Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Search Settings 1.2.1

Started by ShoalBear , Jun 19 2009 04:03 AM

  • Please log in to reply

#1
ShoalBear
Posted 19 June 2009 - 04:03 AM

ShoalBear

    Member

  • Member
  • PipPipPip
  • 212 posts
This keeps trying to install whenever I open a folder, like the My Documents on the desktop. I have not let it install cause I have NO idea what it is or where it came from. Did the steps in the Malware and Spyware Cleaning Guide, but MBAM wouldn't completely run...Windows would just reboot after a bit...TFC also required a reboot every time it was run.

System Restore and ERUNT worked fine. Installed Avast and am using it now. Windows updates have all been installed...but not SP 3 as it causes my screen to not work...apparently there are issues with the drivers for my video card, and not sure that any update for the drivers will be coming out or not.

Rooter log:

Rooter.exe (v1.0.1) by Eric_71
¨
Microsoft Windows XP Professional (5.1.2600) Service Pack 2
32_bits - x86 Family 6 Model 14 Stepping 8, GenuineIntel
¨
C:\ [Fixed-NTFS] .. ( Total:68 Go - Free:44 Go )
D:\ [Fixed-FAT32] .. ( Total:5 Go - Free:1 Go )
E:\ [CD_Rom]
¨
Scan : 03:57.57
Path : C:\Documents and Settings\Owner\Desktop\gtg\Rooter.exe
User : Owner ( Administrator -> YES )
¨
----------------------\\ Processes
¨
Locked [System Process] (0)
______ System (4)
______ \SystemRoot\System32\smss.exe (788)
______ \??\C:\WINDOWS\system32\csrss.exe (900)
______ \??\C:\WINDOWS\system32\winlogon.exe (928)
______ C:\WINDOWS\system32\services.exe (976)
______ C:\WINDOWS\system32\lsass.exe (988)
______ C:\WINDOWS\system32\Ati2evxx.exe (1140)
______ C:\WINDOWS\system32\svchost.exe (1160)
______ C:\WINDOWS\system32\svchost.exe (1260)
______ C:\WINDOWS\System32\svchost.exe (1316)
______ C:\WINDOWS\system32\svchost.exe (1592)
______ C:\WINDOWS\system32\svchost.exe (1668)
______ C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe (1688)
______ C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (2040)
______ C:\WINDOWS\SYSTEM32\WISPTIS.EXE (180)
______ C:\WINDOWS\system32\Ati2evxx.exe (244)
______ C:\WINDOWS\System32\tabbtnu.exe (268)
______ C:\WINDOWS\system32\ctfmon.exe (320)
______ C:\WINDOWS\Explorer.EXE (328)
______ C:\Program Files\Alwil Software\Avast4\ashServ.exe (448)
______ C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe (832)
______ C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe (1384)
______ C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe (1412)
______ C:\Program Files\PalmTether\TetherApp.exe (1504)
______ C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (1524)
______ C:\WINDOWS\system32\rundll32.exe (1580)
______ C:\PROGRA~1\PALMTE~1\PALMON~2.EXE (1520)
______ C:\WINDOWS\stsystra.exe (1612)
______ C:\Program Files\Search Settings\SearchSettings.exe (1792)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (1800)
______ C:\Program Files\Pure Networks\Network Magic\nmapp.exe (1844)
______ C:\Program Files\QuickTime\QTTask.exe (1872)
______ C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (1896)
______ C:\Program Files\Eraser\eraser.exe (1920)
______ C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (1992)
______ C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE (2004)
______ C:\Program Files\DNA\btdna.exe (188)
______ C:\Program Files\Palm\Hotsync.exe (312)
______ C:\WINDOWS\system32\spoolsv.exe (2200)
______ C:\WINDOWS\system32\svchost.exe (2508)
______ C:\WINDOWS\system32\svchost.exe (2564)
______ C:\Program Files\Citrix\GoToMyPC\g2svc.exe (2592)
______ C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (2672)
______ C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (2724)
______ C:\WINDOWS\system32\svchost.exe (2756)
______ C:\Program Files\Citrix\GoToMyPC\g2comm.exe (2768)
______ C:\WINDOWS\system32\wdfmgr.exe (2804)
______ C:\Program Files\Viewpoint\Common\ViewpointService.exe (2832)
______ C:\Program Files\Citrix\GoToMyPC\g2pre.exe (3052)
______ C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (3100)
______ C:\Program Files\Citrix\GoToMyPC\g2tray.exe (3196)
______ C:\WINDOWS\system32\wbem\wmiprvse.exe (3824)
______ C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (4024)
______ C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (532)
______ C:\WINDOWS\System32\alg.exe (3944)
______ C:\WINDOWS\System32\svchost.exe (4500)
______ C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (4820)
______ C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (4856)
______ C:\Documents and Settings\Owner\Desktop\gtg\Rooter.exe (5236)
¨
----------------------\\ Device\Harddisk0\
¨
\Device\Harddisk0 [Sectors : 63 x 512 Bytes]
¨
\Device\Harddisk0\Partition1 --[ MBR ]-- (Start_Offset:6292339200 | Length:73723184640)
\Device\Harddisk0\Partition2 (Start_Offset:32256 | Length:6292306944)
¨
----------------------\\ Scheduled Tasks
¨
C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
C:\WINDOWS\Tasks\desktop.ini
C:\WINDOWS\Tasks\SA.DAT
C:\WINDOWS\Tasks\SmartDefrag.job
¨
----------------------\\ Registry
¨
¨
----------------------\\ Files & Folders
¨
----------------------\\ Scan completed at 03:58.10
¨
C:\Rooter$\Rooter_1.txt - (19/06/2009 | 03:58.10)


OTL Log:

OTL logfile created on: 6/19/2009 4:46:19 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop\gtg
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.45% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.66 Gb Total Space | 44.53 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 1.79 Gb Free Space | 30.60% Space Free | Partition Type: FAT32
Drive E: | 58.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== Processes (SafeList) ==========

PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\KeyboardSurrogate.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\WINDOWS\SYSTEM32\WISPTIS.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
PRC - C:\WINDOWS\System32\tabbtnu.exe (Microsoft Corporation)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\TCServer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\Microsoft Shared\Ink\TabTip.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\AOL Spyware Protection\AOLSP Scheduler.exe ()
PRC - C:\Program Files\PalmTether\TetherApp.exe (June Fabrics Technology, Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\PalmTether\PalmOneLiveConnect.exe (Palm, Inc.)
PRC - C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
PRC - C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe (Adobe Systems Incorporated)
PRC - C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe (Pure Networks, Inc.)
PRC - C:\Program Files\Pure Networks\Network Magic\nmapp.exe (Pure Networks, Inc.)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Eraser\eraser.exe (The Eraser Project)
PRC - C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
PRC - C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
PRC - C:\Program Files\AIM6\aim6.exe (AOL LLC)
PRC - C:\Program Files\DNA\btdna.exe (BitTorrent, Inc.)
PRC - C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
PRC - C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
PRC - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2comm.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Citrix\GoToMyPC\g2pre.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Citrix\GoToMyPC\g2tray.exe (Citrix Online, a division of Citrix Systems, Inc.)
PRC - C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\WINDOWS\system32\wbem\wmiprvse.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\AIM6\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Program Files\ATI Technologies\ATI.ACE\cli.exe (ATI Technologies Inc.)
PRC - C:\Documents and Settings\Owner\Desktop\gtg\OTL.exe (OldTimer Tools)

========== Win32 Services (SafeList) ==========

SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (Ati HotKey Poller [Auto | Running]) -- C:\WINDOWS\system32\Ati2evxx.exe (ATI Technologies Inc.)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (GoToMyPC [Auto | Running]) -- C:\Program Files\Citrix\GoToMyPC\g2svc.exe (Citrix Online, a division of Citrix Systems, Inc.)
SRV - (gusvc [On_Demand | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (MDM [Auto | Running]) -- C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE (Microsoft Corporation)
SRV - (nmraapache [On_Demand | Stopped]) -- C:\Program Files\Pure Networks\Network Magic\WebServer\bin\nmraapache.exe (Pure Networks, Inc.)
SRV - (nmservice [Auto | Running]) -- C:\Program Files\Common Files\Pure Networks Shared\Platform\nmsrvc.exe (Pure Networks, Inc.)
SRV - (ose [On_Demand | Stopped]) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE (Microsoft Corporation)
SRV - (PrismXL [Auto | Running]) -- C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS (New Boundary Technologies, Inc.)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\system32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (ati2mtag [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ati2mtag.sys (ATI Technologies Inc.)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (e1express [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\e1e5132.sys (Intel Corporation)
DRV - (el575nd5 [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\el575nd5.sys (3Com Corporation)
DRV - (FinePnt [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\FpHidDrv.sys (FinePoint Innovations)
DRV - (HDAudBus [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\HDAudBus.sys (Windows ® Server 2003 DDK provider)
DRV - (iaStor [Boot | Running]) -- C:\WINDOWS\SYSTEM32\DRIVERS\IASTOR.SYS (Intel Corporation)
DRV - (MBAMSwissArmy [On_Demand | Stopped]) -- C:\WINDOWS\system32\drivers\mbamswissarmy.sys (Malwarebytes Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (MSTabBtn [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\MSTabBtn.sys (Windows ® 2000 DDK provider)
DRV - (n558 [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\n558.sys ()
DRV - (NETw5x32 [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\NETw5x32.sys (Intel Corporation)
DRV - (palmmdm [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\palmmdm.sys (June Fabrics Technology Inc.)
DRV - (PalmUSBD [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\PalmUSBD.sys (PalmSource, Inc.)
DRV - (pnarp [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\pnarp.sys (Pure Networks, Inc.)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\system32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (purendis [Auto | Running]) -- C:\WINDOWS\system32\DRIVERS\purendis.sys (Pure Networks, Inc.)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (ROOTMODEM [On_Demand | Stopped]) -- C:\WINDOWS\System32\Drivers\RootMdm.sys (Microsoft Corporation)
DRV - (Secdrv [On_Demand | Stopped]) -- C:\WINDOWS\system32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (SMNDIS5 [On_Demand | Stopped]) -- C:\Program Files\Verizon Wireless\VZAccess Manager\SMNDIS5.sys (Smith Micro Software, Inc.)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (STHDA [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (tifm21 [On_Demand | Running]) -- C:\WINDOWS\system32\drivers\tifm21.sys (Texas Instruments)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.microsoft...p...&ar=msnhome
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.microsoft...p...ER}&ar=home
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.westathome.net/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AIM Search"
FF - prefs.js..browser.search.defaulturl: "http://slirsredirect...fftrie7&query="
FF - prefs.js..browser.search.openintab: true
FF - prefs.js..browser.search.selectedEngine: "IMDb"
FF - prefs.js..browser.search.useDBForOrder: true
FF - prefs.js..extensions.enabledItems: {d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}:1.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {22119944-ED35-4ab1-910B-E619EA06A115}:6.9.93
FF - prefs.js..extensions.enabledItems: {c2f863cd-0429-48c7-bb54-db756a951760}:5.20.1.1
FF - prefs.js..extensions.enabledItems: {59c81df5-4b7a-477b-912d-4e0fdf64e5f2}:0.9.84
FF - prefs.js..extensions.enabledItems: [email protected]:1.9
FF - prefs.js..extensions.enabledItems: {0538E3E3-7E9B-4d49-8831-A227C80A7AD3}:0.9.10.1
FF - prefs.js..extensions.enabledItems: {d37dc5d0-431d-44e5-8c91-49419370caa1}:2.5.33
FF - prefs.js..extensions.enabledItems: {B9C8BE50-7105-4ec6-8FB4-4935C0671648}:0.5.98
FF - prefs.js..extensions.enabledItems: {3112ca9c-de6d-4884-a869-9855de68056c}:3.1.20081127W
FF - prefs.js..extensions.enabledItems: {77b819fa-95ad-4f2c-ac7c-486b356188a9}:1.5.20090525
FF - prefs.js..extensions.enabledItems: {a6e4a4eb-d169-4e99-8988-250fcbafe767}:1.5.45.0
FF - prefs.js..extensions.enabledItems: morningCoffee@shaneliesegang:1.33
FF - prefs.js..extensions.enabledItems: {916ab64c-bc3e-471b-8e60-29551922a7ba}:1.300.244
FF - prefs.js..extensions.enabledItems: {eeb97566-866d-4551-b292-7de53fb9fe24}:1.2.0.8
FF - prefs.js..extensions.enabledItems: {37E4D8EA-8BDA-4831-8EA1-89053939A250}:2.2.0.2
FF - prefs.js..extensions.enabledItems: [email protected]:2.2
FF - prefs.js..extensions.enabledItems: {dc572301-7619-498c-a57d-39143191b318}:0.3.7.3
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.10
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.11
FF - prefs.js..extensions.enabledItems: {29852C08-1E91-4889-A6BF-C77F91D6A8F3}:1.8.50
FF - prefs.js..keyword.URL: "http://search.freeca...&type=58819&p="


FF - HKLM\software\mozilla\Firefox\Extensions\\{22119944-ED35-4ab1-910B-E619EA06A115}: C:\PROGRAM FILES\SIBER SYSTEMS\AI ROBOFORM\FIREFOX [2009/04/27 14:32:17 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Components: C:\PROGRAM FILES\MOZILLA FIREFOX\COMPONENTS [2009/06/12 12:22:35 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.11\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA FIREFOX\PLUGINS [2009/06/18 04:57:50 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Components: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\COMPONENTS [2009/06/02 20:14:04 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.21\extensions\\Plugins: C:\PROGRAM FILES\MOZILLA THUNDERBIRD\PLUGINS

[2009/04/27 13:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions
[2009/04/27 13:00:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/06/19 03:57:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions
[2009/06/12 12:22:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3}
[2009/05/27 14:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{29852C08-1E91-4889-A6BF-C77F91D6A8F3}
[2009/04/27 13:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{3112ca9c-de6d-4884-a869-9855de68056c}
[2009/04/27 13:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{340c2bbc-ce74-4362-90b5-7c26312808ef}
[2009/05/27 14:33:44 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{37E4D8EA-8BDA-4831-8EA1-89053939A250}
[2009/04/27 13:21:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{4B19DDFD-180C-4f31-9DA5-7C6459178E25}
[2009/04/27 13:21:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{59c81df5-4b7a-477b-912d-4e0fdf64e5f2}
[2009/06/04 11:30:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}
[2009/05/23 02:14:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{82955283-343d-4b6c-bd3c-d147000058c8}(2)
[2009/06/01 10:36:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}
[2009/04/27 13:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{9b9d2aaa-ae26-4447-a7a1-633a32b19ddd}
[2009/04/27 13:21:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{a6e4a4eb-d169-4e99-8988-250fcbafe767}
[2009/04/27 13:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{B9C8BE50-7105-4ec6-8FB4-4935C0671648}
[2009/04/27 13:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{BA979AD0-A3C5-4b32-A47E-4550BF00ECC7}
[2009/05/14 16:45:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{c2f863cd-0429-48c7-bb54-db756a951760}
[2009/04/27 13:21:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}
[2009/05/12 18:59:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{d37dc5d0-431d-44e5-8c91-49419370caa1}
[2009/04/27 13:21:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{dc572301-7619-498c-a57d-39143191b318}
[2009/06/01 10:36:41 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{eeb97566-866d-4551-b292-7de53fb9fe24}
[2009/04/27 13:21:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\[email protected]
[2009/04/27 13:21:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\[email protected]
[2009/04/27 13:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\morningCoffee@shaneliesegang
[2009/04/27 13:21:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\[email protected]
[2009/06/12 12:22:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\staged-xpis
[2009/05/09 04:51:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Owner\Application Data\mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\[email protected]
[2009/05/14 16:45:49 | 00,001,739 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\aim-search.xml
[2007/06/13 10:26:19 | 00,005,350 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\avatarlog.xml
[2008/11/15 15:02:34 | 00,005,179 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\BitTorrent.xml
[2009/06/16 20:31:17 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\icqplugin-1.xml
[2009/02/27 23:50:04 | 00,000,950 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\icqplugin.xml
[2008/06/29 03:10:01 | 00,000,908 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\IMDB.xml
[2009/06/16 20:31:17 | 00,002,091 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\quotations-book---search.xml
[2009/06/01 10:36:49 | 00,001,734 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\search-the-web.xml
[2008/06/29 03:10:02 | 00,001,108 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\wikipedia.xml
[2009/02/04 21:21:57 | 00,000,655 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\yahoo-search-1.xml
[2009/02/04 21:21:57 | 00,000,595 | ---- | M] () -- C:\Documents and Settings\Owner\Application Data\Mozilla\FireFox\Profiles\ovkbgi6b.default\searchplugins\yahoo-search.xml
[2009/06/16 19:55:29 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/06/12 12:22:28 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/06/12 12:22:27 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/06/12 12:22:28 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/04/09 00:51:14 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/04/09 00:51:14 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2008/08/21 15:04:00 | 00,000,925 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\conduit.xml
[2009/04/09 00:51:14 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/04/09 00:51:14 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/04/09 00:51:14 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/04/09 00:51:14 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/05/06 18:39:54 | 00,000,780 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O2 - BHO: (SearchSettings Class) - {E312764E-7706-43F1-8DAB-FCDD2B1E416D} - C:\Program Files\Search Settings\kb128\SearchSettings.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Dealio Toolbar) - {01398B87-61AF-4FFB-9AB5-1A1C5FB39A9C} - C:\Program Files\Dealio Toolbar\DealioToolbarIE.dll (Spigot, Inc.)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O4 - HKLM..\Run: [] File not found
O4 - HKLM..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 9.0\Reader\Reader_sl.exe" (Adobe Systems Incorporated)
O4 - HKLM..\Run: [AOL Spyware Protection] "C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" ()
O4 - HKLM..\Run: [ATICCC] "C:\Program Files\ATI Technologies\ATI.ACE\cli.exe" runtime -Delay (ATI Technologies Inc.)
O4 - HKLM..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [BluetoothAuthenticationAgent] rundll32.exe bthprops.cpl,,BluetoothAuthenticationAgent File not found
O4 - HKLM..\Run: [Gateway Extended Warranty] "C:\Program Files\Gateway\GWCares\GWCares.exe" (BillP Studios)
O4 - HKLM..\Run: [GoToMyPC] "C:\Program Files\Citrix\GoToMyPC\g2svc.exe" -logon (Citrix Online, a division of Citrix Systems, Inc.)
O4 - HKLM..\Run: [HotSync] "C:\Program Files\PalmSource\Desktop\HotSync.exe" -AllUsers File not found
O4 - HKLM..\Run: [nmapp] "C:\Program Files\Pure Networks\Network Magic\nmapp.exe" -autorun -nosplash (Pure Networks, Inc.)
O4 - HKLM..\Run: [nmctxth] "C:\Program Files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" (Pure Networks, Inc.)
O4 - HKLM..\Run: [PalmTether] "C:\Program Files\PalmTether\TetherApp.exe" (June Fabrics Technology, Inc.)
O4 - HKLM..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime (Apple Inc.)
O4 - HKLM..\Run: [SearchSettings] C:\Program Files\Search Settings\SearchSettings.exe (Spigot, Inc.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [TabletTip] "C:\Program Files\Common Files\microsoft shared\ink\tabtip.exe" /resume (Microsoft Corporation)
O4 - HKLM..\Run: [TabletWizard] C:\WINDOWS\help\SplshWrp.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Aim6] "C:\Program Files\AIM6\aim6.exe" /d locale=en-us ee://aol/imApp /HIDEBL (AOL LLC)
O4 - HKCU..\Run: [BitTorrent DNA] "C:\Program Files\DNA\btdna.exe" (BitTorrent, Inc.)
O4 - HKCU..\Run: [EPSON Stylus CX4400 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATICAA.EXE /FU "C:\WINDOWS\TEMP\E_S703.tmp" /EF "HKCU" (SEIKO EPSON CORPORATION)
O4 - HKCU..\Run: [Eraser] C:\Program Files\Eraser\eraser.exe -hide (The Eraser Project)
O4 - HKCU..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet (Yahoo! Inc.)
O4 - HKCU..\Run: [RoboForm] "C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" (Siber Systems)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk = C:\Program Files\Palm\Hotsync.exe (PalmSource, Inc)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: Customize Menu - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html File not found
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MI1933~1\OFFICE11\EXCEL.EXE/3000 (Microsoft Corporation)
O8 - Extra context menu item: Fill Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html File not found
O8 - Extra context menu item: RoboForm Toolbar - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html File not found
O8 - Extra context menu item: Save Forms - file://C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html File not found
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - File not found
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - File not found
O9 - Extra Button: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll (IE Toolbar)
O9 - Extra 'Tools' menuitem : AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - Reg Error: Value error. File not found
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [Bluetooth Namespace] - C:\WINDOWS\system32\wshbth.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} http://support.gatew...r/PCPitStop.CAB (PCPitstop Utility)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O16 - DPF: {CAFEEFAC-0014-0002-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\OLE DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\pure-go {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files\Common Files\Pure Networks Shared\Platform\puresp4.dll (Pure Networks, Inc.)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - x-sdch - C:\Program Files\Google\Google Toolbar\Component\fastsearch_A8904FB862BD9564.dll (Google Inc.)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\AtiExtEvent: DllName - Ati2evxx.dll - C:\WINDOWS\system32\Ati2evxx.dll (ATI Technologies Inc.)
O20 - Winlogon\Notify\GoToMyPC: DllName - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll - C:\Program Files\Citrix\GoToMyPC\G2WinLogon.dll (Citrix Online, a division of Citrix Systems, Inc.)
O20 - Winlogon\Notify\loginkey: DllName - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll - C:\Program Files\Common Files\Microsoft Shared\Ink\loginkey.dll (Microsoft Corporation)
O20 - Winlogon\Notify\TabBtnWL: DllName - TabBtnWL.dll - C:\WINDOWS\system32\TabBtnWL.dll (Microsoft Corporation)
O20 - Winlogon\Notify\tpgwlnotify: DllName - tpgwlnot.dll - C:\WINDOWS\system32\tpgwlnot.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/06/22 05:32:11 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2004/09/13 13:15:24 | 00,000,053 | -HS- | M] () - D:\Autorun.inf -- [ FAT32 ]
O32 - AutoRun File - [2006/09/03 21:30:00 | 00,000,062 | R--- | M] () - E:\autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - * [2009/06/19 03:58:37 | 00,000,000 | ---D | M]

========== Files/Folders - Created Within 30 Days ==========

[2009/06/19 03:58:10 | 00,000,000 | ---D | C] -- C:\Rooter$
[2009/06/19 03:40:29 | 00,051,376 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/06/19 03:40:29 | 00,026,944 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/06/19 03:40:29 | 00,023,152 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/06/19 03:40:29 | 00,001,709 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/19 03:40:28 | 00,114,768 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/06/19 03:40:28 | 00,097,480 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/06/19 03:40:28 | 00,094,032 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/06/19 03:40:28 | 00,093,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/06/19 03:40:28 | 00,020,560 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/06/19 03:40:15 | 01,256,296 | ---- | C] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/06/19 03:40:15 | 00,380,928 | ---- | C] () -- C:\WINDOWS\System32\actskin4.ocx
[2009/06/19 03:40:12 | 00,000,000 | ---D | C] -- C:\Program Files\Alwil Software
[2009/06/19 02:07:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Malwarebytes
[2009/06/19 02:07:47 | 00,038,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/19 02:07:46 | 00,019,096 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/19 02:07:46 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/06/19 02:07:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/06/19 02:06:57 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/06/19 02:06:23 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/19 02:06:23 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/19 02:06:23 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/06/18 22:15:45 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\FB
[2009/06/18 21:40:46 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\gtg
[2009/06/18 15:00:08 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Jasc
[2009/06/18 14:56:55 | 00,001,732 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/06/18 14:49:03 | 13,727,048 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\winzip121.exe
[2009/06/18 04:59:51 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Downloads
[2009/06/18 04:57:54 | 00,000,706 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/06/18 04:57:54 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\BitTorrent
[2009/06/18 04:57:47 | 00,000,000 | ---D | C] -- C:\Program Files\DNA
[2009/06/18 04:57:47 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\DNA
[2009/06/18 04:57:46 | 00,000,000 | ---D | C] -- C:\Program Files\BitTorrent
[2009/06/18 04:57:19 | 01,739,664 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\BitTorrent-6.1.2.exe
[2009/06/17 15:07:10 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Mobipocket
[2009/06/17 15:06:53 | 00,001,934 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Mobipocket Reader.lnk
[2009/06/17 15:06:51 | 00,000,000 | ---D | C] -- C:\Program Files\Mobipocket.com
[2009/06/17 15:06:20 | 05,606,400 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\mobireadersetup.msi
[2009/06/17 05:38:38 | 00,001,072 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Ahrimans-Prophecy-Strategy-Guide.pdf.lnk
[2009/06/17 04:53:39 | 00,156,285 | ---- | C] () -- C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
[2009/06/17 04:53:39 | 00,000,740 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Ahriman's Prophecy.lnk
[2009/06/17 04:53:34 | 00,000,000 | ---D | C] -- C:\Program Files\Ahriman's Prophecy
[2009/06/17 02:37:59 | 00,001,511 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Aveyond Ultimate.pdf.lnk
[2009/06/16 22:19:30 | 00,000,000 | ---D | C] -- C:\Program Files\Common Files\ODBC
[2009/06/15 09:59:03 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\hidserv.dll
[2009/06/15 09:59:03 | 00,021,504 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\hidserv.dll
[2009/06/14 23:04:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/06/14 23:03:43 | 00,000,736 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Aveyond.lnk
[2009/06/14 23:03:35 | 00,000,000 | ---D | C] -- C:\Program Files\Shockwave.com
[2009/06/14 22:51:19 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\PlayFirst
[2009/06/14 22:17:15 | 33,113,448 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Install_DinerDashHometownHero.EXE
[2009/06/14 22:02:06 | 00,001,974 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\Parking Dash.lnk
[2009/06/14 21:56:34 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2009/06/11 13:00:35 | 00,000,000 | ---D | C] -- C:\WINDOWS\.jagex_cache_32
[2009/06/08 13:05:42 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Application Data\Google
[2009/06/03 08:25:19 | 00,000,000 | ---D | C] -- C:\Program Files\AlfaClock Free Edition
[2009/06/02 20:13:36 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Apple Computer
[2009/06/02 17:40:51 | 00,202,072 | R--- | C] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/06/02 17:40:50 | 00,000,000 | ---D | C] -- C:\WINDOWS\Cache
[2009/06/02 17:40:49 | 00,000,000 | ---D | C] -- C:\Program Files\Coupons
[2009/06/02 17:40:12 | 01,277,680 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\CouponPrinter.exe
[2009/06/01 11:42:55 | 00,000,000 | ---D | C] -- C:\WINDOWS\System32\LogFiles
[2009/06/01 10:57:25 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\Desktop\BadgeHelp
[2009/06/01 05:35:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\HHJMJXRAYG
[2009/05/28 08:15:49 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Frank
[2009/05/28 08:15:48 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\New Folder
[2009/05/27 22:18:33 | 00,049,889 | ---- | C] () -- C:\Documents and Settings\Owner\Desktop\frank.jpg
[2009/05/26 10:39:31 | 00,000,000 | ---D | C] -- C:\WINDOWS\CSC
[2009/05/24 13:08:35 | 00,001,800 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2009/05/24 13:08:11 | 00,023,992 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\pnarp.sys
[2009/05/24 13:08:06 | 00,025,272 | ---- | C] (Pure Networks, Inc.) -- C:\WINDOWS\System32\drivers\purendis.sys
[2009/05/23 04:13:03 | 00,000,384 | ---- | C] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/05/21 07:26:16 | 00,013,824 | ---- | C] () -- C:\Documents and Settings\Owner\My Documents\Graph.xls
[2009/05/20 17:17:00 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\CSIMJXRAYG
[2009/05/20 17:12:56 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\OFJMJXRAYG
[2009/05/20 17:12:55 | 00,000,000 | ---D | C] -- C:\Program Files\BadgeHelp
[2009/05/20 12:40:39 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Owner\My Documents\Kim
[2009/05/06 18:39:37 | 00,484,352 | ---- | C] () -- C:\WINDOWS\System32\lame_enc.dll
[2009/05/04 21:53:49 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2009/04/27 12:36:18 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2009/04/24 14:45:46 | 00,098,304 | ---- | C] () -- C:\WINDOWS\System32\FpWinTab.dll
[2007/08/15 07:27:18 | 00,009,600 | ---- | C] () -- C:\WINDOWS\System32\drivers\n558.sys
[2007/07/01 06:12:14 | 03,145,728 | ---- | C] () -- C:\WINDOWS\System32\libavcodec.dll
[2007/07/01 05:59:22 | 00,517,632 | ---- | C] () -- C:\WINDOWS\System32\ff_x264.dll
[2007/06/17 06:43:56 | 00,405,504 | ---- | C] () -- C:\WINDOWS\System32\libmplayer.dll
[2007/06/12 06:21:26 | 00,208,896 | ---- | C] () -- C:\WINDOWS\System32\ff_theora.dll
[2007/01/09 12:05:50 | 00,026,112 | ---- | C] () -- C:\WINDOWS\System32\ff_wmv9.dll
[2005/06/22 07:13:13 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/06/22 05:12:17 | 00,000,449 | ---- | C] () -- C:\WINDOWS\System32\emver.ini
[2005/06/22 05:12:17 | 00,000,426 | ---- | C] () -- C:\WINDOWS\System32\oeminfo.ini
[2005/06/22 05:11:38 | 00,000,702 | ---- | C] () -- C:\WINDOWS\win.ini
[2005/06/22 05:11:33 | 00,000,231 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/11/24 14:25:52 | 00,335,872 | ---- | C] ( ) -- C:\WINDOWS\System32\drvc.dll
[2004/10/03 12:50:54 | 00,129,024 | ---- | C] () -- C:\WINDOWS\System32\ff_mpeg2enc.dll
[2003/01/07 15:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1998/08/16 05:00:00 | 00,004,096 | ---- | C] () -- C:\WINDOWS\System32\sysres.dll

========== Files - Modified Within 30 Days ==========

[2009/06/19 04:44:21 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/06/19 04:43:13 | 00,000,062 | -HS- | M] () -- C:\Documents and Settings\Owner\Local Settings\desktop.ini
[2009/06/19 04:43:05 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/06/19 03:40:29 | 00,001,709 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\avast! Antivirus.lnk
[2009/06/19 03:40:28 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/06/19 02:06:23 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\NTREGOPT.lnk
[2009/06/19 02:06:23 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\ERUNT.lnk
[2009/06/18 14:56:55 | 00,001,732 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\WinZip.lnk
[2009/06/18 14:49:07 | 13,727,048 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\winzip121.exe
[2009/06/18 04:57:54 | 00,000,706 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\BitTorrent.lnk
[2009/06/18 04:57:19 | 01,739,664 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\BitTorrent-6.1.2.exe
[2009/06/17 17:30:52 | 00,004,096 | ---- | M] () -- C:\WINDOWS\System32\crash
[2009/06/17 15:06:53 | 00,001,934 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Mobipocket Reader.lnk
[2009/06/17 15:06:20 | 05,606,400 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\mobireadersetup.msi
[2009/06/17 11:27:56 | 00,038,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/06/17 11:27:44 | 00,019,096 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/06/17 05:38:38 | 00,001,072 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Ahrimans-Prophecy-Strategy-Guide.pdf.lnk
[2009/06/17 04:53:39 | 00,156,285 | ---- | M] () -- C:\WINDOWS\Ahriman's Prophecy Uninstaller.exe
[2009/06/17 04:53:39 | 00,000,740 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Ahriman's Prophecy.lnk
[2009/06/17 02:37:59 | 00,001,511 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Shortcut to Aveyond Ultimate.pdf.lnk
[2009/06/16 19:55:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/06/16 00:34:49 | 00,001,729 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Adobe Reader 9.lnk
[2009/06/14 23:03:43 | 00,000,736 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Aveyond.lnk
[2009/06/14 22:18:02 | 33,113,448 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Install_DinerDashHometownHero.EXE
[2009/06/14 22:02:06 | 00,001,974 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\Parking Dash.lnk
[2009/06/12 12:16:01 | 00,280,536 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/06/12 11:57:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/06/09 19:20:20 | 00,000,664 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2009/06/08 09:13:24 | 00,001,158 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/06/02 17:40:51 | 00,202,072 | R--- | M] (Coupons, Inc.) -- C:\WINDOWS\System32\cpnprt2.cid
[2009/06/02 17:40:13 | 01,277,680 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\CouponPrinter.exe
[2009/05/27 22:18:34 | 00,049,889 | ---- | M] () -- C:\Documents and Settings\Owner\Desktop\frank.jpg
[2009/05/26 04:16:29 | 00,000,384 | ---- | M] () -- C:\WINDOWS\tasks\SmartDefrag.job
[2009/05/24 13:08:35 | 00,001,800 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Network Magic.lnk
[2009/05/21 07:26:16 | 00,013,824 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Graph.xls
[2009/05/20 12:23:35 | 00,029,696 | ---- | M] () -- C:\Documents and Settings\Owner\My Documents\Medicalcurrent.xls

========== Alternate Data Streams ==========

@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6088A0C
< End of report >

Extras log:

OTL Extras logfile created on: 6/19/2009 4:46:19 AM - Run 1
OTL by OldTimer - Version 2.1.1.0 Folder = C:\Documents and Settings\Owner\Desktop\gtg
Windows XP Tablet PC Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.41 Gb Available Physical Memory | 70.45% Memory free
3.84 Gb Paging File | 3.31 Gb Available in Paging File | 86.17% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 68.66 Gb Total Space | 44.53 Gb Free Space | 64.86% Space Free | Partition Type: NTFS
Drive D: | 5.85 Gb Total Space | 1.79 Gb Free Space | 30.60% Space Free | Partition Type: FAT32
Drive E: | 58.54 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: KL
Current User Name: Owner
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Output = Minimal
File Age = 30 Days
Company Name Whitelist: On

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe shdocvw.dll,OpenURL %l

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = FirefoxHTML] -- C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"67:UDP" = 67:UDP:*:Enabled:DHCP Discovery Service
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL File not found
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOL File not found
C:\Program Files\America Online 9.0\waol.exe:*:Enabled:AOL (America Online, Inc.)
C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger (Yahoo! Inc.)
C:\Program Files\deepinvent\MailStore Home\MailStoreLocal.exe:*:Enabled:MailStore Home (deepinvent Software GmbH)
C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader (AOL LLC)
C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM (AOL LLC)
C:\Program Files\Tencent\QQ Games\QQGames.exe:*:Enabled:QQ Games (Tencent America LLC)
C:\Program Files\Tencent\QQ Games\QQGamesD.exe:*:Enabled:QQ Games Downloader ()
C:\Program Files\Tencent\QQ Games\Update\Update.exe:*:Enabled:QQ Games Updater ()
C:\Documents and Settings\Owner\My Documents\FreeFTP\FREEFTP.EXE:*:Enabled:FreeFTP (Internet File Transfer Program) (Brandyware Software)
C:\Program Files\DNA\btdna.exe:*:Enabled:DNA (BitTorrent, Inc.)
C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent (BitTorrent, Inc.)

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1
"{0CAD092C-5D1E-48AD-A845-E1EBA9AF1AF8}" = Tablet PC Tutorials for Microsoft Windows XP SP2
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{287ECFA4-719A-2143-A09B-D6A12DE54E40}" = Acrobat.com
"{2BD74F5D-4089-4064-B6AF-8E8A93022650}" = Office 2003 Setup Files
"{342126E1-173C-4585-BFBE-3EBDD20E3E9E}" = Mobipocket Reader 6.2
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{3F262ADC-5AD2-48E5-A586-44315E04A9E2}" = Microsoft Picture It! Library 10
"{42756145-9997-4D28-809B-8756BFD00106}" = Microsoft Picture It! Premium 10
"{578B6EF9-119B-4FB8-8377-7DAFA9588B97}" = Network Magic
"{58F4D4FD-1814-4068-B316-C28FC776C6DD}" = GoToMyPC
"{607398CF-354B-4E21-B1BC-549424BFD04C}" = TIPCI
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{7131646D-CD3C-40F4-97B9-CD9E4E6262EF}" = Microsoft .NET Framework 2.0
"{7148F0A8-6813-11D6-A77B-00B0D0142000}" = Java 2 Runtime Environment, SE v1.4.2
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{805F1F1F-3CBB-45A6-BED5-DA1AF489E1EB}" = ATI Catalyst Control Center
"{82EF8297-C8B2-4CA8-9430-FF2BC8C40414}" = GWCares
"{90437E5F-0A9E-4B63-AD8B-D232897D18BF}" = ATI Parental Control & Encoder
"{91110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0
"{9F7FC79B-3059-4264-9450-39EB368E3225}" = Microsoft Digital Image Library 9 - Blocker
"{A2BCA9F1-566C-4805-97D1-7FDC93386723}" = Adobe AIR
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{AC76BA86-7AD7-1033-7B44-A91000000001}" = Adobe Reader 9.1.2
"{B80CC46C-5839-4A48-B051-3CACF23A2718}_is1" = Eraser 5.86
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{C66BE4C2-E583-473D-8719-AE05CD7EDEE2}" = PalmTether
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{C9507D0D-1A9C-486E-91D6-33A71CCA55F2}" = Pure Networks Platform
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CD95F661-A5C4-44F5-A6AA-ECDD91C240B8}" = WinZip 12.1
"{E9B64F7A-1CBC-4D04-A71C-3C12B2BD049A}_is1" = Free CD to WAV MP3 WMA AMR AC3 AAC Ripper 3.5
"{FD6034A3-655C-49F0-B496-D4CBFD74D7A7}" = Palm Desktop by ACCESS
"Abcc Free Music to Mp3 Amr aac ogg Converter_is1" = Abcc Free Music to Mp3 Amr aac ogg Converter 3.0
"Adobe AIR" = Adobe AIR
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Ahriman's Prophecy" = Ahriman's Prophecy
"AI RoboForm" = AI RoboForm (All Users)
"Aim Plugin for QQ Games" = Aim Plugin for QQ Games
"AIM_6" = AIM 6
"AIMTunes" = AIMTunes
"AlfaClock Free Edition_is1" = AlfaClock Free Edition version 1.99 build May 2, 2007
"All ATI Software" = ATI - Software Uninstall Utility
"America Online us" = America Online (Choose which version to remove)
"AOL Spyware Protection" = AOL Spyware Protection
"AOL Toolbar" = AOL Toolbar
"ATI Display Driver" = ATI Display Driver
"avast!" = avast! Antivirus
"Aveyond" = Aveyond
"Cool Timer_is1" = Cool Timer 3.6
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Diner Dash Hometown Hero - Gourmet" = Diner Dash Hometown Hero - Gourmet
"EPSON Printer and Utilities" = EPSON Printer Software
"EPSON Scanner" = EPSON Scan
"ERUNT_is1" = ERUNT 1.1j
"Free Mp3 Wma Converter_is1" = Free Mp3 Wma Converter V 1.8.0
"InstallShield_{607398CF-354B-4E21-B1BC-549424BFD04C}" = Texas Instruments PCIxx21/x515/xx12 drivers.
"Learn_to_Play_Bridge" = Learn to Play Bridge
"Learn_to_Play_Bridge_2" = Learn to Play Bridge 2
"MailStore Home_is1" = MailStore Home 3.0.2.2448
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 2.0" = Microsoft .NET Framework 2.0
"Mozilla Firefox (3.0.11)" = Mozilla Firefox (3.0.11)
"Mozilla Thunderbird (2.0.0.21)" = Mozilla Thunderbird (2.0.0.21)
"Network MagicUninstall" = Network Magic
"Parking Dash" = Parking Dash
"PictureItPrem_v10" = Microsoft Picture It! Premium 10
"Port Magic" = Pure Networks Port Magic
"PROSet" = Intel® PRO Network Connections Drivers
"QQ Bubble Arena" = QQ Bubble Arena
"QQ Games" = QQ Games
"QQ Pool" = QQ Pool
"QQ Treasure Hunter" = QQ Treasure Hunter
"RealPlayer 6.0" = RealPlayer Basic
"Smart Defrag_is1" = Smart Defrag 1.11
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"VZAccess Manager" = VZAccess Manager
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"XP Codec Pack" = XP Codec Pack
"Yahoo! Messenger" = Yahoo! Messenger

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"BitTorrent" = BitTorrent
"BitTorrent DNA" = DNA
"GoToMeeting" = GoToMeeting 4.1.0.366

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/19/2009 3:16:18 AM | Computer Name = KL | Source = ESENT | ID = 465
Description = wuauclt (3600) Corruption was detected during soft recovery in logfile
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record
is located at position END. Data not matching the log-file fill pattern first appeared
in sector 54 (0x00000036). This logfile has been damaged and is unusable.

Error - 6/19/2009 3:16:19 AM | Computer Name = KL | Source = ESENT | ID = 465
Description = wuauclt (3600) Corruption was detected during soft recovery in logfile
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record
is located at position END. Data not matching the log-file fill pattern first appeared
in sector 54 (0x00000036). This logfile has been damaged and is unusable.

Error - 6/19/2009 3:16:20 AM | Computer Name = KL | Source = ESENT | ID = 465
Description = wuauclt (3600) Corruption was detected during soft recovery in logfile
C:\WINDOWS\SoftwareDistribution\DataStore\Logs\edb.log. The failing checksum record
is located at position END. Data not matching the log-file fill pattern first appeared
in sector 54 (0x00000036). This logfile has been damaged and is unusable.

Error - 6/19/2009 3:16:25 AM | Computer Name = KL | Source = ESENT | ID = 454
Description = wuauclt (3600) Database recovery/restore failed with unexpected error
-501.

Error - 6/19/2009 4:46:47 AM | Computer Name = KL | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.

Error - 6/19/2009 5:00:49 AM | Computer Name = KL | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 2.1.1.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2009 5:25:06 AM | Computer Name = KL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module shell32.dll, version 6.0.2900.3402, fault address 0x00192000.

Error - 6/19/2009 5:29:39 AM | Computer Name = KL | Source = Application Hang | ID = 1002
Description = Hanging application mbam.exe, version 1.38.0.0, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 6/19/2009 5:30:18 AM | Computer Name = KL | Source = Application Error | ID = 1000
Description = Faulting application explorer.exe, version 6.0.2900.3156, faulting
module shell32.dll, version 6.0.2900.3402, fault address 0x00192000.

Error - 6/19/2009 5:44:32 AM | Computer Name = KL | Source = PerfNet | ID = 2004
Description = Unable to open the Server service. Server performance data will not
be returned. Error code returned is in data DWORD 0.


< End of report >
  • 0

Advertisements

#2
RKinner
Posted 22 June 2009 - 03:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Appears you have an uninstall option for it:

"{0B1AAC97-8563-41D9-AE47-58E6A222F0E1}" = Search Settings 1.2.1

So go Start, (Settings,) Control panel, Add/Remove Programs and find Search Settings 1.2.1 and uninstall it. While there also uninstall

"{94C3BB3A-56A1-43DE-A242-8B41F46E97EF}" = Dealio Toolbar v4.0

Then rightclick on the Avast ball and Stop On Access Protection, Yes then:

Download but do not yet run ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it :!:

Download and Rename this file -- (call it george.exe ) to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on george to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.

A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Rightclick on Avast Ball and Start On Access Protection :!:

If you didn't let it run a boot scan when you installed it do so now: Rightclick on Avast Ball and Start avast Antivirus. If the help screen comes up just cancel it. You want the fancy control panel. Click on the symbol above the Play button on the left side. (Look for a triangle with a bar under it. Eject button on a VCR) Select Schedule Boot-Time scan then

Reboot now, please :!:

There will be a long (could be hours long) scan of your system by Avast. Check back once and a while to see if it found something it needs your help on.

Post Back (copy/paste the .txt files, do not use attachments)
After following the above, post back with:



1. Contents of C:\Combofix.txt;


Ron
PS If you can't get to the download sites, have a friend download the files and put them on a CD. Don't use a USB drive unless it's never been on your PC and you can leave it in until we finish. Copy the tools to your desktop and then proceed as above.

Edited by RKinner, 22 June 2009 - 03:33 PM.

  • 0

#3
ShoalBear
Posted 23 June 2009 - 01:47 AM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
ComboFix 09-06-22.04 - Owner 06/22/2009 20:27.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1496 [GMT -5:00]
Running from: c:\documents and settings\Owner\Desktop\george.exe
AV: avast! antivirus 4.8.1335 [VPS 090622-0] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\recycler\S-1-5-21-2686776798-1568452343-2299408645-1005
c:\recycler\S-1-5-21-2686776798-1568452343-2299408645-500
c:\recycler\S-1-5-21-2686776798-1568452343-2299408645-1005\INFO2
c:\recycler\S-1-5-21-2686776798-1568452343-2299408645-500\desktop.ini
c:\recycler\S-1-5-21-2686776798-1568452343-2299408645-500\INFO2
D:\Autorun.inf
D:\Desktop.ini

.
((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 )))))))))))))))))))))))))))))))
.

2009-06-23 01:17 . 2009-06-23 01:25 -------- d-----w- C:\32788R22FWJFW
2009-06-19 08:58 . 2009-06-19 08:58 -------- d-----w- C:\Rooter$
2009-06-19 08:40 . 2009-02-05 20:06 51376 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-06-19 08:40 . 2009-02-05 20:06 23152 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-06-19 08:40 . 2009-02-05 20:05 26944 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-06-19 08:40 . 2009-02-05 20:08 93296 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-06-19 08:40 . 2009-02-05 20:08 94032 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-06-19 08:40 . 2009-02-05 20:07 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-06-19 08:40 . 2009-02-05 20:07 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-06-19 08:40 . 2009-02-05 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-06-19 08:40 . 2009-02-05 20:11 1256296 ----a-w- c:\windows\system32\aswBoot.exe
2009-06-19 08:40 . 2009-06-19 08:40 -------- d-----w- c:\program files\Alwil Software
2009-06-19 07:07 . 2009-06-19 07:07 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes
2009-06-19 07:07 . 2009-06-17 16:27 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-19 07:07 . 2009-06-19 07:07 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-06-19 07:07 . 2009-06-19 07:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-06-19 07:07 . 2009-06-17 16:27 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-06-19 07:06 . 2009-06-19 07:06 -------- d-----w- c:\program files\ERUNT
2009-06-18 09:57 . 2009-06-18 19:41 -------- d-----w- c:\documents and settings\Owner\Application Data\BitTorrent
2009-06-18 09:57 . 2009-06-23 01:22 -------- d-----w- c:\documents and settings\Owner\Application Data\DNA
2009-06-18 09:57 . 2009-06-20 01:05 -------- d-----w- c:\program files\DNA
2009-06-18 09:57 . 2009-06-18 09:57 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\DNA
2009-06-18 09:57 . 2009-06-18 09:57 -------- d-----w- c:\program files\BitTorrent
2009-06-17 20:07 . 2009-06-17 20:15 -------- d-----w- c:\documents and settings\Owner\Application Data\Mobipocket
2009-06-17 20:06 . 2009-06-17 20:06 -------- d-----w- c:\program files\Mobipocket.com
2009-06-17 09:53 . 2009-06-17 09:53 156285 ----a-w- c:\windows\Ahriman's Prophecy Uninstaller.exe
2009-06-17 09:53 . 2009-06-17 10:03 -------- d-----w- c:\program files\Ahriman's Prophecy
2009-06-15 14:59 . 2004-08-04 05:56 21504 -c--a-w- c:\windows\system32\dllcache\hidserv.dll
2009-06-15 14:59 . 2004-08-04 05:56 21504 ----a-w- c:\windows\system32\hidserv.dll
2009-06-15 04:04 . 2009-06-21 22:55 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-15 04:03 . 2009-06-15 04:03 -------- d-----w- c:\program files\Shockwave.com
2009-06-15 03:51 . 2009-06-15 03:53 -------- d-----w- c:\documents and settings\Owner\Application Data\PlayFirst
2009-06-15 03:50 . 2009-06-15 03:50 610304 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\dinerdashhometownhero\adapter.exe
2009-06-15 03:50 . 2009-06-15 03:50 249856 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\components\pfMultiplayer.dll
2009-06-15 03:50 . 2009-06-15 03:50 466944 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\pfHarness\pfHarness.dll
2009-06-15 03:18 . 2009-06-15 03:50 1908736 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\dinerdashhometownhero\game\Diner Dash - Hometown Hero.exe
2009-06-15 03:18 . 2009-06-15 03:50 622592 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\dinerdashhometownhero\Diner Dash - Hometown Hero.exe
2009-06-15 03:18 . 2009-04-08 19:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\dinerdashhometownhero\pfinstall.dll
2009-06-15 03:18 . 2002-07-26 22:02 153088 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\dinerdashhometownhero\UNWISE.EXE
2009-06-15 03:01 . 2009-06-15 03:52 1433600 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\parking-dash\game\Parking Dash.exe
2009-06-15 03:01 . 2009-06-15 03:52 630784 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\parking-dash\Parking Dash.exe
2009-06-15 03:01 . 2009-04-08 19:32 57344 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\parking-dash\pfinstall.dll
2009-06-15 03:01 . 2002-07-26 22:02 153088 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\parking-dash\UNWISE.EXE
2009-06-15 02:56 . 2009-06-15 03:53 -------- d-----w- c:\documents and settings\All Users\Application Data\PlayFirst
2009-06-15 02:56 . 2009-04-14 22:58 139264 ----a-w- c:\documents and settings\All Users\Application Data\PlayFirst\Games\PlayFirst.EXE
2009-06-11 18:00 . 2009-06-11 18:00 -------- d-----w- c:\windows\.jagex_cache_32
2009-06-08 14:12 . 2009-06-08 14:12 -------- d-----w- c:\windows\system32\wbem\Repository
2009-06-04 16:30 . 2008-12-04 06:25 120832 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{77b819fa-95ad-4f2c-ac7c-486b356188a9}\plugins\npietab.dll
2009-06-03 13:25 . 2009-06-03 13:25 -------- d-----w- c:\program files\AlfaClock Free Edition
2009-06-03 01:13 . 2009-06-03 01:13 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-02 22:40 . 2009-06-02 22:40 -------- d-----w- c:\windows\Cache
2009-06-02 22:40 . 2009-06-02 22:40 -------- d-----w- c:\program files\Coupons
2009-06-01 16:42 . 2009-06-01 16:42 -------- d-----w- c:\windows\system32\LogFiles
2009-06-01 15:36 . 2009-05-15 20:54 65536 ----a-w- c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\ovkbgi6b.default\extensions\{916ab64c-bc3e-471b-8e60-29551922a7ba}\components\Engine.dll
2009-06-01 10:35 . 2009-06-01 10:36 -------- d-----w- c:\documents and settings\All Users\Application Data\HHJMJXRAYG
2009-05-25 18:22 . 2009-05-25 18:22 -------- d-s---w- c:\documents and settings\Owner\UserData
2009-05-24 18:08 . 2008-05-16 11:10 23992 ----a-w- c:\windows\system32\drivers\pnarp.sys
2009-05-24 18:08 . 2008-05-16 11:10 25272 ----a-w- c:\windows\system32\drivers\purendis.sys
2009-05-24 18:07 . 2008-10-10 21:05 14579000 ----a-w- c:\documents and settings\All Users\Application Data\Pure Networks\Setup\nmsetup.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-06-22 23:20 . 2009-04-27 19:06 7570173 ----a-w- c:\documents and settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.bizmail.yahoo.com\[email protected]
2009-06-22 18:03 . 2009-04-26 19:31 -------- d-----w- c:\program files\Palm
2009-06-22 17:40 . 2009-04-27 18:49 -------- d-----w- c:\program files\Mozilla Thunderbird
2009-06-18 19:56 . 2009-04-26 18:23 -------- d-----w- c:\documents and settings\All Users\Application Data\WinZip
2009-06-16 23:32 . 2009-04-24 19:55 -------- d-----w- c:\program files\Common Files\aolshare
2009-06-16 23:32 . 2009-04-24 19:55 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-06-16 23:32 . 2009-04-24 19:53 -------- d-----w- c:\program files\Common Files\AOL
2009-06-16 23:32 . 2009-05-09 09:48 -------- d-----w- c:\program files\QuickTime
2009-06-16 23:32 . 2009-05-05 02:53 -------- d-----w- c:\program files\AIMTunes
2009-06-16 23:32 . 2009-04-27 16:49 -------- d-----w- c:\program files\America Online 9.0
2009-06-16 23:32 . 2009-04-24 19:55 -------- d-----w- c:\program files\Common Files\Nullsoft
2009-06-10 00:20 . 2009-05-05 00:17 664 ----a-w- c:\windows\system32\d3d9caps.dat
2009-06-08 18:28 . 2009-04-24 19:58 -------- d-----w- c:\program files\Google
2009-06-02 05:53 . 2009-05-20 22:12 -------- d-----w- c:\program files\BadgeHelp
2009-05-26 09:31 . 2009-05-14 21:31 -------- d-----w- c:\program files\Common Files\Pure Networks Shared
2009-05-24 18:08 . 2009-04-24 19:58 -------- d-----w- c:\documents and settings\All Users\Application Data\Pure Networks
2009-05-23 07:24 . 2009-05-23 07:24 -------- d-----w- c:\documents and settings\Administrator\Application Data\IObit
2009-05-23 07:21 . 2009-05-23 07:21 -------- d-----w- c:\documents and settings\Administrator\Application Data\ATI
2009-05-20 22:17 . 2009-05-20 22:17 -------- d-----w- c:\documents and settings\All Users\Application Data\CSIMJXRAYG
2009-05-20 22:16 . 2009-05-20 22:12 -------- d-----w- c:\documents and settings\All Users\Application Data\OFJMJXRAYG
2009-05-20 01:05 . 2009-05-20 01:05 -------- d-----w- c:\documents and settings\Owner\Application Data\Media Player Classic
2009-05-14 21:31 . 2009-04-24 19:57 -------- d-----w- c:\program files\Pure Networks
2009-05-11 10:36 . 2009-05-06 16:34 -------- d-----w- c:\program files\Learn to Play Bridge
2009-05-09 09:47 . 2009-05-09 09:47 -------- d-----w- c:\program files\Apple Software Update
2009-05-09 09:47 . 2009-05-09 09:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple
2009-05-09 06:40 . 2009-05-09 06:40 -------- d-----w- c:\documents and settings\Owner\Application Data\Viewpoint
2009-05-07 15:44 . 2006-09-18 02:41 344064 ----a-w- c:\windows\system32\localspl.dll
2009-05-07 04:58 . 2009-04-27 17:04 79160 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-07 00:00 . 2009-05-06 23:57 -------- d-----w- c:\program files\Abcc Free Music to Mp3 Amr aac ogg Converter
2009-05-06 23:57 . 2009-05-06 23:57 34 ---ha-w- c:\windows\system32\DVDRippper_sysquict.dat
2009-05-06 23:57 . 2009-05-06 23:57 -------- d-----w- c:\program files\XP Codec Pack
2009-05-06 23:55 . 2009-05-06 23:55 -------- d-----w- c:\program files\AML Products
2009-05-06 23:39 . 2009-05-06 23:39 -------- d-----w- c:\program files\Free Audio Pack
2009-05-06 16:39 . 2009-05-06 16:39 -------- d-----w- c:\documents and settings\All Users\Application Data\EPSON
2009-05-06 16:37 . 2009-05-06 16:37 -------- d-----w- c:\program files\EPSON
2009-05-06 16:34 . 2009-05-06 16:34 -------- d-----w- c:\program files\Learn to Play Bridge 2
2009-05-06 16:34 . 2009-05-06 16:34 286720 ----a-w- c:\windows\iun506.exe
2009-05-05 02:57 . 2009-05-05 02:56 9001824 ----a-w- c:\documents and settings\All Users\Application Data\Tencent\QQ Games\Download\QQBubble.exe
2009-05-05 02:56 . 2009-05-05 02:56 13680152 ----a-w- c:\documents and settings\All Users\Application Data\Tencent\QQ Games\Download\TreasureHunter.exe
2009-05-05 02:56 . 2009-05-05 02:56 6545920 ----a-w- c:\documents and settings\All Users\Application Data\Tencent\QQ Games\Download\QQPool.exe
2009-05-05 02:56 . 2009-05-05 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-05-05 02:55 . 2009-05-05 02:55 -------- d-----w- c:\documents and settings\Owner\Application Data\QQ Games Plugin
2009-05-05 02:55 . 2009-05-05 02:55 -------- d-----w- c:\documents and settings\Owner\Application Data\acccore
2009-05-05 02:54 . 2009-05-05 02:52 -------- d-----w- c:\program files\AIM6
2009-05-05 02:54 . 2009-05-05 02:54 -------- d-----w- c:\program files\Tencent
2009-05-05 02:54 . 2009-05-05 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\Tencent
2009-05-05 02:54 . 2009-05-05 02:54 6020192 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimqqgames\QQSetup65.exe
2009-05-05 02:54 . 2009-05-05 02:53 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL Downloads
2009-05-05 02:53 . 2009-05-05 02:53 1144808 ----a-w- c:\documents and settings\All Users\Application Data\AOL Downloads\aimtunes\AIMTunes.exe
2009-05-05 02:52 . 2009-05-05 02:52 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-05-05 02:52 . 2009-04-24 19:57 -------- d-----w- c:\program files\Viewpoint
2009-05-05 02:52 . 2009-04-24 19:57 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-05-05 02:52 . 2009-05-05 02:52 -------- d-----w- c:\documents and settings\All Users\Application Data\acccore
2009-05-04 17:09 . 2009-05-04 17:09 -------- d-----w- c:\documents and settings\Owner\Application Data\IObit
2009-05-04 17:09 . 2009-05-04 17:09 -------- d-----w- c:\program files\IObit
2009-05-04 16:05 . 2009-05-04 16:05 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-05-04 16:04 . 2009-04-24 20:07 -------- d-----w- c:\program files\Common Files\Adobe
2009-04-30 22:32 . 2009-04-28 22:04 -------- d-----w- c:\program files\Citrix
2009-04-30 22:32 . 2009-04-24 20:05 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-04-29 08:32 . 2009-04-29 08:32 -------- d-----w- c:\program files\deepinvent
2009-04-29 04:52 . 2006-09-18 02:44 659456 ----a-w- c:\windows\system32\wininet.dll
2009-04-29 04:52 . 2006-09-18 02:40 81920 ----a-w- c:\windows\system32\ieencode.dll
2009-04-28 22:02 . 2009-04-28 22:02 70984 ----a-w- c:\documents and settings\Owner\g2mdlhlpx.exe
2009-04-27 20:00 . 2009-04-27 19:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Yahoo!
2009-04-27 19:59 . 2009-04-27 19:59 -------- d-----w- c:\program files\Yahoo!
2009-04-27 19:32 . 2009-04-27 19:32 -------- d-----w- c:\documents and settings\All Users\Application Data\RoboForm
2009-04-27 19:31 . 2009-04-27 19:31 -------- d-----w- c:\program files\Siber Systems
2009-04-27 19:28 . 2009-04-27 19:28 -------- d-----w- c:\documents and settings\Owner\Application Data\ATI
2009-04-27 19:25 . 2009-04-27 19:25 -------- d-----w- c:\program files\Common Files\ATI Technologies
2009-04-27 19:24 . 2009-04-24 20:11 -------- d-----w- c:\program files\ATI Technologies
2009-04-27 19:23 . 2009-04-24 20:05 -------- d-----w- c:\program files\Common Files\InstallShield
2009-04-27 18:49 . 2009-04-27 18:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Talkback
2009-04-27 18:49 . 2009-04-27 18:49 -------- d-----w- c:\documents and settings\Owner\Application Data\Thunderbird
2009-04-27 17:34 . 2009-04-27 17:34 -------- d-----w- c:\program files\Microsoft ActiveSync
2009-04-27 17:34 . 2009-04-27 17:34 -------- d-----w- c:\program files\Microsoft Works
2009-04-27 17:34 . 2009-04-27 17:34 -------- d-----w- c:\program files\Microsoft.NET
2009-04-27 17:31 . 2009-04-26 18:25 -------- d-----w- c:\program files\Cool Timer
2009-04-27 17:31 . 2009-04-24 22:30 -------- d-----w- c:\program files\Office 2003 Setup Files
2009-04-27 17:30 . 2009-04-27 17:30 -------- d-----w- c:\documents and settings\Owner\Application Data\Smith Micro
2009-04-27 17:27 . 2009-04-27 17:27 -------- d-----w- c:\program files\PalmTether
2009-04-27 17:12 . 2009-04-27 17:12 -------- d-----w- c:\documents and settings\Owner\Application Data\Arcsoft
2009-04-27 17:11 . 2009-04-27 17:11 -------- d-----w- c:\documents and settings\Owner\Application Data\HotSync
2009-04-27 17:11 . 2009-04-27 17:11 -------- d-----w- c:\documents and settings\All Users\Application Data\HotSync
2009-04-27 17:09 . 2009-04-26 18:18 -------- d-----w- c:\program files\Eraser
2009-04-27 17:04 . 2009-04-27 17:04 128 ----a-w- c:\documents and settings\Owner\Local Settings\Application Data\fusioncache.dat
2009-04-27 16:50 . 2009-04-24 20:05 -------- d-----w- c:\program files\CyberLink
2009-04-27 16:50 . 2009-04-24 20:06 -------- d-----w- c:\program files\BigFix
2009-04-27 16:50 . 2009-04-24 20:08 -------- d-----w- c:\program files\Microsoft Money 2005
2009-04-27 16:50 . 2009-04-24 20:08 -------- d-----w- c:\program files\Microsoft Education Pack
2009-04-27 16:50 . 2009-04-24 20:10 -------- d-----w- c:\program files\Microsoft Experience Pack
2009-04-27 16:50 . 2009-04-24 20:07 -------- d-----w- c:\program files\Intel
2009-04-27 16:49 . 2009-04-27 16:49 -------- d-----w- c:\program files\AOL Toolbar
2009-04-27 16:49 . 2009-04-26 19:03 -------- d-----w- c:\documents and settings\KL\Application Data\Thunderbird
2009-04-26 20:01 . 2009-04-26 20:01 -------- d-----w- c:\documents and settings\KL\Application Data\Smith Micro
2009-04-26 19:56 . 2009-04-26 19:56 -------- d-----w- c:\program files\Verizon Wireless
2009-04-26 19:04 . 2009-04-26 19:04 -------- d-----w- c:\documents and settings\KL\Application Data\Talkback
2009-04-26 18:55 . 2009-04-24 21:26 71216 ---ha-w- c:\documents and settings\KL\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-04-26 18:38 . 2009-04-26 18:38 -------- d-----w- c:\program files\ESET
2009-04-26 18:38 . 2009-04-26 18:38 -------- d-----w- c:\documents and settings\All Users\Application Data\ESET
2009-04-24 22:37 . 2009-04-24 22:37 -------- d-----w- c:\program files\Common Files\L&H
.

------- Sigcheck -------

[7] 2004-08-04 12:00 14336 8F078AE4ED187AAABC0A305146DE6716 c:\windows\system32\svchost.exe

[7] 2005-03-02 18:19 577024 1800F293BCCC8EDE8A70E12B88D80036 c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[7] 2007-03-08 15:48 578048 7AA4F6C00405DFC4B70ED4214E7D687B c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[7] 2004-08-04 12:00 577024 C72661F8552ACE7C5C85E16A3CF505C4 c:\windows\$NtUninstallKB890859$\user32.dll
[7] 2005-03-02 18:09 577024 DE2DB164BBB35DB061AF0997E4499054 c:\windows\$NtUninstallKB925902$\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\user32.dll
[7] 2007-03-08 15:36 577536 B409909F6E2E8A7067076ED748ABF1E7 c:\windows\system32\dllcache\user32.dll

[7] 2004-08-04 12:00 82944 2ED0B7F12A60F90092081C50FA0EC2B2 c:\windows\system32\ws2_32.dll

[7] 2009-02-20 08:14 668160 1EA0E6DD74199209D60991FD46CE8643 c:\windows\$hf_mig$\KB963027\SP2QFE\wininet.dll
[7] 2009-02-20 08:10 666112 5B6A3EB7BB2F338BC2CB9F2FA4AAEA9E c:\windows\$hf_mig$\KB963027\SP3GDR\wininet.dll
[7] 2009-02-20 07:50 667648 711FEABED387B29FF7ED61BC6806A06C c:\windows\$hf_mig$\KB963027\SP3QFE\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\$hf_mig$\KB969897\SP2QFE\wininet.dll
[7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\$hf_mig$\KB969897\SP3GDR\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\$hf_mig$\KB969897\SP3QFE\wininet.dll
[7] 2004-08-04 12:00 656384 C0823FC5469663BA63E7DB88F9919D70 c:\windows\$NtUninstallKB963027$\wininet.dll
[7] 2009-02-20 08:30 659456 F1DBF177AA0DB2150E626595D0EFF604 c:\windows\$NtUninstallKB969897$\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp2gdr\wininet.dll
[7] 2009-04-29 04:31 668160 9E36A148748C5DE4EA1F47B9B625F412 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp2qfe\wininet.dll
[7] 2009-04-29 04:46 666624 6002073519FA478BF89977369CDFD156 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp3gdr\wininet.dll
[7] 2009-04-29 04:21 668160 04BCB4F87B35502568F6CF33433543A5 c:\windows\SoftwareDistribution\Download\a9c8e00397fe4457a25305c397dc3358\sp3qfe\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\system32\wininet.dll
[7] 2009-04-29 04:52 659456 9D6E5AEB8F237E03D5892951EB3D6A7E c:\windows\system32\dllcache\wininet.dll

[7] 2008-06-20 10:44 360960 744E57C99232201AE98C49168B918F48 c:\windows\$hf_mig$\KB951748\SP2QFE\tcpip.sys
[7] 2008-06-20 11:51 361600 9AEFA14BD6B182D61E3119FA5F436D3D c:\windows\$hf_mig$\KB951748\SP3GDR\tcpip.sys
[7] 2008-06-20 11:59 361600 AD978A1B783B5719720CFF204B666C8E c:\windows\$hf_mig$\KB951748\SP3QFE\tcpip.sys
[7] 2004-08-04 12:00 359040 9F4B36614A0FC234525BA224957DE55C c:\windows\$NtUninstallKB951748$\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\dllcache\tcpip.sys
[7] 2008-06-20 10:45 360320 2A5554FC5B1E04E131230E3CE035C3F9 c:\windows\system32\drivers\tcpip.sys

[7] 2004-08-04 12:00 502272 01C3346C241652F43AED8E2149881BFE c:\windows\system32\winlogon.exe

[7] 2004-08-04 12:00 182912 558635D3AF1C7546D26067D5D9B6959E c:\windows\system32\drivers\ndis.sys

[7] 2004-08-04 12:00 29056 4448006B6BC60E6C027932CFC38D6855 c:\windows\system32\drivers\ip6fw.sys

[7] 2005-03-02 00:36 2056832 D8ABA3EAB509627E707A3B14F00FBB6B c:\windows\$hf_mig$\KB890859\SP2QFE\ntkrnlpa.exe
[7] 2009-02-06 09:49 2062976 9D832AF3FD1917DB0E1E8B2F000A2E3A c:\windows\$hf_mig$\KB956572\SP2QFE\ntkrnlpa.exe
[7] 2009-02-08 00:02 2066048 5BA7F2141BC6DB06100D0E5A732C617A c:\windows\$hf_mig$\KB956572\SP3GDR\ntkrnlpa.exe
[7] 2009-02-06 10:30 2066176 607352B9CB3D708C67F6039097801B5A c:\windows\$hf_mig$\KB956572\SP3QFE\ntkrnlpa.exe
[7] 2004-08-04 05:59 2015232 FB142B7007CA2EEA76966C6C5CC12150 c:\windows\$NtUninstallKB890859$\ntkrnlpa.exe
[7] 2005-03-02 00:34 2015232 3CD941E472DDF3534E53038535719771 c:\windows\$NtUninstallKB956572$\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\Driver Cache\i386\ntkrnlpa.exe
[7] 2009-02-06 16:49 2015744 B238AB60093BABFE76AEC8F34B4D399D c:\windows\system32\ntkrnlpa.exe
[7] 2009-02-06 16:49 2057728 3006410E24772CC6953F0B5C01BEB35F c:\windows\system32\dllcache\ntkrnlpa.exe

[7] 2005-03-02 01:04 2179456 28187802B7C368C0D3AEF7D4C382AABB c:\windows\$hf_mig$\KB890859\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 10:32 2186112 6A936E9D7BADAF3CAAEED1E1966EC1B0 c:\windows\$hf_mig$\KB956572\SP2QFE\ntoskrnl.exe
[7] 2009-02-06 11:08 2189056 7A95B10A73737EBF24139AAA63F5212B c:\windows\$hf_mig$\KB956572\SP3GDR\ntoskrnl.exe
[7] 2009-02-08 00:35 2189184 EFE8EACE83EAAD5849A7A548FB75B584 c:\windows\$hf_mig$\KB956572\SP3QFE\ntoskrnl.exe
[7] 2004-08-04 06:18 2148352 626309040459C3915997EF98EC1C8D40 c:\windows\$NtUninstallKB890859$\ntoskrnl.exe
[7] 2005-03-02 00:57 2135552 48B3E89AF7074CEE0314A3E0C7FAFFDB c:\windows\$NtUninstallKB956572$\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\Driver Cache\i386\ntoskrnl.exe
[7] 2009-02-06 17:22 2136064 16B5EBE97F243441264A8F8694C2F2AA c:\windows\system32\ntoskrnl.exe
[7] 2009-02-06 17:24 2180480 FACEBB0CA3154F77009CDFEE78A00BBB c:\windows\system32\dllcache\ntoskrnl.exe

[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\explorer.exe
[7] 2007-06-13 11:26 1033216 7712DF0CDDE3A5AC89843E61CD5B3658 c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[7] 2004-08-04 12:00 1032192 A0732187050030AE399B241436565E64 c:\windows\$NtUninstallKB938828$\explorer.exe
[7] 2007-06-13 10:23 1033216 97BD6515465659FF8F3B7BE375B2EA87 c:\windows\system32\dllcache\explorer.exe

[7] 2009-02-06 10:22 110592 4712531AB7A01B7EE059853CA17D39BD c:\windows\$hf_mig$\KB956572\SP2QFE\services.exe
[7] 2009-02-06 11:11 110592 65DF52F5B8B6E9BBD183505225C37315 c:\windows\$hf_mig$\KB956572\SP3GDR\services.exe
[7] 2009-02-06 11:06 110592 020CEAAEDC8EB655B6506B8C70D53BB6 c:\windows\$hf_mig$\KB956572\SP3QFE\services.exe
[7] 2004-08-04 12:00 108032 C6CE6EEC82F187615D1002BB3BB50ED4 c:\windows\$NtUninstallKB956572$\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\services.exe
[7] 2009-02-06 17:14 110592 37561F8D4160D62DA86D24AE41FAE8DE c:\windows\system32\dllcache\services.exe

[7] 2004-08-04 12:00 13312 84885F9B82F4D55C6146EBF6065D75D2 c:\windows\system32\lsass.exe

[7] 2004-08-04 12:00 15360 24232996A38C0B0CF151C2140AE29FC8 c:\windows\system32\ctfmon.exe

[7] 2005-06-11 00:17 57856 AD3D9D191AEA7B5445FE1D82FFBB4788 c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[7] 2004-08-04 12:00 57856 7435B108B935E42EA92CA94F59C8E717 c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 2005-06-10 23:53 57856 DA81EC57ACD4CDC3D4C51CF3D409AF9F c:\windows\system32\spoolsv.exe

[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\wuauclt.exe
[7] 2008-10-16 19:09 51224 E654B78D2F1D791B30D0ED9A8195EC22 c:\windows\system32\dllcache\wuauclt.exe

[7] 2004-08-04 12:00 24576 39B1FFB03C2296323832ACBAE50D2AFF c:\windows\system32\userinit.exe

[7] 2004-08-04 12:00 295424 B60C877D16D9C880B952FDA04ADF16E6 c:\windows\system32\termsrv.dll

[7] 2009-03-21 13:54 989184 80202858D245FF07DAA1739C57A3E19B c:\windows\$hf_mig$\KB959426\SP2QFE\kernel32.dll
[7] 2009-03-21 14:06 989696 B921FB870C9AC0D509B2CCABBBBE95F3 c:\windows\$hf_mig$\KB959426\SP3GDR\kernel32.dll
[7] 2009-03-21 13:59 991744 DA11D9D6ECBDF0F93436A4B7C13F7BEC c:\windows\$hf_mig$\KB959426\SP3QFE\kernel32.dll
[7] 2004-08-04 12:00 983552 888190E31455FAD793312F8D087146EB c:\windows\$NtUninstallKB959426$\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\kernel32.dll
[7] 2009-03-21 14:18 986112 B6ACAED7588295129791E0E6A2B0FADE c:\windows\system32\dllcache\kernel32.dll

[7] 2004-08-04 12:00 17408 1B5F6923ABB450692E9FE0672C897AED c:\windows\system32\powrprof.dll

[7] 2004-08-04 12:00 110080 87CA7CE6469577F059297B9D6556D66D c:\windows\system32\imm32.dll

[7] 2004-08-04 12:00 1580544 30A609E00BD1D4FFC49D6B5A432BE7F2 c:\windows\system32\sfcfiles.dll

[7] 2004-08-04 12:00 167936 9C3C12975C97119412802B181FBEEFFE c:\windows\system32\appmgmts.dll

[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\dllcache\kbdclass.sys
[7] 2004-08-04 12:00 24576 EBDEE8A2EE5393890A1ACEE971C4C246 c:\windows\system32\drivers\kbdclass.sys
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]
"Eraser"="c:\program files\Eraser\eraser.exe" [2007-12-08 376832]
"RoboForm"="c:\program files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe" [2009-04-27 160592]
"Aim6"="c:\program files\AIM6\aim6.exe" [2009-04-27 49968]
"BitTorrent DNA"="c:\program files\DNA\btdna.exe" [2009-06-18 321344]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"TabletWizard"="c:\windows\help\SplshWrp.exe" [2004-08-04 16384]
"TabletTip"="c:\program files\Common Files\microsoft shared\ink\tabtip.exe" [2004-08-04 271872]
"AOL Spyware Protection"="c:\progra~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe" [2004-03-19 78960]
"Gateway Extended Warranty"="c:\program files\Gateway\GWCares\GWCares.exe" [2004-02-08 73728]
"PalmTether"="c:\program files\PalmTether\TetherApp.exe" [2007-10-05 193776]
"ATICCC"="c:\program files\ATI Technologies\ATI.ACE\cli.exe" [2006-01-02 45056]
"GoToMyPC"="c:\program files\Citrix\GoToMyPC\g2svc.exe" [2008-09-30 258856]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"nmctxth"="c:\program files\Common Files\Pure Networks Shared\Platform\nmctxth.exe" [2008-05-16 648504]
"nmapp"="c:\program files\Pure Networks\Network Magic\nmapp.exe" [2008-05-21 451896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2009-05-26 413696]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-02-05 81000]
"BluetoothAuthenticationAgent"="bthprops.cpl" - c:\windows\system32\bthprops.cpl [2004-08-04 110592]
"SigmatelSysTrayApp"="stsystra.exe" - c:\windows\stsystra.exe [2005-12-27 413696]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HotSync Manager.lnk - c:\program files\Palm\Hotsync.exe [2008-1-3 1392640]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToMyPC]
2008-09-30 21:04 10536 ----a-w- c:\program files\Citrix\GoToMyPC\G2WinLogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\loginkey]
2004-08-04 12:00 47104 ----a-w- c:\program files\Common Files\Microsoft Shared\Ink\LoginKey.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\TabBtnWL]
2002-08-29 10:41 11776 ----a-w- c:\windows\system32\tabbtnwl.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tpgwlnotify]
2004-08-04 12:00 30208 ----a-w- c:\windows\system32\tpgwlnot.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\America Online 9.0\\waol.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\deepinvent\\MailStore Home\\MailStoreLocal.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGames.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\QQGamesD.exe"=
"c:\\Program Files\\Tencent\\QQ Games\\Update\\Update.exe"=
"c:\\Documents and Settings\\Owner\\My Documents\\FreeFTP\\FREEFTP.EXE"=
"c:\\Program Files\\DNA\\btdna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"67:UDP"= 67:UDP:DHCP Discovery Service

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [6/19/2009 3:40 AM 114768]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [6/19/2009 3:40 AM 20560]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [5/4/2009 9:52 PM 24652]
R3 FinePnt;FinePoint Innovations HID Driver;c:\windows\system32\drivers\FpHidDrv.sys [4/24/2009 2:45 PM 18816]
R3 MSTabBtn;Tablet PC Buttons HID Driver;c:\windows\system32\drivers\MSTabBtn.sys [4/24/2009 2:45 PM 9600]
R3 palmmdm;Palm Modem;c:\windows\system32\drivers\palmmdm.sys [9/20/2007 3:59 PM 9728]
S3 el575nd5;3Com Megahertz 10/100 LAN CardBus PC Card Driver;c:\windows\system32\drivers\el575ND5.sys [4/24/2009 2:42 PM 69692]
S3 MBAMSwissArmy;MBAMSwissArmy;c:\windows\system32\drivers\mbamswissarmy.sys [6/19/2009 2:07 AM 38160]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - APPMGMT
.
Contents of the 'Scheduled Tasks' folder

2009-06-17 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-06-22 c:\windows\Tasks\SmartDefrag.job
- c:\program files\IObit\IObit SmartDefrag\IObit SmartDefrag.exe [2009-05-04 23:15]
.
- - - - ORPHANS REMOVED - - - -

HKLM-Run-HotSync - c:\program files\PalmSource\Desktop\HotSync.exe
HKU-Default-Run-TabletWizard - c:\windows\help\wizard.hta


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.westathome.net/
uInternet Connection Wizard,ShellNext = hxxp://www.harmonyhollow.net/cool_timer_thanks.shtml
IE: Customize Menu - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html
IE: E&xport to Microsoft Excel - c:\progra~1\MI1933~1\OFFICE11\EXCEL.EXE/3000
IE: Fill Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComFillForms.html
IE: RoboForm Toolbar - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html
IE: Save Forms - file://c:\program files\Siber Systems\AI RoboForm\RoboFormComSavePass.html
FF - ProfilePath -
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-06-22 20:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(932)
c:\windows\system32\Ati2evxx.dll
c:\program files\Citrix\GoToMyPC\G2WinLogon.dll
.
Completion time: 2009-06-23 20:31
ComboFix-quarantined-files.txt 2009-06-23 01:31

Pre-Run: 47,380,226,048 bytes free
Post-Run: 47,411,990,528 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

371 --- E O F --- 2009-06-21 15:35
  • 0

#4
RKinner
Posted 23 June 2009 - 05:33 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall:

DirLook::
c:\documents and settings\All Users\Application Data\OFJMJXRAYG
c:\documents and settings\All Users\Application Data\CSIMJXRAYG


File::
C:\WINDOWS\System32\crash



******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Drag it over to george and let it start as before.

Post the new log.

I think we got everything. Any signs of a problem left?

We need to clean it up System Restore. Follow Jim's procedure here:
http://forum.aumha.o...581099691bf108f


I usually recommend a free Kaspersky online scan as a final check to see if we missed anything. http://www.kaspersky.com/virusscanner
It takes a while (hours) and you have to turn off your antivirus while you are running it but it is pretty thorough. It doesn't fix anything so if it finds something (that is not in Qoobox, or your antivirus's subfolders) you should save the log and post it in a reply.
If windows blocks the active x then try putting Kaspersky in your trusted sites: In IE, Tool, Internet Options, Security, Trusted Sites, Sites. Then uncheck the HTTPS box and put in *.kaspersky.com then ADD. OK.

If Kaspersky comes back clean then you can uninstall or delete any tools we had you download and their logs. You can manually remove C:\george, C:\qoobox then put your system back the way it was (tho I would leave the hide extensions option unchecked.)


I see you do not have the latest Java. Get the latest at:

http://www.java.com/...nload/index.jsp

See the instructions at:

http://aumha.net/vie...hp?f=26&t=38344

before installing as they now try to give you extra stuff you don't need.

Once you install it, go into Control Panel, Add/Remove Software/Programs and remove any old versions (which may call themselves: Java Runtime, Runtime Environment, Runtime, JRE, Java Virtual Machine, Virtual Machine, Java VM, JVM, VM, J2RE, J2SE)

I see Java 2 Runtime Environment, SE v1.4.2

Ron
  • 0

#5
ShoalBear
Posted 24 June 2009 - 01:54 AM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
OH dear...when I ran George (which also happens to be my dog's name...my buddy, my pal, my friend to the end), it rebooted the system, but the screen is frozen now...this is a problem I have due to the heat of my laptop over time....if I reboot again, will it mess it totally up or will it restart George? Please advise as to what you think I should do at this point....and asap....my laptop is my main computer and this one I am using now is so old and slow it may be my death!!! LOL
  • 0

#6
RKinner
Posted 24 June 2009 - 04:55 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
I suspect you will have to reboot your computer and see what happens. It wasn't doing anything critical just a little cleanup so it should be OK.

You might want to invest in a laptop cooler pad that you set the laptop on which has a fan or fans and keeps it cooler. As an emergency measure you can use a vacuum cleaner hose and suck the hot air out whenever you are trying to do something that is CPU intensive.

Ron
  • 0

#7
ShoalBear
Posted 24 June 2009 - 03:39 PM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
ok Kaspersky found some stuff....but it looks like stuff in my email junk folder that I haven't deleted yet....

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0 REPORT
Wednesday, June 24, 2009
Operating System: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Program database last update: Wednesday, June 24, 2009 15:07:40
Records in database: 2386438
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Files scanned: 97392
Threat name: 7
Infected objects: 11
Suspicious objects: 58
Duration of the scan: 03:01:15


File name / Threat name / Threats count
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk Suspicious: Trojan-Spy.HTML.Fraud.gen 7
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Suspicious: Trojan-Spy.HTML.Fraud.gen 10
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Agent.cjef 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Inject.aboa 3
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Junk-Maybe Infected: Trojan.Win32.Agent2.kri 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 5
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Agent.cjef 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\Local Folders\Trash Infected: Trojan.Win32.Inject.aboa 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\localhost\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 2
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\localhost\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 10
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.bizmail.yahoo.com\Inbox Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.bizmail.yahoo.com\Inbox Infected: Trojan.Win32.Inject.abnx 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.bizmail.yahoo.com\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.bizmail.yahoo.com\Trash Infected: Trojan.Win32.Inject.abnx 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.mail.yahoo.com\Drafts Suspicious: Trojan-Spy.HTML.Fraud.gen 3
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.mail.yahoo.com\Sent Suspicious: Trojan-Spy.HTML.Fraud.gen 16
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.mail.yahoo.com\Sent Infected: Worm.Win32.AutoRun.muu 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.mail.yahoo.com\Sent Infected: Trojan-Downloader.Win32.Agent.ahkv 1
C:\Documents and Settings\Owner\Application Data\Thunderbird\Profiles\12rxr6gk.default\Mail\pop.mail.yahoo.com\Trash Suspicious: Trojan-Spy.HTML.Fraud.gen 3

The selected area was scanned.

Have tried a dual fan system for my laptop...but it really wasn't that helpful....this thing just runs hot :)
  • 0

#8
RKinner
Posted 24 June 2009 - 04:32 PM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
What usually causes overheating is either the fan dies or the thermal pad used between the heatsink and the CPU dries up. The fix for the thermal pad is to remove it and replace it with a thin coat of Arctic Silver thermal paste. Unfortunately it is usually major surgery just to get to either the fan or the thermal pad.

Kaspersky also found stuff in your inbox, your sent folder and your draft folder so be careful with your email. It didn't sound like it was 100% sure on some of those so they may be false positives.

It found nothing in the rest of the PC so I think you are done unless you have some other problems like Automatic Updates not working.

Ron
  • 0

#9
ShoalBear
Posted 26 June 2009 - 12:43 AM

ShoalBear

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 212 posts
No I think we are good this time! Thanks so much for your help and your time!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP