documents and settings\shannon\Application Data\Logs
2009-04-24 16:07 . 2009-05-06 14:13 -------- d-----w C:\My Downloads
2009-04-24 12:02 . 2009-04-24 12:02 444 ----a-w c:\windows\system32\d3d8caps.dat
2009-04-23 11:51 . 2009-04-23 11:51 -------- d-----w c:\program files\Common Files\Scanner
2009-04-22 15:34 . 2009-04-22 15:34 -------- d-----w c:\documents and settings\shannon\Application Data\McAfee

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-08 17:23 . 2004-12-23 20:16 -------- d-----w c:\program files\Common Files\AOL
2009-05-07 00:12 . 2004-12-23 20:14 -------- d-----w c:\program files\McAfee.com
2009-04-29 12:11 . 2009-04-29 12:08 46704 ----a-w c:\documents and settings\Guest\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-27 15:00 . 2008-04-27 02:43 -------- d-----w c:\program files\Yahoo!
2009-04-24 21:56 . 2008-05-30 19:30 -------- d-----w c:\program files\LimeWire
2009-04-16 16:42 . 2009-02-10 02:03 -------- d-----w c:\program files\Common Files\Apple
2009-04-16 14:32 . 2008-05-03 01:56 -------- d-----w c:\program files\Common Files\Symantec Shared
2009-04-16 14:05 . 2008-06-11 02:42 -------- d-----w c:\program files\Norton Security Scan
2009-04-14 19:56 . 2004-12-23 20:03 -------- d-----w c:\program files\Java
2009-04-09 12:47 . 2008-05-14 03:25 -------- d-----w c:\program files\Symantec
2009-03-30 13:42 . 2008-05-30 19:39 -------- d-----w c:\program files\Google
2009-03-25 08:08 . 2009-03-25 08:08 -------- d-----w c:\program files\NOS
2009-03-09 10:19 . 2009-01-23 21:39 410984 ----a-w c:\windows\system32\deploytk.dll
2009-03-06 14:22 . 2004-08-04 11:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-03-03 00:18 . 2004-08-04 11:00 826368 ----a-w c:\windows\system32\wininet.dll
2009-02-20 18:09 . 2004-08-04 11:00 78336 ----a-w c:\windows\system32\ieencode.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"Search Protection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-10-02 155648]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2004-08-13 122939]
"RealTray"="c:\program files\Real\RealPlayer\RealPlay.exe" [2004-12-23 26112]
"DwlClient"="c:\program files\Common Files\Dell\EUSW\Support.exe" [2004-05-28 323584]
"Motive SmartBridge"="c:\progra~1\SBCSEL~1\SMARTB~1\MotiveSB.exe" [2005-08-24 442455]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"YSearchProtection"="c:\program files\Yahoo!\Search Protection\SearchProtection.exe" [2008-10-07 111856]
"HostManager"="c:\program files\Common Files\AOL\1227810304\ee\AOLSoftware.exe" [2006-04-13 50792]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-01-05 413696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-03-09 148888]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-10-02 118784]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]

c:\documents and settings\shannon\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT-5-7-09\AUTOBACK.EXE [2005-10-20 38912]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
America Online 9.0 Tray Icon.lnk - c:\program files\America Online 9.0\aoltray.exe [2004-12-23 156784]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-23 24576]

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32
"wave"= serwvdrv.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\WINDOWS\\SYSTEM32\\dwwin.exe"=
"c:\\Program Files\\Dell\\Support\\Alert\\bin\\DBGLogger.exe"=
"c:\\Program Files\\Common Files\\Dell\\EUSW\\DSLog.exe"=
"c:\\WINDOWS\\SYSTEM32\\taskmgr.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=

R1 aswSP;avast! Self Protection;c:\windows\SYSTEM32\DRIVERS\aswSP.sys [5/6/2009 6:03 PM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\SYSTEM32\DRIVERS\aswFsBlk.sys [5/6/2009 6:03 PM 20560]
R2 YahooAUService;Yahoo! Updater;c:\program files\Yahoo!\SoftwareUpdate\YahooAUService.exe [11/9/2008 3:48 PM 602392]
S1 cvrwsogn;cvrwsogn;\??\c:\windows\system32\drivers\cvrwsogn.sys --> c:\windows\system32\drivers\cvrwsogn.sys [?]
S1 xweoqthr;xweoqthr;\??\c:\windows\system32\drivers\xweoqthr.sys --> c:\windows\system32\drivers\xweoqthr.sys [?]
S3 getPlus® Helper;getPlus® Helper;c:\program files\NOS\bin\getPlus_HelperSvc.exe [3/25/2009 3:08 AM 33176]
.
Contents of the 'Scheduled Tasks' folder

2009-05-10 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-05-15 c:\windows\Tasks\Check Updates for Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 17:20]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{EEE6C35B-6118-11DC-9C72-001320C79847} - (no file)


.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = iexplore
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &Search
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx
Trusted Zone: att.net
Trusted Zone: internet
Trusted Zone: mcafee.com
Trusted Zone: plaxo.com\www
Trusted Zone: sbcglobal.net
Trusted Zone: yahoo.com\clientapps
Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll
DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab
FF - ProfilePath - c:\documents and settings\shannon\Application Data\Mozilla\Firefox\Profiles\qqfrxqgt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=DEF&v=4&q=
FF - prefs.js: browser.search.selectedEngine - Yahoo
FF - prefs.js: browser.startup.homepage - hxxp://www.itsyourturn.com/
FF - prefs.js: keyword.URL - hxxp://www.fastbrowsersearch.com/results/results.aspx?s=NAUS&v=4&tid={CAFBA147-1782-CC91-1094-4543E1E922C4}&q=
FF - plugin: c:\program files\Mozilla Firefox\plugins\npkimi.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-14 22:29
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DwlClient = c:\program files\Common Files\Dell\EUSW\Support.exe?l?e?s?\?D?e?l?l?\?E?U?S?W?\?S?u?p?p?o?r?t?.?e?x?e???????P???????????????X:??????????P???????x???????????x???????????????????x???? ??x???x???0???X??????|[email protected]???x???????X???????4???????x???????????x??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2280)
c:\progra~1\SBCSEL~1\SMARTB~1\SBHook.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\windows\SYSTEM32\wdfmgr.exe
c:\windows\SYSTEM32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-05-15 22:36 - machine was rebooted
ComboFix-quarantined-files.txt 2009-05-15 03:35

Pre-Run: 19,288,682,496 bytes free
Post-Run: 20,138,393,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

204 --- E O F --- 2009-05-13 19:59


It looks so very interesting...of course I don't really know what any of it means...but I do have a couple of items I keep noticing like DNSResponder; Apple something..(what are they?)
and a couple other things I see, like AOL & Symantec, I don't even use those anymore. McAfee either....should they still be in my system?
and also like I was curious about the deleted items...
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\kilatape.dll
c:\windows\system32\pezatehe.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
C:\xcrashdump.dat
Are these bugs? 'crashdump'? and 'kilatape'? they really even SOUND like they're up to no good!

Sorry if I ask too many questions, this is just so intriguing and while I have an EXPERT on the other end, I figured I better try to learn all I can!
THANK YOU!!!!!!!!!!......Is my PC in trouble or will we make it?
I look forward to your replies! :)

  • 0

#6
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi shaly777 ,

and also like I was curious about the deleted items...
c:\windows\IE4 Error Log.txt
c:\windows\system32\drivers\fad.sys
c:\windows\system32\kilatape.dll
c:\windows\system32\pezatehe.exe
c:\windows\system32\tmp.reg
c:\windows\system32\uniq.tll
C:\xcrashdump.dat
Are these bugs? 'crashdump'? and 'kilatape'? they really even SOUND like they're up to no good!

Answer: Those files you listed are all issues that ComboFix has removed.

but I do have a couple of items I keep noticing like DNSResponder; Apple something..(what are they?)

Answer: They are both parts of a past install of iTunes, which seems to have been removed (Yes/No)

On with the fix:

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    PRC - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    SRV - (Automatic LiveUpdate Scheduler [Auto | Stopped]) -- File not found
    SRV - (LiveUpdate Notice Service [Auto | Running]) -- C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe (Symantec Corporation)
    SRV - (LiveUpdate [On_Demand | Stopped]) -- File not found
    SRV - (LiveUpdate Notice Ex [Auto | Stopped]) -- File not found
    SRV - (McShield [Unknown | Stopped]) -- File not found
    SRV - (McSysmon [On_Demand | Stopped]) -- File not found
    O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - Reg Error: Key error. File not found
    O3 - HKLM\..\Toolbar: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {98279C38-DE4B-4BCF-93C9-8EC26069D6F4} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {D7F30B62-8269-41AF-9539-B2697FA7D77E} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EEE6C35B-6118-11DC-9C72-001320C79847} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - Reg Error: Key error. File not found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {F5735C15-1FB2-41FE-BA12-242757E69DDE} - Reg Error: Key error. File not found
    O4 - HKLM..\Run: [Symantec PIF AlertEng] "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" (Symantec Corporation)
    O16 - DPF: {15589FA1-C456-11CE-BF01-00AA0055595A} http://w4s2.work4sure.com/c/ge/w4sgeen9.exe (Reg Error: Key error.)
    O20 - AppInit_DLLs: (c:\windows\system32\tovebogi.dll) - c:\windows\system32\tovebogi.dll File not found
    
    :Services
    LiveUpdate
    LiveUpdate Notice Ex
    McShield
    McSysmon
    cvrwsogn
    xweoqthr
    
    :Reg
    
    :Files
    C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
    C:\DOCUME~1\shannon\My Documents\Fonts\fonts\crackman.zip
    c:\documents and settings\shannon\Application Data\McAfee
    c:\temp\clipstreamsa.dll
    c:\program files\Common Files\AOL
    c:\program files\McAfee.com
    c:\program files\Common Files\Symantec Shared
    c:\program files\Norton Security Scan
    c:\program files\Symantec
    c:\windows\system32\drivers\xweoqthr.sys
    c:\windows\system32\drivers\cvrwsogn.sys
    
    :Commands
    [purity]
    [emptytemp]
    [resethosts]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log

By the way, please resist the use of other fonts, bold text & colours, I just require the information.
We use them to draw your attention to important parts of the log

Cheers,

sage5
  • 0

#7
shaly777

shaly777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Here ya go....Thanks!! :)



========== OTLISTIT ==========
Process explorer.exe killed successfully!
Process PIFSvc.exe killed successfully!
Process PIFSvc.exe killed successfully!

Service\Driver Automatic LiveUpdate Scheduler deleted successfully.
File File not found not found.
Service\Driver LiveUpdate Notice Service stopped successfully.
Service\Driver LiveUpdate Notice Service deleted successfully.
C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe moved successfully.

Service\Driver LiveUpdate deleted successfully.
File File not found not found.

Service\Driver LiveUpdate Notice Ex deleted successfully.
File File not found not found.
Service\Driver McShield not found.
Service\Driver key McShield deleted successfully.
File File not found not found.

Service\Driver McSysmon deleted successfully.
File File not found not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{BA52B914-B692-46c4-B683-905236F6F655} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA52B914-B692-46c4-B683-905236F6F655}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\Toolbar\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{98279C38-DE4B-4BCF-93C9-8EC26069D6F4}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{D7F30B62-8269-41AF-9539-B2697FA7D77E} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{D7F30B62-8269-41AF-9539-B2697FA7D77E}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{EEE6C35B-6118-11DC-9C72-001320C79847} not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{EEE6C35B-6118-11DC-9C72-001320C79847}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F0F8ECBE-D460-4B34-B007-56A92E8F84A7}\ not found.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{F5735C15-1FB2-41FE-BA12-242757E69DDE} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{F5735C15-1FB2-41FE-BA12-242757E69DDE}\ not found.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\Symantec PIF AlertEng deleted successfully.
File "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll" not found.
Starting removal of ActiveX control {15589FA1-C456-11CE-BF01-00AA0055595A}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{15589FA1-C456-11CE-BF01-00AA0055595A}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls not found.
========== SERVICES/DRIVERS ==========
Service\Driver LiveUpdate not found.
Service\Driver LiveUpdate not found.
Service\Driver LiveUpdate Notice Ex not found.
Service\Driver LiveUpdate Notice Ex not found.
Service\Driver McShield not found.
Service\Driver McShield not found.
Service\Driver McSysmon not found.
Service\Driver McSysmon not found.
Service\Driver McSysmon not found.
Service\Driver cvrwsogn deleted successfully.
Service\Driver McSysmon not found.
Service\Driver xweoqthr deleted successfully.
========== REGISTRY ==========
========== FILES ==========
File\Folder C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe not found.
C:\DOCUME~1\shannon\My Documents\Fonts\fonts\crackman.zip moved successfully.
c:\documents and settings\shannon\Application Data\McAfee\Supportability\MVTLogs\Results moved successfully.
c:\documents and settings\shannon\Application Data\McAfee\Supportability\MVTLogs moved successfully.
c:\documents and settings\shannon\Application Data\McAfee\Supportability moved successfully.
c:\documents and settings\shannon\Application Data\McAfee moved successfully.
LoadLibrary failed for c:\temp\clipstreamsa.dll
c:\temp\clipstreamsa.dll NOT unregistered.
c:\temp\clipstreamsa.dll moved successfully.
c:\program files\Common Files\AOL\System Information moved successfully.
c:\program files\Common Files\AOL\Loader moved successfully.
c:\program files\Common Files\AOL\Launch moved successfully.
c:\program files\Common Files\AOL\IPHSend moved successfully.
c:\program files\Common Files\AOL\Backup\ACS\Rollback moved successfully.
c:\program files\Common Files\AOL\Backup\ACS\Current\US moved successfully.
c:\program files\Common Files\AOL\Backup\ACS\Current moved successfully.
c:\program files\Common Files\AOL\Backup\ACS moved successfully.
c:\program files\Common Files\AOL\Backup moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\pt moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\ja moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\fr-CA moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\fr moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\es-US moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\es moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\en-GB moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\en-CA moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\en moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale\de moved successfully.
c:\program files\Common Files\AOL\AOLDiag\locale moved successfully.
c:\program files\Common Files\AOL\AOLDiag moved successfully.
c:\program files\Common Files\AOL\ACS moved successfully.
c:\program files\Common Files\AOL\ACF moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp\ver0_9_10_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\widgetsapp moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlDispatcher\ver4_2_6_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlDispatcher moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlData\ver1_4_14_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\urlData moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\uiPlugins\ver2_2_5_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\uiPlugins moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Window pane moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Main window moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\List view window moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\History content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Fwd_Back button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\drop-down button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Content window moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Column moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Browser controls_small moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\Browser controls moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui\3 pieces button moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US\ui moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster\ver2_29_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\toaster moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework\ver2_30_7_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework\ver2_30_7_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework\ver2_30_7_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\suiteFramework moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate\ver1_14_4_2\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate\ver1_14_4_2\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate\ver1_14_4_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\softwareUpdate moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\security\ver1_0_6_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\security moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\script\ver1_3_2_4 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\script moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\preferences\ver3_4_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\preferences moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\os\ver4_2_6_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\os moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\notification\ver3_12_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\notification moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\miniXML\ver1_4_4_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\miniXML moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\metrics\ver3_6_13_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\metrics moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\localStorage\ver4_5_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\localStorage moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityInformation\ver4_3_3_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityInformation moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\theme moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\content\aam moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget\ver1_2_15_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\identityAuthGadget moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\http\ver1_17_2_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\http moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\htmlRenderer\ver1_0_14_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\htmlRenderer moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\feeds\ver2_0_2_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\feeds moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\favoritesExporter\ver2_1_1_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\favoritesExporter moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\enhancedFavorites\ver1_3_3_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\enhancedFavorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection\ver5_5_1_4\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection\ver5_5_1_4\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection\ver5_5_1_4 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\connection moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\compression\ver2_3_1_2 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\compression moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes\tabs_dark moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes\navbuttons_glass_white moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes\navbuttons_glass moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\themes moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\feeds moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images\favorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme\images moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\theme moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets\mail moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets\html moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets\feeds moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\widgets moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\spyzapper moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\settings moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\panels\history moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\panels\favorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\panels moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\gadgets moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content\favorites moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp\ver1_5001_7_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\browserapp moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\TabScroll moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\SuperTwisty moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\InputFields moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\FontToolbar moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images\DarkTwisty moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme\images moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\theme moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\resources\en-US moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\content\dialog moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\content\aolHelpBox moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1\content moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit\ver1_4_26_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyToolkit moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyrenderer\ver1_4_26_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\boxelyrenderer moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\bfts\ver2_13_3_3\resources moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\bfts\ver2_13_3_3 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\bfts moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\basics\ver6_4_7_1 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\basics moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\authentication\ver4_0_0_21 moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services\authentication moved successfully.
c:\program files\Common Files\AOL\1227810304\ee\services moved successfully.
c:\program files\Common Files\AOL\1227810304\ee moved successfully.
c:\program files\Common Files\AOL\1227810304 moved successfully.
c:\program files\Common Files\AOL moved successfully.
c:\program files\McAfee.com\Personal Firewall\data\summary moved successfully.
c:\program files\McAfee.com\Personal Firewall\data\style\RED moved successfully.
c:\program files\McAfee.com\Personal Firewall\data\style moved successfully.
c:\program files\McAfee.com\Personal Firewall\data moved successfully.
c:\program files\McAfee.com\Personal Firewall\Archive moved successfully.
c:\program files\McAfee.com\Personal Firewall moved successfully.
c:\program files\McAfee.com moved successfully.
c:\program files\Common Files\Symantec Shared\VirusDefs\20090328.003 moved successfully.
c:\program files\Common Files\Symantec Shared\VirusDefs moved successfully.
c:\program files\Common Files\Symantec Shared\Support Controls moved successfully.
c:\program files\Common Files\Symantec Shared\SPManifests moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09\01 moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages\09 moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\Languages moved successfully.
c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08} moved successfully.
c:\program files\Common Files\Symantec Shared\PIF moved successfully.
c:\program files\Common Files\Symantec Shared\Help moved successfully.
c:\program files\Common Files\Symantec Shared\CCPD-LC moved successfully.
c:\program files\Common Files\Symantec Shared moved successfully.
c:\program files\Norton Security Scan moved successfully.
c:\program files\Symantec\LiveUpdate moved successfully.
c:\program files\Symantec moved successfully.
File\Folder c:\windows\system32\drivers\xweoqthr.sys not found.
File\Folder c:\windows\system32\drivers\cvrwsogn.sys not found.
========== COMMANDS ==========
File delete failed. C:\Documents and Settings\shannon\Local Settings\temp\hsperfdata_shannon\3064 scheduled to be deleted on reboot.
File delete failed. C:\Documents and Settings\shannon\Local Settings\temp\etilqs_MQrb2aarhkS1enNs9QAs scheduled to be deleted on reboot.
User's Temp folder emptied.
User's Internet Explorer cache folder emptied.
Local Service Temp folder emptied.
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
Local Service Temporary Internet Files folder emptied.
Network Service Temp folder emptied.
Network Service Temporary Internet Files folder emptied.
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_414.dat scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_570.dat scheduled to be deleted on reboot.
Windows Temp folder emptied.
Java cache emptied.
Temp folders emptied.
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully
Explorer started successfully

OTListIt2 by OldTimer - Version 2.0.15.4 log created on 05152009_002914

Files moved on Reboot...
File C:\Documents and Settings\shannon\Local Settings\temp\hsperfdata_shannon\3064 not found!
File C:\Documents and Settings\shannon\Local Settings\temp\etilqs_MQrb2aarhkS1enNs9QAs not found!
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
File C:\WINDOWS\temp\Perflib_Perfdata_414.dat not found!
C:\WINDOWS\temp\Perflib_Perfdata_570.dat moved successfully.

Registry entries deleted on Reboot...
  • 0

#8
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi shaly777 ,

That is looking much better.

Please do an online scan with Kaspersky WebScanner

Kaspersky online scanner uses JAVA tecnology to perform the scan. If you do not have the latest JAVA version, follow the instrutions below, to download and install the latest vesion.

Upgrading Java:
  • Download the latest version of Java Runtime Environment (JRE) 6.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 13".
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download jre-6u11-windows-i586-p.exe & save to your Desktop.
  • Close all programs you may have running - especially your web browser, then double click on the jre-6u11-windows-i586-p.exe
    Note: this version shoul uninstall all the previous versions from your PC
    (Vista users, right cklick on the jre-6u11-windows-i586-p.exe and select "Run as an Administrator.")


  • Read through the requirements and privacy statement and click on Accept button.
  • It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
  • When the downloads have finished, click on Settings.
  • Make sure the following is checked.
    • Spyware, Adware, Dialers, and other potentially dangerous programs
      Archives
      Mail databases
  • Click on My Computer under Scan.
  • Once the scan is complete, it will display the results. Click on View Scan Report.
  • You will see a list of infected items there. Click on Save Report As....
  • Save this report to a convenient place, like C:\kasper.txt
  • Please post this log in your next reply.

Edited by sage5, 14 May 2009 - 11:52 PM.

  • 0

#9
shaly777

shaly777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Good Morning!

Quick question: In trying to download Java it asks me to select my 'Platform'...I'm not sure what to select: Windows or Windows x64?

How do I find out? Or do you already know which it is based on all of my info you've looked at? :) Thanks!

NEVER MIND...I checked my Java and it says I have 6 update 13 ...and I think that's what you wanted me to have so I'm gonna go ahead with the Kaspersky...

Edited by shaly777, 15 May 2009 - 10:09 AM.

  • 0

#10
shaly777

shaly777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Hello! I'm back. It took me all day...:) but I got it! I had started scanning it the first time and it got to about 75% and the crazy browser closed on me...and when it came back up it was 0%. Not sure why it closed, but anyway...I believe I have a clean bill of health to report to you! :) Let me know what you think!
And I'd like your choice of an antispyware if malwarebytes is not sufficient for spyware...
THANK YOU!!!!


Friday, May 15, 2009
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Friday, May 15, 2009 22:31:02
Records in database: 2181146
Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes
Scan area My Computer
C:\
D:\
Scan statistics
Files scanned 63665
Threat name 0
Infected objects 0
Suspicious objects 0
Duration of the scan 03:17:31

No malware has been detected. The scan area is clean.
The selected area was scanned.

An additional quick note:
My pc just started doing that 'redirect' to other sites when I'm searching. I click on 'next page' and instead of showing me more search results, it opens a new tab with something else...ya know what I'm talking about? :)

Edited by shaly777, 15 May 2009 - 07:37 PM.

  • 0

Advertisements


#11
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi shaly777 ,

Please run OTListIT2 again & post me back the new log.

Cheers,

sage5
  • 0

#12
shaly777

shaly777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
Sorry again:

But...I need to know what settings?

Run: Scan or Fix?
Output: Standard or Minimal?
Processes: None, Safe or All?
Services: None, Safe or All?
Drivers: None, Safe or All?
Standard Registry: None, Safe or All?
Extra Registry: None, Safe or All?

Do I check either of these?:
Whitelist? LOP? Purity?

I'd just rather ask and be safe than ASSUME & screw everything up!
THANK YOU THANK YOU THANK YOU!
  • 0

#13
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Sorry, I thought I had given you those instructions.

Run OTListIt2:
  • Close all open windows and double click the OTListIt2.exe icon on your Desktop
  • Tick the Scan all Users box, & check Standard Output.
  • Set the File Age: box to 30 days
  • Leave all the other boxes set to the defaults
  • Tick both the Lop Check & Purity Check boxes
  • Click the Run Scan button and let the program run uninterrupted.
  • It will produce a log for you. OTListIt.txt will open automatically.
  • I need you to post the text from that log here.
NOTE: This can be a large file, and there is a limit to the number of characters that can be posted at once on this forum.
It may require you to make 2 posts, to get all the information to me

  • 0

#14
shaly777

shaly777

    Member

  • Topic Starter
  • Member
  • PipPip
  • 74 posts
OTListIt logfile created on: 5/16/2009 12:11:35 AM - Run 2
OTListIt2 by OldTimer - Version 2.0.15.4 Folder = C:\Documents and Settings\shannon\Desktop\g2g
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 358.03 Mb Available Physical Memory | 70.20% Memory free
976.50 Mb Paging File | 679.31 Mb Available in Paging File | 69.57% Paging File free
Paging file location(s): C:\pagefile.sys 384 768 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 34.36 Gb Total Space | 18.55 Gb Free Space | 54.00% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DF4Y9F61
Current User Name: shannon
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: All users
Output = Standard
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2008/04/13 19:12:19 | 01,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe
PRC - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe
PRC - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
PRC - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2004/09/15 02:01:00 | 00,086,016 | ---- | M] () -- C:\Program Files\Dell\Media Experience\DMXLauncher.exe
PRC - [2004/08/13 02:05:00 | 00,122,939 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfswctrl.exe
PRC - [2004/12/23 15:18:14 | 00,026,112 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Real\RealPlayer\RealPlay.exe
PRC - [2004/05/27 21:05:42 | 00,323,584 | ---- | M] (Dell) -- C:\Program Files\Common Files\Dell\EUSW\Support.exe
PRC - [2005/08/24 07:51:18 | 00,442,455 | ---- | M] (Motive, Inc.) -- C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe
PRC - [2008/10/07 10:23:46 | 00,111,856 | ---- | M] (Yahoo! Inc) -- C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
PRC - [2009/03/09 05:19:17 | 00,148,888 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jusched.exe
PRC - [2003/10/02 14:19:44 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\hkcmd.exe
PRC - [2009/02/05 15:08:45 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2003/10/29 03:06:00 | 00,024,576 | R--- | M] (BVRP Software) -- C:\Program Files\Digital Line Detect\DLG.exe
PRC - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/05/07 23:05:41 | 00,502,272 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\shannon\Desktop\g2g\OTListIt2.exe

========== Win32 Services (SafeList) ==========

SRV - [2008/11/07 15:28:16 | 00,132,424 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device [Auto | Running])
SRV - [2004/07/15 02:49:26 | 00,032,768 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v1.1.4322\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2009/02/05 15:01:25 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv [Auto | Running])
SRV - [2009/02/05 15:08:40 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus [Auto | Running])
SRV - [2009/02/05 15:08:26 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner [On_Demand | Running])
SRV - [2009/02/05 15:06:04 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner [On_Demand | Running])
SRV - [2008/12/12 11:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service [Auto | Running])
SRV - [2009/03/03 14:53:32 | 00,033,176 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe -- (getPlus® Helper [On_Demand | Stopped])
SRV - [2009/05/01 15:07:59 | 00,182,768 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2008/04/13 19:12:02 | 00,038,400 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2009/03/09 05:19:15 | 00,152,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jqs.exe -- (JavaQuickStarterService [Auto | Running])
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2004/09/15 13:27:54 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\wdfmgr.exe -- (UMWdf [Auto | Running])
SRV - [2008/11/09 15:48:14 | 00,602,392 | ---- | M] (Yahoo! Inc.) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe -- (YahooAUService [Auto | Running])

========== Driver Services (SafeList) ==========

DRV - [2009/02/05 15:05:11 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4 [System | Running])
DRV - [2001/08/17 14:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2008/04/13 13:36:39 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 14:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 14:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2004/12/23 15:18:21 | 00,008,552 | ---- | M] (Windows ® 2000 DDK provider) -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM [Auto | Running])
DRV - [2009/02/05 15:07:12 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys -- (aswFsBlk [Auto | Running])
DRV - [2009/02/05 15:08:10 | 00,094,032 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2 [Auto | Running])
DRV - [2009/02/05 15:06:10 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr [On_Demand | Running])
DRV - [2009/02/05 15:07:23 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP [System | Running])
DRV - [2009/02/05 15:06:20 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi [System | Running])
DRV - [2003/05/23 13:58:30 | 00,043,136 | ---- | M] (Broadcom Corporation) -- C:\WINDOWS\system32\DRIVERS\bcm4sbxp.sys -- (bcm4sbxp [On_Demand | Running])
DRV - [2002/10/01 14:43:32 | 00,119,798 | ---- | M] (SP) -- C:\WINDOWS\System32\Drivers\SPCA561.SYS -- (CA561 [On_Demand | Stopped])
DRV - [2001/08/17 14:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 14:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2004/08/04 04:21:00 | 00,087,136 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvmcdb.sys -- (drvmcdb [Boot | Running])
DRV - [2004/08/13 03:56:00 | 00,040,544 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\drvnddm.sys -- (drvnddm [Auto | Running])
DRV - [2001/08/17 13:12:10 | 00,117,760 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Stopped])
DRV - [2003/11/17 16:59:20 | 00,212,224 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSFHWBS2.sys -- (HSFHWBS2 [On_Demand | Running])
DRV - [2003/11/17 16:56:26 | 01,042,432 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_DP.sys -- (HSF_DP [On_Demand | Running])
DRV - [2003/10/08 11:11:20 | 00,093,979 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2003/04/09 14:48:08 | 00,011,043 | ---- | M] (Conexant) -- C:\WINDOWS\system32\DRIVERS\mdmxsdk.sys -- (mdmxsdk [Auto | Running])
DRV - [2001/08/17 14:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Running])
DRV - [2001/08/17 14:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/03 23:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\system32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 14:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\system32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2008/11/01 16:10:20 | 00,047,360 | ---- | M] (VSO Software) -- C:\WINDOWS\System32\Drivers\pcouffin.sys -- (pcouffin [On_Demand | Stopped])
DRV - [2004/08/04 06:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2004/08/02 03:03:00 | 00,020,576 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 14:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 14:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 05:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys -- (Secdrv [On_Demand | Stopped])
DRV - [2004/04/26 10:49:56 | 00,381,056 | ---- | M] (Sensaura) -- C:\WINDOWS\system32\drivers\senfilt.sys -- (senfilt [On_Demand | Running])
DRV - [2008/04/13 13:36:39 | 00,040,960 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/08/13 14:48:58 | 00,258,368 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\system32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 15:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2004/07/14 12:29:04 | 00,005,627 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\sscdbhk5.sys -- (sscdbhk5 [System | Running])
DRV - [2004/07/14 12:28:50 | 00,023,545 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\drivers\ssrtln.sys -- (ssrtln [System | Running])
DRV - [2001/08/17 15:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 15:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 15:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 15:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2004/08/13 02:05:00 | 00,025,723 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnboio.sys -- (tfsnboio [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,034,843 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsncofs.sys -- (tfsncofs [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,004,123 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndrct.sys -- (tfsndrct [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,002,239 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsndres.sys -- (tfsndres [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,086,202 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnifs.sys -- (tfsnifs [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,014,715 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnopio.sys -- (tfsnopio [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,006,363 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnpool.sys -- (tfsnpool [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,098,714 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudf.sys -- (tfsnudf [Auto | Running])
DRV - [2004/08/13 02:05:00 | 00,100,603 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\system32\dla\tfsnudfa.sys -- (tfsnudfa [Auto | Running])
DRV - [2007/12/24 17:37:00 | 00,138,384 | ---- | M] (Trend Micro Inc.) -- C:\WINDOWS\system32\drivers\tmcomm.sys -- (tmcomm [Auto | Running])
DRV - [2001/08/17 14:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2003/11/17 16:58:02 | 00,680,704 | ---- | M] (Conexant Systems, Inc.) -- C:\WINDOWS\system32\DRIVERS\HSF_CNXT.sys -- (winachsf [On_Demand | Running])
DRV - [2003/10/08 11:12:24 | 00,120,830 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmsbw.sys -- ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Running])
DRV - [2003/10/08 11:12:16 | 00,098,842 | ---- | M] (Intel Corporation) -- C:\WINDOWS\system32\drivers\ialmkchw.sys -- ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Running])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm


IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\.DEFAULT\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1

IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.dell4me.com/myway
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-18\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-18\S-1-5-18\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1



IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...&ar=msnhome
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\S-1-5-21-3743842009-2038795801-1983877046-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\S-1-5-21-3743842009-2038795801-1983877046-1006\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.defaulturl: "http://www.fastbrows...x?s=DEF&v=4&q="
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.param.yahoo-fr: "moz2-ytff-tyc"
FF - prefs.js..browser.search.param.yahoo-fr-cjkt: "moz2-ytff-tyc"
FF - prefs.js..browser.search.selectedEngine: "Yahoo"
FF - prefs.js..browser.startup.homepage: "http://www.itsyourturn.com/"
FF - prefs.js..extensions.enabledItems: {CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}:1.5.2.35
FF - prefs.js..extensions.enabledItems: [email protected]:0.2.6
FF - prefs.js..extensions.enabledItems: [email protected]:1.00
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}:6.0.12
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {67E713BF-4489-4506-8B0D-860F274AFB43}:1.0
FF - prefs.js..extensions.enabledItems: {E7A896B8-06FE-48CF-B442-027B82F407EF}:1.0
FF - prefs.js..extensions.enabledItems: {17AB44F1-3471-425F-834B-12363F2F0E9F}:1.0
FF - prefs.js..extensions.enabledItems: {EA371BF4-3539-4C1F-969A-EE2BC53805C5}:1.0
FF - prefs.js..extensions.enabledItems: {49CB0F59-F861-45C4-BF70-64023D1C25DF}:1.0
FF - prefs.js..extensions.enabledItems: {5E966B9C-55BB-48B6-ACF0-A92BB99BBE62}:1.0
FF - prefs.js..extensions.enabledItems: {7DB22281-3493-475D-AA8B-0E8A629A88A2}:1.0
FF - prefs.js..extensions.enabledItems: {C36B2675-2861-419B-85B2-7E96AF40FE8E}:1.0
FF - prefs.js..extensions.enabledItems: {F10717EC-59E6-4880-93B3-64C8516138C3}:1.0
FF - prefs.js..extensions.enabledItems: {22070566-98CA-43CC-9665-56619E74D7F1}:1.0
FF - prefs.js..extensions.enabledItems: {61C3F8C2-8807-4634-9EC3-DD1501F5C1F1}:1.0
FF - prefs.js..extensions.enabledItems: {660D75A8-0521-48E2-B1BD-A5749EE052EC}:1.0
FF - prefs.js..extensions.enabledItems: {75A89601-55ED-4667-9860-517F982CB8E4}:1.0
FF - prefs.js..extensions.enabledItems: {80B801CE-8A72-48BB-82E9-FB26C4B1A1FD}:1.0
FF - prefs.js..extensions.enabledItems: {93F87A09-DA82-47D4-A9C1-A0EB7073199F}:1.0
FF - prefs.js..extensions.enabledItems: {B9BF3C67-EBE5-4960-A25D-7E2247F15D89}:1.0
FF - prefs.js..extensions.enabledItems: {32966796-92CA-43A1-B0DB-993693FBF566}:1.0
FF - prefs.js..extensions.enabledItems: {8BC2DAF3-31E9-4D57-9891-3D5B6FBC2687}:1.0
FF - prefs.js..extensions.enabledItems: {897D1EF9-A127-420F-8015-5B36DE94DC0F}:1.0
FF - prefs.js..extensions.enabledItems: {DB23FAED-C0FD-4193-B67F-AE5A5E2327AB}:1.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.5.200812101546
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.10
FF - prefs.js..keyword.URL: "http://www.fastbrows...43E1E922C4}&q="

FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF [2009/03/20 14:44:30 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/05/07 00:58:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.10\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/05/15 19:22:17 | 00,000,000 | ---D | M]

[2009/04/16 12:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions
[2008/12/05 10:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/04/16 12:25:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Extensions\[email protected]
[2009/05/15 19:41:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions
[2009/02/12 13:26:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/03/25 03:08:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\{CF40ACC5-E1BB-4aff-AC72-04C2F616BCA7}
[2009/05/06 17:06:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\[email protected]
[2009/05/07 20:58:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\mozilla\Firefox\Profiles\qqfrxqgt.default\extensions\[email protected]
[2009/05/15 19:41:05 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/04/24 16:02:43 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{17AB44F1-3471-425F-834B-12363F2F0E9F}
[2009/05/04 15:54:48 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{22070566-98CA-43CC-9665-56619E74D7F1}
[2009/05/05 06:52:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{32966796-92CA-43A1-B0DB-993693FBF566}
[2009/04/27 13:11:24 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{49CB0F59-F861-45C4-BF70-64023D1C25DF}
[2009/04/28 15:38:30 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{5E966B9C-55BB-48B6-ACF0-A92BB99BBE62}
[2009/05/04 14:51:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{61C3F8C2-8807-4634-9EC3-DD1501F5C1F1}
[2009/05/04 15:43:14 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{660D75A8-0521-48E2-B1BD-A5749EE052EC}
[2009/04/22 09:23:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{67E713BF-4489-4506-8B0D-860F274AFB43}
[2009/05/04 15:51:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{75A89601-55ED-4667-9860-517F982CB8E4}
[2009/05/01 15:00:50 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{7DB22281-3493-475D-AA8B-0E8A629A88A2}
[2009/05/04 14:54:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{80B801CE-8A72-48BB-82E9-FB26C4B1A1FD}
[2009/05/05 14:03:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{897D1EF9-A127-420F-8015-5B36DE94DC0F}
[2009/05/05 12:10:59 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{8BC2DAF3-31E9-4D57-9891-3D5B6FBC2687}
[2009/05/04 15:50:21 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{93F87A09-DA82-47D4-A9C1-A0EB7073199F}
[2009/05/04 21:55:18 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/05/04 15:58:32 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{B9BF3C67-EBE5-4960-A25D-7E2247F15D89}
[2009/05/01 15:50:09 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{C36B2675-2861-419B-85B2-7E96AF40FE8E}
[2009/03/20 14:45:49 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0012-ABCDEFFEDCBA}
[2009/04/14 14:57:15 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/05/06 11:01:03 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{DB23FAED-C0FD-4193-B67F-AE5A5E2327AB}
[2009/04/23 07:45:00 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{E7A896B8-06FE-48CF-B442-027B82F407EF}
[2009/04/24 16:52:23 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{EA371BF4-3539-4C1F-969A-EE2BC53805C5}
[2009/05/04 09:52:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{F10717EC-59E6-4880-93B3-64C8516138C3}
[2009/05/04 21:55:03 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/05/04 21:55:03 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/04 21:55:11 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/05/04 21:55:11 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2009/05/04 21:55:11 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/05/04 21:55:11 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/03/28 22:49:53 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/03/28 22:49:53 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/05/04 21:55:11 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/05/04 21:55:11 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/04 21:55:11 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (56 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (Windows Live Toolbar Helper) - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (Windows Live Toolbar) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\.DEFAULT\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-18\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..\Toolbar\WebBrowser: (no name) - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\Windows Live Toolbar\msntb.dll (Microsoft Corporation)
O3 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe ()
O4 - HKLM..\Run: [DwlClient] C:\Program Files\Common Files\Dell\EUSW\Support.exe (Dell)
O4 - HKLM..\Run: [HostManager] C:\Program Files\Common Files\AOL\1227810304\ee\AOLSoftware.exe File not found
O4 - HKLM..\Run: [HotKeysCmds] C:\WINDOWS\system32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [Motive SmartBridge] C:\PROGRA~1\SBCSEL~1\SMARTB~1\MotiveSB.exe (Motive, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER (RealNetworks, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe" (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [UpdateManager] "C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe" /r (Sonic Solutions)
O4 - HKLM..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe" (Yahoo! Inc)
O4 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\America Online 9.0 Tray Icon.lnk = C:\Program Files\America Online 9.0\aoltray.exe (America Online, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe (BVRP Software)
O4 - Startup: C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk = C:\Program Files\ERUNT-5-7-09\AUTOBACK.EXE ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKU\.DEFAULT\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-18\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-18\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-19\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-19_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKU\S-1-5-20_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006_Classes\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: &Search - Reg Error: Value error. File not found
O8 - Extra context menu item: &Windows Live Search - res://C:\Program Files\Windows Live Toolbar\msntb.dll/search.htm (Microsoft Corporation)
O8 - Extra context menu item: Add to Windows &Live Favorites - http://favorites.liv...m/quickadd.aspx File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [mdnsNSP] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: internet ([]about in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: mcafee.com ([]http in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: mcafee.com ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: plaxo.com ([www] https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: yahoo.com ([clientapps] http in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: yahoo.com ([clientapps] https in Trusted sites)
O15 - HKU\S-1-5-21-3743842009-2038795801-1983877046-1006\..Trusted Domains: 3 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} C:\Program Files\Yahoo!\Common\Yinsthelper.dll (Installation Support)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase5483.cab (Windows Live Safety Center Base Module)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.mi...b?1217652500267 (MUWebControl Class)
O16 - DPF: {843EE768-3A97-455C-9076-741BA3AD7B62} https://accounting.q...129/qboax10.cab (QuickBooks Online Edition Utilities Class v10)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} http://www.crucial.c.../cpcScanner.cab (Crucial cpcScan)
O16 - DPF: {CAFEEFAC-0014-0002-0003-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\system32\igfxsrvc.dll (Intel Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/15 19:22:17 | 00,001,757 | ---- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/05/15 19:22:07 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2009/05/15 19:04:59 | 00,002,614 | ---- | C] () -- C:\Documents and Settings\shannon\My Documents\KASPER2.html
[2009/05/15 00:29:14 | 00,000,000 | ---D | C] -- C:\_OTListIt
[2009/05/14 22:36:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Local Settings\temp
[2009/05/14 22:22:03 | 00,000,211 | ---- | C] () -- C:\Boot.bak
[2009/05/14 22:21:59 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/05/14 22:21:57 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/05/14 22:19:10 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/05/14 22:19:10 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/05/14 22:19:10 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/05/14 22:19:10 | 00,117,248 | ---- | C] () -- C:\WINDOWS\vFind.exe
[2009/05/14 22:19:10 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/05/14 22:19:10 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/05/14 22:19:10 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/05/14 22:19:10 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/05/14 22:16:11 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/05/14 22:14:30 | 02,988,491 | R--- | C] () -- C:\Documents and Settings\shannon\Desktop\ComboFix.exe
[2009/05/14 22:11:15 | 06,325,280 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\SUPERAntiSpyware.exe
[2009/05/14 22:09:17 | 00,000,000 | -HSD | C] -- C:\Config.Msi
[2009/05/13 14:51:58 | 24,699,336 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/10 18:41:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Uniblue
[2009/05/10 18:40:43 | 00,000,830 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2009/05/10 18:40:38 | 00,000,000 | ---D | C] -- C:\Program Files\Uniblue
[2009/05/10 18:39:47 | 00,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2009/05/08 14:54:31 | 53,484,3392 | -HS- | C] () -- C:\hiberfil.sys
[2009/05/08 13:39:23 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2009/05/08 13:39:02 | 00,000,000 | ---D | C] -- C:\Program Files\SUPERAntiSpyware
[2009/05/08 13:39:02 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\SUPERAntiSpyware.com
[2009/05/08 00:18:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Desktop\g2g
[2009/05/07 23:27:09 | 00,000,000 | ---D | C] -- C:\GeekstoGo
[2009/05/07 20:45:37 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/05/07 20:44:45 | 00,000,806 | ---- | C] () -- C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/07 20:44:39 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT-5-7-09
[2009/05/06 18:03:42 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 18:03:41 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/05/06 18:03:40 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/05/06 18:03:40 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/05/06 18:03:35 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/05/06 18:03:32 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/05/06 18:03:32 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/05/06 18:03:31 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/05/06 18:03:31 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/05/06 18:03:06 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/05/06 18:03:06 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/05/06 18:03:02 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/05/06 13:53:44 | 00,138,384 | ---- | C] (Trend Micro Inc.) -- C:\WINDOWS\System32\drivers\tmcomm.sys
[2009/05/06 13:51:47 | 00,000,664 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/05 16:00:03 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2009/05/05 11:54:40 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/05/05 11:54:39 | 00,015,504 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/05/05 11:54:37 | 00,038,496 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/05/05 11:54:35 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/05/04 15:32:49 | 00,000,000 | ---D | C] -- C:\WINDOWS\pss
[2009/05/03 09:22:34 | 00,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2009/05/01 15:55:06 | 00,000,000 | ---D | C] -- C:\Cache
[2009/04/29 16:17:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Malwarebytes
[2009/04/29 16:17:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/04/27 23:51:17 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety CenterRebootActions
[2009/04/27 20:46:14 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Windows OneCare Live
[2009/04/27 14:15:55 | 00,000,000 | ---D | C] -- C:\Program Files\Windows Live Safety Center
[2009/04/27 11:27:10 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\NtmsData
[2009/04/25 10:58:08 | 00,001,631 | ---- | C] () -- C:\Documents and Settings\shannon\Desktop\Dell Support.lnk
[2009/04/24 11:13:04 | 00,000,000 | ---D | C] -- C:\Documents and Settings\shannon\Application Data\Logs
[2009/04/24 11:07:27 | 00,000,000 | ---D | C] -- C:\My Downloads
[2009/04/24 07:02:41 | 00,000,444 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/23 06:51:43 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\Scanner
[2008/11/27 13:22:46 | 00,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2008/11/01 23:21:53 | 00,000,014 | ---- | C] () -- C:\WINDOWS\System32\systeminfo3.dll
[2008/06/27 22:33:38 | 00,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2008/05/30 18:57:52 | 00,014,385 | ---- | C] () -- C:\WINDOWS\Tw561a.ini
[2008/05/30 18:57:51 | 00,000,081 | ---- | C] () -- C:\WINDOWS\Setup8a.ini
[2008/05/18 15:20:11 | 00,000,128 | ---- | C] () -- C:\WINDOWS\APOapp.INI
[2008/05/13 22:05:23 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\YCRWin32.dll
[2004/12/23 15:22:19 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/23 15:10:45 | 00,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/23 14:32:02 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,000,958 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 06:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2002/03/13 16:46:46 | 00,053,248 | R--- | C] () -- C:\WINDOWS\System32\zlib.dll

========== Files - Modified Within 30 Days ==========

[1 C:\WINDOWS\System32\*.tmp files]
[1 C:\WINDOWS\*.tmp files]
[2009/05/15 23:46:12 | 00,000,258 | ---- | M] () -- C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job
[2009/05/15 19:22:17 | 00,001,757 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
[2009/05/15 19:04:59 | 00,002,614 | ---- | M] () -- C:\Documents and Settings\shannon\My Documents\KASPER2.html
[2009/05/15 00:33:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/05/15 00:33:39 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\shannon\Local Settings\DESKTOP.INI
[2009/05/15 00:33:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/05/15 00:33:28 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/05/15 00:31:51 | 00,000,056 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\Hosts
[2009/05/14 22:29:59 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/05/14 22:22:03 | 00,000,281 | RHS- | M] () -- C:\BOOT.INI
[2009/05/14 22:15:04 | 02,988,491 | R--- | M] () -- C:\Documents and Settings\shannon\Desktop\ComboFix.exe
[2009/05/14 22:12:27 | 06,325,280 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\SUPERAntiSpyware.exe
[2009/05/14 17:50:08 | 00,117,248 | ---- | M] () -- C:\WINDOWS\vFind.exe
[2009/05/10 18:40:44 | 00,000,830 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\RegistryBooster.lnk
[2009/05/09 23:53:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/05/08 14:26:22 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/05/07 20:44:45 | 00,000,806 | ---- | M] () -- C:\Documents and Settings\shannon\Start Menu\Programs\Startup\ERUNT AutoBackup.lnk
[2009/05/07 00:16:30 | 24,699,336 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe
[2009/05/06 20:22:57 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/05/06 19:47:58 | 00,000,958 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/05/06 19:47:58 | 00,000,211 | ---- | M] () -- C:\Boot.bak
[2009/05/06 18:03:42 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/05/06 13:51:47 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/05/05 11:54:40 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/04/27 23:51:35 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\nuhuroju
[2009/04/25 10:58:08 | 00,001,631 | ---- | M] () -- C:\Documents and Settings\shannon\Desktop\Dell Support.lnk
[2009/04/24 07:02:41 | 00,000,444 | ---- | M] () -- C:\WINDOWS\System32\d3d8caps.dat
[2009/04/20 12:56:28 | 00,031,232 | ---- | M] (NirSoft) -- C:\WINDOWS\NIRCMD.exe

========== LOP Check ==========

[2009/04/24 16:57:55 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Administrator\Application Data
[2009/04/24 16:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Adobe
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Jasc Software Inc
[2009/04/24 16:57:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Macromedia
[2009/05/04 10:48:11 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Administrator\Application Data\Microsoft
[2009/04/24 16:57:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Mozilla
[2004/12/23 15:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Administrator\Application Data\Sun
[2009/05/15 19:22:07 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/05/10 18:40:49 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\{81D4BDA8-1F33-4633-B176-8A7E942ABDE1}
[2008/10/28 20:06:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{B46E1EF5-0B37-4DB4-A4E2-9F2B41036185}
[2009/05/15 19:22:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Adobe
[2008/11/27 13:26:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL
[2008/11/27 13:23:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AOL Downloads
[2008/08/08 16:16:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple
[2009/02/09 21:17:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2004/12/23 15:05:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/04/16 09:29:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GameHouse
[2009/03/30 07:54:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Google
[2004/12/23 15:11:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallShield
[2008/12/11 16:58:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ITTNord
[2009/04/29 16:17:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/05/06 19:12:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee
[2008/05/02 20:13:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\McAfee.com
[2008/12/29 12:42:46 | 00,000,000 | --SD | M] -- C:\Documents and Settings\All Users\Application Data\Microsoft
[2008/05/05 09:17:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Motive
[2008/12/01 20:09:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MumboJumbo
[2008/10/04 06:38:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\n7-89-o9-3r-4t-r9
[2009/03/25 03:08:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NOS
[2008/11/08 01:14:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayTime
[2008/05/25 04:22:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/05/01 17:03:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\QuickTime
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2009/04/09 08:53:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SiteAdvisor
[2009/05/08 13:39:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
[2008/06/30 10:12:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SweetIM
[2009/04/09 08:13:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Symantec
[2009/01/10 18:28:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/29 23:12:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Trymedia
[2004/12/23 15:18:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/05/05 16:00:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Genuine Advantage
[2008/11/25 22:00:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Windows Live Toolbar
[2008/11/14 10:09:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo!
[2009/01/12 11:48:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
[2008/11/20 00:23:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Zylom
[2009/05/05 11:54:44 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\danielle\Application Data
[2008/06/21 10:38:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Adobe
[2008/06/21 10:40:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\AdobeUM
[2009/05/08 12:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\AOL
[2009/02/09 21:19:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Apple Computer
[2008/06/02 13:39:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Google
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Jasc Software Inc
[2008/05/01 16:13:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Leadertech
[2009/04/24 16:41:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\LimeWire
[2008/06/11 09:34:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Macromedia
[2009/05/05 11:54:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Malwarebytes
[2008/04/21 16:11:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\McAfee.com Personal Firewall
[2009/01/07 02:32:35 | 00,000,000 | --SD | M] -- C:\Documents and Settings\danielle\Application Data\Microsoft
[2009/01/22 16:03:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Motive
[2009/01/07 05:13:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Mozilla
[2008/08/06 19:20:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\MySpace
[2008/05/01 16:14:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Sun
[2009/01/07 02:28:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\danielle\Application Data\Yahoo!
[2004/12/23 15:20:56 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Default User\Application Data
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Jasc Software Inc
[2004/12/23 15:05:05 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Default User\Application Data\Microsoft
[2004/12/23 15:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Default User\Application Data\Sun
[2009/04/29 07:18:17 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data
[2009/04/29 07:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Adobe
[2009/05/08 12:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\AOL
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Identities
[2004/12/23 15:10:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Jasc Software Inc
[2009/04/29 07:17:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Macromedia
[2009/04/29 07:18:25 | 00,000,000 | --SD | M] -- C:\Documents and Settings\Guest\Application Data\Microsoft
[2009/04/29 07:18:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Mozilla
[2004/12/23 15:20:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Guest\Application Data\Sun
[2009/04/29 07:10:31 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Guest\Application Data\yahoo!
[2009/04/09 09:02:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data
[2008/04/21 16:11:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[2004/12/23 14:31:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/23 12:08:35 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\SACore
[2009/04/26 00:31:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data
[2008/11/07 14:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2008/11/07 14:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2004/12/23 14:31:26 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/26 00:31:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Application Data\Mozilla
[2009/05/15 00:29:32 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\shannon\Application Data
[2008/06/10 21:44:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Adobe
[2009/05/15 19:22:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\AdobeUM
[2009/05/08 12:23:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\AOL
[2009/04/16 11:41:27 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Apple Computer
[2008/06/21 21:56:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Corel
[2008/05/03 15:19:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Earthlink
[2008/05/03 15:37:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\EarthLink Toolbar
[2008/10/04 13:52:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Eyeblaster
[2009/01/10 17:28:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\funkitron
[2008/12/10 11:49:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\GameHouse
[2008/10/01 08:29:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\GetRightToGo
[2008/07/16 23:03:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Google
[2008/04/21 19:34:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Help
[2004/12/23 14:31:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Identities
[2008/12/03 20:12:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\iWin
[2008/04/26 16:17:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Jasc Software Inc
[2008/05/04 00:43:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Leadertech
[2009/04/16 12:34:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\LimeWire
[2009/04/24 11:13:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Logs
[2008/06/10 21:44:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Macromedia
[2009/04/29 16:17:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Malwarebytes
[2008/04/21 18:50:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\McAfee.com Personal Firewall
[2008/11/25 22:03:40 | 00,000,000 | --SD | M] -- C:\Documents and Settings\shannon\Application Data\Microsoft
[2008/05/06 20:47:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Motive
[2008/12/05 10:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Mozilla
[2008/05/15 19:44:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\MSNInstaller
[2008/07/04 17:55:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Musicmatch
[2008/12/11 16:53:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\MyCity
[2008/08/06 11:12:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\MySpace
[2008/10/04 06:38:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Skip-Bo
[2008/06/03 07:00:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Slide
[2008/08/30 01:04:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Snapfish
[2008/05/04 00:43:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Sonic
[2004/12/23 15:03:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Sun
[2009/05/08 13:39:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\SUPERAntiSpyware.com
[2009/05/10 18:41:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Uniblue
[2009/01/27 18:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Viewpoint
[2008/11/06 19:10:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Vso
[2008/11/14 10:11:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\shannon\Application Data\Yahoo!
[2009/05/09 23:53:11 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2009/05/15 23:46:12 | 00,000,258 | ---- | M] () -- C:\WINDOWS\Tasks\Check Updates for Windows Live Toolbar.job
[2004/08/04 06:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/05/15 00:33:41 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


========== Alternate Data Streams ==========

@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:390B30B4
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A98C8FA6
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FC89CE5A
< End of report >
  • 0

#15
sage5

sage5

    RIP 10/2009

  • Retired Staff
  • 2,646 posts
Hi shaly777 ,

Run OTListIt2.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTLI
    PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
    
    :Services
    
    :Reg
    
    :Files
    C:\WINDOWS\System32\nuhuroju
    
    :Commands
    [purity]
    [emptytemp]
    [start explorer]
    [Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post the new OTL2.txt file

Cheers,

sage5
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP