Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Adware.myweb, Adware.mywebsearch(Malwarebytes) Trojan.bho (Hijack This

Started by jodee2814 , Aug 24 2009 03:44 PM

  • This topic is locked This topic is locked

#1
jodee2814
Posted 24 August 2009 - 03:44 PM

jodee2814

    Member

  • Member
  • PipPip
  • 30 posts
Ok so this is complicated...I ran 3 different Malwarebytes scans because they kept getting aborted. So I have 3 different logs=/ and I know for sure I have Adware.myweb and Trojan.bho on my computer......:) pretty please...here are the logs....

MALWAREBYTES log #1

Malwarebytes' Anti-Malware 1.34
Database version: 1878
Windows 5.1.2600 Service Pack 3

8/24/2009 11:07:47 AM
mbam-log-2009-08-24 (11-07-47).txt

Scan type: Full Scan (C:\|)
Objects scanned: 22683
Time elapsed: 8 minute(s), 27 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 9
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{cf54be1c-9359-4395-8533-1657cf209cfe} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d518921a-4a03-425e-9873-b9a71756821e} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{00a6faf1-072e-44cf-8957-5838f569a31d} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{59c7fc09-1c83-4648-b3e6-003d2bbc7481} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{68af847f-6e91-45dd-9b68-d6a12c30e5d7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{9170b96c-28d4-4626-8358-27e6caeef907} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{d1a71fa0-ff48-48dd-9b6d-7a13a3e42127} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{ddb1968e-ead6-40fd-8dae-ff14757f60c7} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{f138d901-86f0-4383-99b6-9cdd406036da} (Adware.MyWebSearch) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

Malwarebytes log #2

Malwarebytes' Anti-Malware 1.34
Database version: 1878
Windows 5.1.2600 Service Pack 3

8/24/2009 11:24:38 AM
mbam-log-2009-08-24 (11-24-38).txt

Scan type: Quick Scan
Objects scanned: 83928
Time elapsed: 15 minute(s), 5 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 1
Files Infected: 2

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Low Rights\RunDll32Policy\f3ScrCtr.dll (Adware.MyWay) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\CLSID\{8ca5ed52-f3fb-4414-a105-2e3491156990} (Trojan.BHO) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Gamevance\gamevance32.exe (Adware.Gamevance) -> Quarantined and deleted successfully.
C:\Program Files\iWin Games\iWinGamesHookIE.dll (Trojan.BHO) -> Delete on reboot.

Malwarebytes log #3

Malwarebytes' Anti-Malware 1.34
Database version: 1878
Windows 5.1.2600 Service Pack 3

8/24/2009 4:20:03 PM
mbam-log-2009-08-24 (16-20-03).txt

Scan type: Full Scan (C:\|)
Objects scanned: 170728
Time elapsed: 2 hour(s), 41 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 29

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP77\A0016634.exe (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016970.scr (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016979.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016982.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016986.SCR (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016987.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016989.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016992.DLL (Adware.MyWebSearch) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016994.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016995.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016996.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016997.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016998.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017001.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017002.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017003.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017004.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017005.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017006.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017007.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017008.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017009.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017016.dll (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017017.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017018.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017019.EXE (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0017020.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP82\A0016999.DLL (Adware.MyWeb) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{202550A8-7A33-4BCA-9586-051D24DDBF8F}\RP83\A0017066.dll (Adware.MyWeb) -> Quarantined and deleted successfully.

Hijack This Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:24:16 PM, on 8/24/2009
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Java\jre6\bin\jqs.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\dla\tfswctrl.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Java\jre6\bin\jucheck.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll
O2 - BHO: JQSIEStartDetectorImpl - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll
O2 - BHO: SingleInstance Class - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll
O3 - Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn3\yt.dll
O4 - HKLM\..\Run: [dla] C:\WINDOWS\system32\dla\tfswctrl.exe
O4 - HKLM\..\Run: [Dell AIO Printer A920] "C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe"
O4 - HKLM\..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [MCUpdateExe] c:\PROGRA~1\mcafee.com\agent\mcupdate.exe
O4 - HKLM\..\Run: [MCAgentExe] c:\PROGRA~1\mcafee.com\agent\mcagent.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre6\bin\jusched.exe"
O4 - HKLM\..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe
O4 - HKLM\..\Run: [YSearchProtection] "C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKCU\..\Run: [DellSupport] "C:\Program Files\DellSupport\DSAgnt.exe" /startup
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKCU\..\Run: [DellTransferAgent] "C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe"
O4 - HKCU\..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - Global Startup: AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe
O4 - Global Startup: Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe
O4 - Global Startup: Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O8 - Extra context menu item: &Search - ?p=ZJfox000
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O15 - Trusted Zone: *.att.net
O15 - Trusted Zone: http://*.att.net
O15 - Trusted Zone: *.sbcglobal.net
O15 - Trusted Zone: http://*.sbcglobal.net
O15 - Trusted Zone: *.musicmatch.com (HKLM)
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} (CPlayFirstFashionDasControl Object) - http://www.shockwave...eb.1.0.0.21.cab
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} (CPlayFirstDairyDashWControl Object) - http://games.bigfish...eb.1.0.0.15.cab
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} (SpinTop DRM Control) - file://C:\Program Files\Cake Mania 3\Images\stg_drm.ocx
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} (CPlayFirstChocolatierControl Object) - http://www.shockwave...eb.1.0.0.13.cab
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} (Image Uploader Control) - http://fubar.com/img...geUploader5.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1237601436296
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} (CPlayFirstGreatChocoControl Object) - http://games.bigfish...eb.1.0.0.12.cab
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} (GameHouse Games Player) - http://www.gamehouse...houseplayer.cab
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} (GoBit Games Player) - http://www.shockwave...esPlayer_v5.cab
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} (Zylom Games Player) - http://www.gamehouse...zylomplayer.cab
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} (ArmHelper Control) - file://C:\Program Files\Cake Mania 3\Images\armhelper.ocx
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} (CPlayFirstChocolatieControl Object) - http://www.shockwave...eb.1.0.0.10.cab
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} - http://imikimi.com/d...lugin_0.5.1.cab
O20 - AppInit_DLLs: ,C:\WINDOWS\System32\filemgmt32.dll
O20 - Winlogon Notify: 3c623b87660 - C:\WINDOWS\System32\filemgmt32.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: getPlus® Helper - NOS Microsystems Ltd. - C:\Program Files\NOS\bin\getPlus_HelperSvc.exe
O23 - Service: Google Update Service (gupdate1c9ebc3f8cbe292) (gupdate1c9ebc3f8cbe292) - Google Inc. - C:\Program Files\Google\Update\GoogleUpdate.exe
O23 - Service: Google Software Updater (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Java Quick Starter (JavaQuickStarterService) - Sun Microsystems, Inc. - C:\Program Files\Java\jre6\bin\jqs.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Eastman Kodak Company - C:\WINDOWS\system32\drivers\KodakCCS.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: Yahoo! Updater (YahooAUService) - Yahoo! Inc. - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe

--
End of file - 11692 bytes




THANK YOU THANK YOU THANK YOU THANK YOU in advance! :)
  • 0

Advertisements

#2
Perplexus
Posted 27 August 2009 - 12:44 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hello and welcome to Geeks To Go!:)

Sorry for the delay. It's been really busy :) My name is Perplexus and I will be helping you fix your computer problem.

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate, so stay with me until given the 'all clear' even if symptoms diminish. Lack of symptoms does not always mean the job is complete.

Before we proceed to clean your computer from malware there are some points you should consider that will make the process go smoother:
  • To make sure that you receive an email when this topic is updated, please click here and check that this topic is listed under Malware Removal and Spyware Removal.
  • Before beginning the fix, read this post completely. If there's anything that you do not understand, please ask your questions before proceeding as you may temporarily be disconnected from the internet. No question is considered dumb here. It's better to be safe than sorry!
  • Please print out or copy this page to Notepad in order to assist you when carrying out the following instructions.
  • It is IMPORTANT that you do not miss a step & perform everything in the correct order/sequence.
  • Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested, as it can be very dangerous and cause harm to your system.
  • When posting logs, please ensure Wordwrap is turned off in Notepad (to check, open Notepad in the menubar click on Format and make sure that Word Wrap is unchecked)
---------------------------------------------------------------------------------------------

------------------
Step 1:
------------------

Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

------------------
Step 2:
------------------

Download RootRepeal from one of the following locations:Unzip it to your Desktop.
  • Double click RootRepeal.exe to start the program
  • Click on the Report tab at the bottom of the program window
  • Click the Scan button
  • In the Select Scan dialog, check:
    • Drivers
    • Files
    • Processes
    • SSDT
    • Stealth Objects
    • Hidden Services
    • Shadow SSDT
  • Click the OK button
  • In the next dialog, select all drives showing
  • Click OK to start the scan

    Note: The scan can take some time. DO NOT run any other programs while the scan is running

  • When the scan is complete, the Save Report button will become available
  • Click this and save the report to your Desktop as RootRepeal.txt
  • Go to File, then Exit to close the program
If the report is not too long, post the contents of RootRepeal.txt in your next reply. If the report is very long, it will not be complete if you post it, so please attach it to your reply instead.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post

------------------
Step 3:
------------------

  • Download OTL by OldTimer to your desktop.
  • Double click on the icon to run it. Make sure all other windows are closed and to let it run uninterrupted.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply. You may need two posts to fit them all in.

------------------
Step 4:
------------------

Please post back with the following:
  • How your machine is running
  • checkup.txt
  • RootRepeal.txt
  • OTL.txt
  • Extras.txt

  • 0

#3
jodee2814
Posted 27 August 2009 - 12:54 PM

jodee2814

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
it will not let me open Security Check it says windows can find Security Check/Security Check.bat make sure you typed the name correctly?
  • 0

#4
Perplexus
Posted 27 August 2009 - 01:10 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Leave it and proceed with the rest :)
  • 0

#5
jodee2814
Posted 27 August 2009 - 01:50 PM

jodee2814

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
It seems to be running the same so far nothing much has changed but Honestly I wouldn't be able to tell because I haven't had any pop ups since this morning...


ROOTREPEAL
ROOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/08/27 14:31
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP3
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xEF190000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF8C7D000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xEDD92000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden/Locked Files
-------------------
Path: C:\hiberfil.sys
Status: Locked to the Windows API!

Path: C:\RootRepeal report 08-27-09 (14-31-08).txt
Status: Visible to the Windows API, but not on disk.

Path: C:\WINDOWS\Prefetch\ROOTREPEAL.EXE-156E1461.pf
Status: Visible to the Windows API, but not on disk.

Path: c:\documents and settings\denise adams\desktop\extras.txt
Status: Size mismatch (API: 45894, Raw: 46652)

Path: c:\documents and settings\denise adams\desktop\otl.txt
Status: Size mismatch (API: 101168, Raw: 102240)

SSDT
-------------------
#: 025 Function Name: NtClose
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b06b8

#: 041 Function Name: NtCreateKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b0574

#: 065 Function Name: NtDeleteValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b0a52

#: 068 Function Name: NtDuplicateObject
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b014c

#: 119 Function Name: NtOpenKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b064e

#: 122 Function Name: NtOpenProcess
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b008c

#: 128 Function Name: NtOpenThread
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b00f0

#: 177 Function Name: NtQueryValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b076e

#: 204 Function Name: NtRestoreKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b072e

#: 247 Function Name: NtSetValueKey
Status: Hooked by "C:\WINDOWS\System32\Drivers\aswSP.SYS" at address 0xef1b08ae

==EOF==

OLT:

OTL logfile created on: 8/27/2009 2:33:11 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Denise Adams\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 253.32 Mb Available Physical Memory | 49.67% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.72 Gb Total Space | 45.55 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BTJ
Current User Name: Denise Adams
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
PRC - C:\WINDOWS\Explorer.EXE (Microsoft Corporation)
PRC - C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
PRC - C:\WINDOWS\System32\LEXPPS.EXE (Lexmark International, Inc.)
PRC - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
PRC - c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
PRC - c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
PRC - C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
PRC - C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
PRC - C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
PRC - C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
PRC - C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
PRC - C:\Program Files\Dell AIO Printer A920\dlbkbmon.exe (Dell Computer Corporation)
PRC - C:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
PRC - C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
PRC - C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)
PRC - C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
PRC - C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
PRC - C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
PRC - C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
PRC - C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
PRC - C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
PRC - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
PRC - C:\Program Files\SBC Self Support Tool\bin\mpbtn.exe ()
PRC - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
PRC - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
PRC - C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
PRC - C:\Program Files\Java\jre6\bin\jucheck.exe (Sun Microsystems, Inc.)
PRC - C:\Documents and Settings\Denise Adams\Desktop\OTL.exe (OldTimer Tools)
PRC - C:\WINDOWS\notepad.exe (Microsoft Corporation)
PRC - C:\Documents and Settings\Denise Adams\Local Settings\Temp\Temporary Directory 4 for RootRepeal.zip\RootRepeal.exe ( )

========== Win32 Services (SafeList) ==========

SRV - (6to4 [Auto | Stopped]) -- C:\WINDOWS\System32\6to4svc.dll (Microsoft Corporation)
SRV - (Apple Mobile Device [Auto | Running]) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe (Apple Inc.)
SRV - (aspnet_state [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe (Microsoft Corporation)
SRV - (aswUpdSv [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe (ALWIL Software)
SRV - (avast! Antivirus [Auto | Running]) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe (ALWIL Software)
SRV - (avast! Mail Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe (ALWIL Software)
SRV - (avast! Web Scanner [On_Demand | Running]) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe (ALWIL Software)
SRV - (Boonty Games [Disabled | Stopped]) -- C:\Program Files\Common Files\BOONTY Shared\Service\Boonty.exe (BOONTY)
SRV - (clr_optimization_v2.0.50727_32 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe (Microsoft Corporation)
SRV - (DSBrokerService [On_Demand | Stopped]) -- C:\Program Files\DellSupport\brkrsvc.exe ()
SRV - (FontCache3.0.0.0 [On_Demand | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation)
SRV - (getPlus® Helper [On_Demand | Stopped]) -- C:\Program Files\NOS\bin\getPlus_HelperSvc.exe (NOS Microsystems Ltd.)
SRV - (gupdate1c9ebc3f8cbe292 [Auto | Stopped]) -- C:\Program Files\Google\Update\GoogleUpdate.exe (Google Inc.)
SRV - (gusvc [Auto | Stopped]) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe (Google)
SRV - (helpsvc [Auto | Running]) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll (Microsoft Corporation)
SRV - (IDriverT [On_Demand | Stopped]) -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe (Macrovision Corporation)
SRV - (idsvc [Unknown | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe (Microsoft Corporation)
SRV - (iPod Service [On_Demand | Running]) -- C:\Program Files\iPod\bin\iPodService.exe (Apple Inc.)
SRV - (JavaQuickStarterService [Auto | Running]) -- C:\Program Files\Java\jre6\bin\jqs.exe (Sun Microsystems, Inc.)
SRV - (KodakCCS [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\KodakCCS.exe (Eastman Kodak Company)
SRV - (LexBceS [Auto | Running]) -- C:\WINDOWS\System32\LEXBCES.EXE (Lexmark International, Inc.)
SRV - (McDetect.exe [Auto | Running]) -- c:\program files\mcafee.com\agent\mcdetect.exe (McAfee, Inc)
SRV - (McTskshd.exe [Auto | Running]) -- c:\Program Files\McAfee.com\Agent\McTskshd.exe (McAfee, Inc)
SRV - (mcupdmgr.exe [On_Demand | Stopped]) -- C:\Program Files\McAfee.com\Agent\mcupdmgr.exe (McAfee, Inc)
SRV - (NetTcpPortSharing [Disabled | Stopped]) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe (Microsoft Corporation)
SRV - (UMWdf [Auto | Running]) -- C:\WINDOWS\System32\wdfmgr.exe (Microsoft Corporation)
SRV - (Viewpoint Manager Service [Auto | Running]) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe (Viewpoint Corporation)
SRV - (YahooAUService [Auto | Running]) -- C:\Program Files\Yahoo!\SoftwareUpdate\YahooAUService.exe (Yahoo! Inc.)

========== Driver Services (SafeList) ==========

DRV - (Aavmker4 [System | Running]) -- C:\WINDOWS\System32\drivers\aavmker4.sys (ALWIL Software)
DRV - (AliIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (amdagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (asc [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (ASCTRM [Auto | Running]) -- C:\WINDOWS\System32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (aswFsBlk [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\aswFsBlk.sys (ALWIL Software)
DRV - (aswMon2 [Auto | Running]) -- C:\WINDOWS\System32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswRdr [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswSP [System | Running]) -- C:\WINDOWS\System32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswTdi [System | Running]) -- C:\WINDOWS\System32\drivers\aswTdi.sys (ALWIL Software)
DRV - (bcm4sbxp [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\bcm4sbxp.sys (Broadcom Corporation)
DRV - (CmdIde [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)
DRV - (dac2w2k [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (DcCam [System | Running]) -- C:\WINDOWS\System32\DRIVERS\DcCam.sys (Eastman Kodak Company)
DRV - (DcFpoint [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcFpoint.sys (Eastman Kodak Company)
DRV - (DCFS2K [Auto | Running]) -- C:\WINDOWS\System32\drivers\dcfs2k.sys (Eastman Kodak Company)
DRV - (DcLps [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcLps.sys (Eastman Kodak Company)
DRV - (DcPTP [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\DcPTP.sys (Eastman Kodak Company)
DRV - (drvmcdb [Boot | Running]) -- C:\WINDOWS\system32\drivers\drvmcdb.sys (Sonic Solutions)
DRV - (drvnddm [Auto | Running]) -- C:\WINDOWS\System32\drivers\drvnddm.sys (Sonic Solutions)
DRV - (DSproct [On_Demand | Running]) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys (Gteko Ltd.)
DRV - (dsunidrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys (Gteko Ltd.)
DRV - (E100B [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys (Intel Corporation)
DRV - (Exportit [System | Stopped]) -- C:\WINDOWS\System32\DRIVERS\exportit.sys (Eastman Kodak Company)
DRV - (GEARAspiWDM [On_Demand | Running]) -- C:\WINDOWS\System32\Drivers\GEARAspiWDM.sys (GEAR Software Inc.)
DRV - (ialm [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys (Intel Corporation)
DRV - (IntelC51 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys (Intel Corporation)
DRV - (IntelC52 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys (Intel Corporation)
DRV - (IntelC53 [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys (Intel Corporation)
DRV - (MODEMCSA [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (mohfilt [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys (Intel Corporation)
DRV - (mraid35x [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (nv [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys (NVIDIA Corporation)
DRV - (omci [System | Running]) -- C:\WINDOWS\System32\DRIVERS\omci.sys (Dell Computer Corporation)
DRV - (Ptilink [On_Demand | Running]) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys (Parallel Technologies, Inc.)
DRV - (PxHelp20 [Boot | Running]) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys (Sonic Solutions)
DRV - (ql1080 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql12160 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1280 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (Secdrv [Auto | Running]) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.)
DRV - (senfilt [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\senfilt.sys (Sensaura)
DRV - (sisagp [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (smwdm [On_Demand | Running]) -- C:\WINDOWS\System32\drivers\smwdm.sys (Analog Devices, Inc.)
DRV - (SNDP610 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\sndp610.sys ()
DRV - (SONYPVU1 [On_Demand | Stopped]) -- C:\WINDOWS\System32\DRIVERS\SONYPVU1.SYS (Sony Corporation)
DRV - (Sparrow [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sscdbhk5 [System | Running]) -- C:\WINDOWS\System32\drivers\sscdbhk5.sys (Sonic Solutions)
DRV - (ssrtln [System | Running]) -- C:\WINDOWS\System32\drivers\ssrtln.sys (Sonic Solutions)
DRV - (symc810 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (symc8xx [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (sym_hi [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (sym_u3 [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (Tcpip6 [System | Running]) -- C:\WINDOWS\System32\DRIVERS\tcpip6.sys (Microsoft Corporation)
DRV - (tfsnboio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnboio.sys (Sonic Solutions)
DRV - (tfsncofs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsncofs.sys (Sonic Solutions)
DRV - (tfsndrct [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndrct.sys (Sonic Solutions)
DRV - (tfsndres [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsndres.sys (Sonic Solutions)
DRV - (tfsnifs [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnifs.sys (Sonic Solutions)
DRV - (tfsnopio [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnopio.sys (Sonic Solutions)
DRV - (tfsnpool [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnpool.sys (Sonic Solutions)
DRV - (tfsnudf [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudf.sys (Sonic Solutions)
DRV - (tfsnudfa [Auto | Running]) -- C:\WINDOWS\System32\dla\tfsnudfa.sys (Sonic Solutions)
DRV - (tmcomm [Auto | Running]) -- C:\WINDOWS\System32\drivers\tmcomm.sys (Trend Micro Inc.)
DRV - (ultra [Boot | Running]) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - ({6080A529-897E-4629-A488-ABA0C29B635E} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmsbw.sys (Intel Corporation)
DRV - ({D31A0762-0CEB-444e-ACFF-B049A1F6FE91} [On_Demand | Stopped]) -- C:\WINDOWS\System32\drivers\ialmkchw.sys (Intel Corporation)

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\windows\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomSearch = http://us.rd.yahoo.c...rch/search.html
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.dell4me.com/myway
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,First Home Page = http://www.microsoft...P...pdate&O1=b1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Fast Browser Search"
FF - prefs.js..browser.search.order.1: "Fast Browser Search"
FF - prefs.js..browser.search.selectedEngine: "Fast Browser Search"
FF - prefs.js..browser.startup.homepage: "http://en-US.start2....en-US:official"
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}:6.0.07
FF - prefs.js..extensions.enabledItems: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}:6.0.13
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: [email protected]:1.0.5.1344
FF - prefs.js..extensions.enabledItems: [email protected]:3.0
FF - prefs.js..extensions.enabledItems: {635abd67-4fe9-1b23-4f01-e679fa7484c1}:1.6.6.20090220
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.0.13


FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/03/23 08:21:53 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/05/21 07:29:08 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/08/24 17:09:44 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.13\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/08/24 14:21:00 | 00,000,000 | ---D | M]

[2009/03/19 11:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Denise Adams\Application Data\mozilla\Extensions
[2009/03/19 11:25:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Denise Adams\Application Data\mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2009/08/27 09:21:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Denise Adams\Application Data\mozilla\Firefox\Profiles\qve058bq.default\extensions
[2009/06/12 17:53:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Denise Adams\Application Data\mozilla\Firefox\Profiles\qve058bq.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2009/07/03 11:42:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Denise Adams\Application Data\mozilla\Firefox\Profiles\qve058bq.default\extensions\[email protected]
[2009/03/19 17:12:34 | 00,002,158 | ---- | M] () -- C:\Documents and Settings\Denise Adams\Application Data\Mozilla\FireFox\Profiles\qve058bq.default\searchplugins\MySpace.xml
[2009/08/27 09:21:40 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions
[2009/08/05 14:39:11 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2009/03/23 10:21:27 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA}
[2009/05/21 07:30:42 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
[2009/04/13 19:34:57 | 00,000,000 | ---D | M] -- C:\Program Files\mozilla firefox\extensions\[email protected]
[2009/08/05 14:39:01 | 00,023,032 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browserdirprovider.dll
[2009/08/05 14:39:01 | 00,134,648 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\brwsrcmp.dll
[2009/05/21 07:28:57 | 00,410,984 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeploytk.dll
[2008/09/26 11:40:34 | 00,053,248 | ---- | M] (AOL LLC) -- C:\Program Files\mozilla firefox\plugins\npdnu.dll
[2009/08/05 14:39:05 | 00,065,528 | ---- | M] (mozilla.org) -- C:\Program Files\mozilla firefox\plugins\npnul32.dll
[2009/08/07 21:49:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin.dll
[2009/08/07 21:49:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin2.dll
[2009/08/07 21:49:34 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin3.dll
[2009/08/07 21:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin4.dll
[2009/08/07 21:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin5.dll
[2009/08/07 21:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin6.dll
[2009/08/07 21:49:35 | 00,143,360 | ---- | M] (Apple Inc.) -- C:\Program Files\mozilla firefox\plugins\npqtplugin7.dll
[2009/03/30 17:13:54 | 00,098,304 | ---- | M] (RealNetworks) -- C:\Program Files\mozilla firefox\plugins\npraclient.dll
[2007/08/21 19:42:32 | 00,057,344 | ---- | M] (America Online, Inc.) -- C:\Program Files\mozilla firefox\plugins\npunagi2.dll
[2009/03/03 10:51:42 | 00,098,304 | ---- | M] (Zylom) -- C:\Program Files\mozilla firefox\plugins\npzylomgamesplayer.dll
[2008/12/01 11:01:02 | 00,114,540 | ---- | M] (NOS Microsystems Ltd.) -- C:\Program Files\mozilla firefox\plugins\np_gp.dll
[2009/02/19 14:33:08 | 00,001,394 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\amazondotcom.xml
[2009/02/19 14:33:08 | 00,002,193 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\answers.xml
[2007/10/27 12:44:58 | 00,002,275 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\aolsearch.xml
[2007/07/26 12:05:16 | 00,001,329 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\crawlersrch.xml
[2009/02/19 14:33:08 | 00,001,534 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\creativecommons.xml
[2009/02/19 14:33:08 | 00,002,343 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\eBay.xml
[2009/08/16 21:37:22 | 00,003,700 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.png
[2009/08/16 21:37:22 | 00,001,963 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\fast.xml
[2009/02/19 14:33:08 | 00,001,706 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\google.xml
[2009/02/19 14:33:08 | 00,001,178 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\wikipedia.xml
[2009/02/19 14:33:08 | 00,000,792 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\yahoo.xml

O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.15642\swg.dll (Google Inc.)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (no name) - {BA52B914-B692-46c4-B683-905236F6F655} - No CLSID value found.
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn3\yt.dll (Yahoo! Inc.)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [Dell AIO Printer A920] C:\Program Files\Dell AIO Printer A920\dlbkbmgr.exe (Dell Computer Corporation)
O4 - HKLM..\Run: [dla] C:\WINDOWS\System32\dla\tfswctrl.exe (Sonic Solutions)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [MCAgentExe] c:\Program Files\McAfee.com\Agent\mcagent.exe (McAfee, Inc)
O4 - HKLM..\Run: [MCUpdateExe] c:\Program Files\McAfee.com\Agent\mcupdate.exe (McAfee, Inc)
O4 - HKLM..\Run: [mmtask] C:\Program Files\Musicmatch\Musicmatch Jukebox\mmtask.exe (Musicmatch Inc.)
O4 - HKLM..\Run: [MMTray] C:\Program Files\Musicmatch\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\QTTask.exe (Apple Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre6\bin\jusched.exe (Sun Microsystems, Inc.)
O4 - HKLM..\Run: [Ulead AutoDetector v2] C:\Program Files\Common Files\Ulead Systems\AutoDetector\monitor.exe (Ulead Systems, Inc.)
O4 - HKLM..\Run: [YSearchProtection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellTransferAgent] C:\Documents and Settings\All Users\Application Data\Dell\TransferAgent\TransferAgent.exe ( )
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Inc.)
O4 - HKCU..\Run: [Search Protection] C:\Program Files\Yahoo!\Search Protection\SearchProtection.exe (Yahoo! Inc)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKLM..\RunOnceEx: [] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\AT&T Self Support Tool.lnk = C:\Program Files\SBC Self Support Tool\bin\matcli.exe (Motive Communications, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak software updater.lnk = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE (Microsoft Corporation)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O8 - Extra context menu item: &Search - File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: musicmatch.com ([]* in Trusted sites)
O15 - HKLM\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O15 - HKCU\..Trusted Domains: att.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: att.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: sbcglobal.net ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]http in Trusted sites)
O15 - HKCU\..Trusted Domains: yahoo.com ([]https in Trusted sites)
O15 - HKCU\..Trusted Domains: 32 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {049A470D-F818-4E34-B14D-E4E237DADCF8} http://www.shockwave...eb.1.0.0.21.cab (CPlayFirstFashionDasControl Object)
O16 - DPF: {055B4212-4C81-448E-AFA9-C3CA4AAE8F95} http://games.bigfish...eb.1.0.0.15.cab (CPlayFirstDairyDashWControl Object)
O16 - DPF: {149E45D8-163E-4189-86FC-45022AB2B6C9} file://C:\Program Files\Cake Mania 3\Images\stg_drm.ocx (SpinTop DRM Control)
O16 - DPF: {1B00725B-C455-4DE6-BFB6-AD540AD427CD} http://download.macr...ash/swflash.cab (Reg Error: Key error.)
O16 - DPF: {21BB8360-F943-447E-98F3-3C22345375A7} http://www.shockwave...eb.1.0.0.13.cab (CPlayFirstChocolatierControl Object)
O16 - DPF: {31435657-9980-0010-8000-00AA00389B71} http://download.micr...78f/wvc1dmo.cab (Reg Error: Key error.)
O16 - DPF: {5D637FAD-E202-48D1-8F18-5B9C459BD1E3} http://fubar.com/img...geUploader5.cab (Image Uploader Control)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://update.micros...b?1237601436296 (WUWebControl Class)
O16 - DPF: {6C7CAD20-85AA-475A-AC0D-303C4A9A69CE} http://games.bigfish...eb.1.0.0.12.cab (CPlayFirstGreatChocoControl Object)
O16 - DPF: {74E4A24D-5224-4F05-8A41-99445E0FC22B} http://www.gamehouse...houseplayer.cab (GameHouse Games Player)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://www.shockwave...esPlayer_v5.cab (GoBit Games Player)
O16 - DPF: {BFF1950D-B1B4-4AE8-B842-B2CCF06D9A1B} http://www.gamehouse...zylomplayer.cab (Zylom Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_07)
O16 - DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_13)
O16 - DPF: {CC450D71-CC90-424C-8638-1F2DBAC87A54} file://C:\Program Files\Cake Mania 3\Images\armhelper.ocx (ArmHelper Control)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D40F5876-A494-4124-8161-82625BB28C06} http://www.shockwave...eb.1.0.0.10.cab (CPlayFirstChocolatieControl Object)
O16 - DPF: {D71F9A27-723E-4B8B-B428-B725E47CBA3E} http://imikimi.com/d...lugin_0.5.1.cab (Reg Error: Key error.)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.254
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\msdaipp.dll (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\filemgmt32.dll) - C:\WINDOWS\System32\filemgmt32.dll ()
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\3c623b87660: DllName - C:\WINDOWS\System32\filemgmt32.dll - C:\WINDOWS\System32\filemgmt32.dll ()
O20 - Winlogon\Notify\igfxcui: DllName - igfxsrvc.dll - C:\WINDOWS\System32\igfxsrvc.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 14:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]

========== Files/Folders - Created Within 30 Days ==========

[2009/08/27 14:21:57 | 00,514,048 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Denise Adams\Desktop\OTL.exe
[2009/08/27 14:01:18 | 00,464,491 | ---- | C] () -- C:\Documents and Settings\Denise Adams\Desktop\RootRepeal.zip
[2009/08/27 08:05:21 | 00,000,000 | ---D | C] -- C:\WINDOWS\LastGood
[2009/08/26 09:03:11 | 00,000,000 | ---D | C] -- C:\Program Files\Aspell
[2009/08/24 17:25:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Denise Adams\Local Settings\Application Data\Opera
[2009/08/24 17:25:17 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Denise Adams\Application Data\Opera
[2009/08/24 17:24:58 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/08/24 17:24:55 | 00,000,000 | ---D | C] -- C:\Program Files\Opera
[2009/08/24 12:07:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/08/24 12:07:24 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/08/24 10:16:53 | 00,010,251 | ---- | C] () -- C:\WINDOWS\GnuHashes.ini
[2009/08/24 09:55:36 | 00,000,530 | -HS- | C] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/08/24 09:55:36 | 00,000,000 | -HSD | C] -- C:\WINDOWS\System32\LocalService
[2009/08/23 21:55:28 | 00,005,556 | -HS- | C] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660C.manifest
[2009/08/23 21:55:28 | 00,002,471 | -HS- | C] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660P.manifest
[2009/08/23 21:55:28 | 00,000,565 | -HS- | C] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660O.manifest
[2009/08/23 21:55:28 | 00,000,011 | -HS- | C] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660S.manifest
[2009/08/23 21:55:27 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\filemgmt32.dll
[2009/08/23 21:55:27 | 00,000,615 | ---- | C] () -- C:\WINDOWS\System32\iWp27ZuiGMbMAUV.vbs
[2009/08/18 03:08:35 | 00,268,648 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll
[2009/08/18 03:08:35 | 00,027,496 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\mucltui.dll.mui
[2009/08/17 14:04:17 | 00,000,000 | ---D | C] -- C:\Program Files\Microsoft Silverlight
[2009/08/17 14:02:37 | 04,928,376 | ---- | C] (Microsoft Corporation) -- C:\Documents and Settings\Denise Adams\Desktop\Silverlight.exe
[2009/08/16 21:37:23 | 00,000,000 | ---D | C] -- C:\Program Files\FBSearch Toolbar
[2009/08/16 11:27:51 | 00,128,512 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\dhtmled.ocx
[2009/08/16 11:27:35 | 01,315,328 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\msoe.dll
[2009/08/10 18:49:06 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Astar Games
[2009/08/10 10:03:57 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Denise Adams\Application Data\Boomzap
[2009/08/07 21:48:29 | 00,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2009/08/05 04:01:48 | 00,204,800 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/31 14:21:56 | 00,052,224 | ---- | C] () -- C:\Documents and Settings\Denise Adams\My Documents\Your Flight Details.doc
[2009/07/31 13:34:18 | 00,932,062 | ---- | C] () -- C:\Documents and Settings\Denise Adams\My Documents\New_Hire_-_Personnel.pdf
[2009/06/03 10:07:41 | 00,000,030 | ---- | C] () -- C:\WINDOWS\Iedit_.INI
[2009/04/30 13:57:28 | 00,000,002 | ---- | C] () -- C:\WINDOWS\PhotoSuite.ini
[2009/04/30 13:57:24 | 00,458,752 | ---- | C] () -- C:\WINDOWS\System32\Fpl.dll
[2009/04/30 13:57:24 | 00,019,968 | ---- | C] () -- C:\WINDOWS\System32\Cpuinf32.dll
[2009/04/30 13:57:23 | 00,332,800 | ---- | C] () -- C:\WINDOWS\System32\Fpxlib.dll
[2009/04/30 13:57:23 | 00,122,880 | ---- | C] () -- C:\WINDOWS\System32\Jpeglib.dll
[2008/04/28 07:13:48 | 00,000,354 | -HS- | C] () -- C:\WINDOWS\System32\ctvkwxlo.ini
[2007/11/16 11:42:09 | 00,000,029 | ---- | C] () -- C:\WINDOWS\Pt.dll
[2007/10/30 08:54:57 | 00,000,010 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2007/10/10 08:18:37 | 00,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/10/01 13:04:24 | 00,000,000 | ---- | C] () -- C:\WINDOWS\PTWebCam.INI
[2006/10/01 12:58:47 | 00,286,720 | ---- | C] () -- C:\WINDOWS\System32\sndp610.dll
[2006/10/01 12:58:47 | 00,015,474 | ---- | C] () -- C:\WINDOWS\sndp610.ini
[2006/10/01 12:58:46 | 00,219,392 | ---- | C] () -- C:\WINDOWS\System32\drivers\sndp610.sys
[2006/10/01 12:58:46 | 00,061,440 | ---- | C] () -- C:\WINDOWS\System32\dsndp610.dll
[2006/10/01 12:58:46 | 00,061,440 | ---- | C] ( ) -- C:\WINDOWS\System32\csndp610.dll
[2006/10/01 12:58:46 | 00,036,864 | ---- | C] ( ) -- C:\WINDOWS\System32\vsndp610.dll
[2006/04/07 17:50:24 | 00,063,488 | ---- | C] () -- C:\WINDOWS\xobglu16.dll
[2006/04/07 17:50:24 | 00,023,552 | ---- | C] () -- C:\WINDOWS\xobglu32.dll
[2005/11/14 18:21:45 | 00,000,144 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/07/30 20:04:16 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/07/21 19:22:36 | 00,204,857 | ---- | C] () -- C:\WINDOWS\System32\InstallHelp.dll
[2005/02/17 19:28:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/02/07 18:46:01 | 00,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2005/01/31 21:35:19 | 00,000,848 | ---- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2005/01/31 18:27:59 | 00,000,073 | ---- | C] () -- C:\WINDOWS\Viewer.ini
[2005/01/16 10:58:19 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/01/13 18:24:18 | 00,000,443 | ---- | C] () -- C:\WINDOWS\ka.ini
[2005/01/11 21:42:57 | 00,010,600 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/10 00:12:14 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\ZLIB.DLL
[2005/01/09 17:12:05 | 00,000,325 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/08 01:55:28 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/12/08 01:47:07 | 00,000,579 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/12/08 01:13:32 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 23:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 14:13:12 | 00,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 14:04:08 | 00,001,094 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 13:57:52 | 00,000,231 | ---- | C] () -- C:\WINDOWS\SYSTEM.INI
[2003/04/22 16:37:50 | 00,000,141 | ---- | C] () -- C:\WINDOWS\System32\DLBKPLC.INI
[2003/01/07 22:15:26 | 00,000,255 | ---- | C] () -- C:\WINDOWS\System32\dlbkcoin.ini
[2002/11/13 20:40:22 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbkvs.dll
[2002/03/16 19:00:00 | 00,007,420 | ---- | C] () -- C:\WINDOWS\UA000091.DLL
[2000/09/08 18:53:50 | 00,073,839 | ---- | C] () -- C:\WINDOWS\System32\KodakOneTouch.dll
[1999/01/22 13:46:58 | 00,065,536 | ---- | C] () -- C:\WINDOWS\System32\MSRTEDIT.DLL
[1998/01/12 03:00:00 | 00,040,448 | ---- | C] () -- C:\WINDOWS\System32\REGOBJ.DLL

========== Files - Modified Within 30 Days ==========

[2009/08/27 14:28:14 | 00,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2009/08/27 14:25:06 | 00,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2009/08/27 14:21:59 | 00,514,048 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Denise Adams\Desktop\OTL.exe
[2009/08/27 14:01:19 | 00,464,491 | ---- | M] () -- C:\Documents and Settings\Denise Adams\Desktop\RootRepeal.zip
[2009/08/27 08:48:32 | 00,002,471 | -HS- | M] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660P.manifest
[2009/08/27 08:04:38 | 00,005,556 | -HS- | M] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660C.manifest
[2009/08/27 08:04:30 | 00,946,176 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mbb
[2009/08/27 08:04:26 | 00,740,352 | R--- | M] () -- C:\Documents and Settings\All Users\Documents\ESBK.mb
[2009/08/27 08:03:29 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2009/08/27 08:01:23 | 00,000,565 | -HS- | M] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660O.manifest
[2009/08/27 08:01:20 | 00,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2009/08/27 08:01:15 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/08/27 08:01:13 | 00,000,011 | -HS- | M] () -- C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660S.manifest
[2009/08/27 08:00:54 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/08/27 08:00:52 | 53,484,3392 | -HS- | M] () -- C:\hiberfil.sys
[2009/08/25 16:33:56 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/08/25 09:00:00 | 00,000,386 | ---- | M] () -- C:\WINDOWS\tasks\rpc.job
[2009/08/24 17:29:20 | 02,544,058 | -H-- | M] () -- C:\Documents and Settings\Denise Adams\Local Settings\Application Data\IconCache.db
[2009/08/24 17:24:58 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Opera.lnk
[2009/08/24 10:37:21 | 00,010,251 | ---- | M] () -- C:\WINDOWS\GnuHashes.ini
[2009/08/24 09:55:36 | 00,000,530 | -HS- | M] () -- C:\WINDOWS\System32\GroupPolicy000.dat
[2009/08/23 21:55:27 | 00,122,880 | ---- | M] () -- C:\WINDOWS\System32\filemgmt32.dll
[2009/08/23 21:55:27 | 00,000,615 | ---- | M] () -- C:\WINDOWS\System32\iWp27ZuiGMbMAUV.vbs
[2009/08/21 18:30:00 | 00,000,366 | ---- | M] () -- C:\WINDOWS\tasks\McAfee.com Scan for Viruses - My Computer (BTJ-Rebecca Mahar).job
[2009/08/21 15:22:03 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/08/17 14:03:20 | 04,928,376 | ---- | M] (Microsoft Corporation) -- C:\Documents and Settings\Denise Adams\Desktop\Silverlight.exe
[2009/08/17 11:10:20 | 01,279,456 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\aswBoot.exe
[2009/08/17 11:06:54 | 00,093,392 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2009/08/17 11:06:43 | 00,094,160 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2009/08/17 11:05:52 | 00,114,768 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2009/08/17 11:05:37 | 00,020,560 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2009/08/17 11:04:40 | 00,051,376 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2009/08/17 11:04:29 | 00,023,152 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2009/08/17 11:03:21 | 00,026,944 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2009/08/17 11:02:50 | 00,097,480 | ---- | M] (ALWIL Software) -- C:\WINDOWS\System32\AvastSS.scr
[2009/08/17 06:06:50 | 00,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\mswebdvd.dll
[2009/08/05 04:01:48 | 00,204,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\mswebdvd.dll
[2009/07/31 14:21:57 | 00,052,224 | ---- | M] () -- C:\Documents and Settings\Denise Adams\My Documents\Your Flight Details.doc
[2009/07/31 13:34:18 | 00,932,062 | ---- | M] () -- C:\Documents and Settings\Denise Adams\My Documents\New_Hire_-_Personnel.pdf
[2009/07/29 19:49:14 | 24,281,536 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\MRT.exe

========== Alternate Data Streams ==========

@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C3B5FCD5
@Alternate Data Stream - 182 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A988B257
@Alternate Data Stream - 142 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:755BD5CD
@Alternate Data Stream - 140 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:44B6B0E0
@Alternate Data Stream - 139 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:434C6E35
@Alternate Data Stream - 133 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:EBFD4E6F
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:81AA7C39
@Alternate Data Stream - 129 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0860D6D6
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:3FAE5A2A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:15B5F596
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BBF60A29
@Alternate Data Stream - 126 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:09A43FB1
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F67AAFC5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:AED4FFF5
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:91E2E553
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:756C8543
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:93226FE3
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DA00F159
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:22741C1F
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:385BC52C
@Alternate Data Stream - 120 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:85DA68FC
@Alternate Data Stream - 119 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:9485E512
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:42478B0E
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D1B5B4F1
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:554C6431
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30ECA2C2
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5BB2BD38
@Alternate Data Stream - 113 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:FECEF728
@Alternate Data Stream - 110 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:DFC5A2B2
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:483AC68A
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:18897B1D
@Alternate Data Stream - 105 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0DFE2AE1
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4F96D8E6
< End of report >


OLT EXTRAS:
OTL Extras logfile created on: 8/27/2009 2:33:11 PM - Run 2
OTL by OldTimer - Version 3.0.10.7 Folder = C:\Documents and Settings\Denise Adams\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.5512)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

510.00 Mb Total Physical Memory | 253.32 Mb Available Physical Memory | 49.67% Memory free
1.22 Gb Paging File | 0.84 Gb Available in Paging File | 69.36% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 71.72 Gb Total Space | 45.55 Gb Free Space | 63.52% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: BTJ
Current User Name: Denise Adams
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = Opera.HTML] -- Reg Error: Key error. File not found

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0
"UpdatesDisableNotify" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 1
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\AOL\RC\regclient.exe" = C:\Program Files\AOL\RC\regclient.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe" = C:\Program Files\Kodak\Kodak EasyShare software\bin\EasyShare.exe:*:Enabled:EasyShare -- ()
"C:\CaffeLatte\CafeClient\CafeProtocol.exe" = C:\CaffeLatte\CafeClient\CafeProtocol.exe:*:Enabled:Cafe.com URL Protocol host -- File not found
"C:\Program Files\AOL 9.0a\waol.exe" = C:\Program Files\AOL 9.0a\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- File not found
"C:\Program Files\Common Files\AOL\System Information\sinf.exe" = C:\Program Files\Common Files\AOL\System Information\sinf.exe:*:Enabled:AOL System Information -- (America Online, Inc.)
"C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe" = C:\Program Files\Common Files\AOL\TopSpeed\3.0\aoltpsd3.exe:*:Enabled:AOL -- File not found
"C:\Program Files\MySpace\IM\MySpaceIM.exe" = C:\Program Files\MySpace\IM\MySpaceIM.exe:*:Enabled:MySpace Instant Messenger -- File not found
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe" = C:\Program Files\BearShare Applications\BearShare\BearShare.exe:*:Enabled:BearShare -- File not found
"C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe" = C:\WINDOWS\SYSTEM32\DRIVERS\spools.exe:*:Enabled:spools -- File not found
"C:\Program Files\McAfee.com\Shared\mghtml.exe" = C:\Program Files\McAfee.com\Shared\mghtml.exe:*:Enabled:mghtml -- (McAfee, Inc)
"C:\Program Files\Common Files\AOL\ACS\AOLDial.exe" = C:\Program Files\Common Files\AOL\ACS\AOLDial.exe:*:Enabled:AOLDial -- File not found
"C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe" = C:\Program Files\SBC Self Support Tool\SmartBridge\MotiveSB.exe:*:Enabled:MotiveSB -- (Motive, Inc.)
"C:\Program Files\Yahoo!\Companion\Installs\cpn2\ytbb.exe" = C:\Program Files\Yahoo!\Companion\Installs\cpn2\ytbb.exe:*:Enabled:ytbb -- (Yahoo! Inc.)
"C:\Program Files\Mozilla Firefox\firefox.exe" = C:\Program Files\Mozilla Firefox\firefox.exe:*:Enabled:firefox -- (Mozilla Corporation)
"C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe" = C:\Program Files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe:*:Disabled:Kodak Software Updater -- ()
"C:\Program Files\FrostWire\FrostWire.exe" = C:\Program Files\FrostWire\FrostWire.exe:*:Enabled:FrostWire -- File not found
"%windir%\Network Diagnostic\xpnetdiag.exe" = %windir%\Network Diagnostic\xpnetdiag.exe:*:Enabled:@xpsp3res.dll,-20000 -- (Microsoft Corporation)
"C:\WINDOWS\SYSTEM32\LEXPPS.EXE" = C:\WINDOWS\SYSTEM32\LEXPPS.EXE:*:Disabled:LEXPPS.EXE -- (Lexmark International, Inc.)
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe" = C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe:*:Enabled:AOL Connectivity Service -- File not found
"C:\Program Files\Common Files\AOL\1171979260\ee\aolsoftware.exe" = C:\Program Files\Common Files\AOL\1171979260\ee\aolsoftware.exe:*:Enabled:AOL Shared Components -- File not found
"C:\Program Files\AOL 9.1\waol.exe" = C:\Program Files\AOL 9.1\waol.exe:*:Enabled:AOL -- File not found
"C:\Program Files\AOL 9.1a\waol.exe" = C:\Program Files\AOL 9.1a\waol.exe:*:Enabled:AOL -- File not found
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Windows Shell -- (Microsoft Corporation)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{00030409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Small Business
"{00040409-78E1-11D2-B60F-006097C998E7}" = Microsoft Office 2000 Disc 2
"{0008546E-DF6E-4CC1-AFD0-2CB8E16C95A2}" = Notifier
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{14D4ED84-6A9A-45A0-96F6-1753768C3CB5}" = ESSPCD
"{154508C0-07C5-4659-A7A0-E49968750D21}" = HLPPDOCK
"{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"{162B71B8-8464-4680-A086-601D555B331D}" = Apple Mobile Device Support
"{26A24AE4-039D-4CA4-87B4-2F83216013FF}" = Java™ 6 Update 13
"{3209C8A2-558C-445C-832B-1AC552F59B11}" = Hoyle Demo
"{3248F0A8-6813-11D6-A77B-00B0D0160070}" = Java™ 6 Update 7
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{37F9D0BD-9AED-4EE6-BCA3-BA0749636E04}" = Hoyle Board Games 2003
"{38441BE7-79B0-42B8-8297-833704F949FE}" = HLPIndex
"{3CA39B0C-BA85-4D42-AC0F-1FF5F60C3353}" = OTtBPSDK
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{4192EAC0-6B36-4723-B216-D0E86E7757AC}" = Jasc Paint Shop Photo Album 5
"{41FE2866-7D7D-4EDF-9C7A-F1F6A346BA83}" = Wal-Mart Digital Photo Manager
"{432C3720-37BF-4BD7-8E49-F38E090246D0}" = CR2
"{48C82F7A-F100-4DAB-A310-8E18BF2159E1}" = ESSvpot
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4F677FC7-7AA8-412B-A957-F13CBE1C7331}" = ESSSONIC
"{5168221A-732B-42E7-85E8-201D7A0CB954}" = Dual Mode Camera
"{54C8FE84-89C4-40E8-976C-439EB0729BD6}" = CardRd81
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{605A4E39-613C-4A12-B56F-DEFBE6757237}" = SHASTA
"{643EAE81-920C-4931-9F0B-4B343B225CA6}" = ESSBrwr
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{6E179C77-7335-458D-9537-4F4EAC0181ED}" = Photo Click
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{87843A41-7808-4F2E-B13F-25C1E67CF2FD}" = ESShelp
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8A502E38-29C9-49FA-BCFA-D727CA062589}" = ESSTOOLS
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Extreme Graphics Driver
"{8BB4B58A-A402-4DE8-8FCD-287E60B88DD8}" = ESSCT
"{8E92D746-CD9F-4B90-9668-42B74C14F765}" = ESSini
"{8EF1122E-E90C-4EE9-AB0C-7FDE2BA42C26}" = Musicmatch® Jukebox
"{91517631-A9F3-4B7C-B482-43E0068FD55A}" = ESSgui
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{999D43F4-9709-4887-9B1A-83EBB15A8370}" = VPRINTOL
"{9D8FEE90-0377-49A9-AEFB-525BDE549BA4}" = ESScore
"{A2A60894-E3ED-46FE-9A6A-7CF7A87572A0}" = Opera 9.64
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A5B3EB8A-4071-42F0-8E8E-7A8342AA8E69}" = ESSvpaht
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{AADAC983-FDE9-42FA-8FD9-7BB324155593}" = HLPRFO
"{AC0EE5B0-A8FB-4D0A-AF03-2EDC518F841B}" = Dell Media Experience
"{AC76BA86-0000-0000-0000-6028747ADE01}" = Adobe Acrobat - Reader 6.0.2 Update
"{AC76BA86-7AD7-1033-7B44-A00000000001}" = Adobe Reader 6.0.1
"{AE1FA02D-E6A4-4EA0-8E58-6483CAC016DD}" = ESSCDBK
"{AF06CAE4-C134-44B1-B699-14FBDB63BD37}" = Dell Picture Studio v3.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4B44FE7-41FF-4DAD-8C0A-E406DDA72992}" = CCScore
"{B997C2A0-4383-41BF-B76E-9B8B7ECFB267}" = KSU
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C1E5DF32-8248-4347-908C-E030EDAE4368}" = DA920EN
"{C26B06A9-27BB-45B0-9873-9C623EC2BA38}" = iTunes
"{C78EAC6F-7A73-452E-8134-DBB2165C5A68}" = QuickTime
"{CA60320D-6A16-49C8-A34F-84EEF4799567}" = ESSTUTOR
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC016F21-3970-11DE-B878-005056806466}" = Google Earth
"{CDE4CC8B-134B-421E-943C-90799E56F664}" = Dell Media Experience Update
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint
"{D32470A1-B10C-4059-BA53-CF0486F68EBC}" = Kodak EasyShare software
"{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"{DB02F716-6275-42E9-B8D2-83BA2BF5100B}" = SFR
"{F4A2E7CC-60CA-4AFA-B67F-AD5E58173C3F}" = SKINXSDK
"{F71760CD-0F8B-4DCC-B7B7-6B223CC3843C}" = OTtBP
"{F9593CFB-D836-49BC-BFF1-0E669A411D9F}" = WIRELESS
"{FCDB1C92-03C6-4C76-8625-371224256091}" = ESSPDock
"{FDF9943A-3D5C-46B3-9679-586BD237DDEE}" = SKIN0001
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"AOL Toolbar 5.0" =
"avast!" = avast! Antivirus
"Dell AIO Printer A920" = Dell AIO Printer A920
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"ERUNT_is1" = ERUNT 1.1j
"Free Realms Installer" = Free Realms Installer
"GNU Aspell_is1" = GNU Aspell 0.50-3
"Google Chrome" = Google Chrome
"Google Updater" = Google Updater
"HijackThis" = HijackThis 2.0.2
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"InstallShield_{15803703-25FA-4C01-A062-3F4A59937E87}" = PhotoImpact X3
"InstallShield_{3209C8A2-558C-445C-832B-1AC552F59B11}" = Hoyle Demo
"InstallShield_{37F9D0BD-9AED-4EE6-BCA3-BA0749636E04}" = Hoyle Board Games 2003
"InstallShield_{D4936AAF-FFD0-44A1-A7EA-A2DB41CEB5BC}" = iPod for Windows 2005-09-23
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"IrfanView" = IrfanView (remove only)
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Mcafee SecurityCenter" = McAfee SecurityCenter
"MGI_PRISM_V4_0" = MGI PhotoSuite 4 (Remove Only)
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox (3.0.13)" = Mozilla Firefox (3.0.13)
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PhoTagsExpress" = PhoTags Express
"RealArcade" = RealArcade
"RealPlayer 6.0" = RealPlayer Basic
"RSX2DeinstKey" = Intel RSX 3D
"SBC.MCCInstall" = AT&T Self Support Tool
"SoftwareUpdUtility" = Download Updater (AOL LLC)
"StreetPlugin" = Learn2 Player (Uninstall Only)
"ViewpointMediaPlayer" = Viewpoint Media Player
"Web Games Player Plugin" = Web Games Player Plugin
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format Runtime
"Windows Media Player" = Windows Media Player 10
"Windows XP Service Pack" = Windows XP Service Pack 3
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Customizations" = Yahoo! Browser Services
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Search Defender" = Yahoo! Search Protection
"Yahoo! Software Update" = Yahoo! Software Update

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 3/19/2009 9:48:53 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = aswChestInterface - Program error description: CChestListView::OnCreate()
!m_strErrorWnd.IsEmpty().

Error - 3/20/2009 1:29:42 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\WINDOWS\system32\Setup\FxsOcm.dll failed, 00000005.

Error - 3/20/2009 1:30:53 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\DENISE ADAMS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QVE058BQ.DEFAULT\PREFS.JS
failed, 00000005.

Error - 3/20/2009 9:14:39 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\REBECC~1\LOCALS~1\Temp\CmdLineExt02.dll failed, 00000005.

Error - 3/20/2009 9:39:15 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\DENISE ADAMS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QVE058BQ.DEFAULT\PREFS.JS
failed, 00000005.

Error - 3/20/2009 9:39:15 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\DENISE ADAMS\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\QVE058BQ.DEFAULT\SESSIONSTORE.JS
failed, 00000005.

Error - 4/8/2009 6:40:56 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\DENISE~1\LOCALS~1\TEMP\IADHIDE5.DLL failed, 00000005.

Error - 5/4/2009 2:13:33 PM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\DENISE~1\LOCALS~1\TEMP\IADHIDE5.DLL failed, 00000005.

Error - 5/13/2009 8:01:04 AM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUME~1\DENISE~1\LOCALS~1\TEMP\IADHIDE5.DLL failed, 00000005.

Error - 5/13/2009 8:02:28 AM | Computer Name = BTJ | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\DOCUMENTS AND SETTINGS\DENISE ADAMS\LOCAL SETTINGS\TEMP\IADHIDE5.DLL failed,
00000005.

[ Application Events ]
Error - 8/18/2009 11:57:02 PM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/23/2009 10:55:32 PM | Computer Name = BTJ | Source = Application Error | ID = 1000
Description = Faulting application setup.exe, version 0.0.0.0, faulting module setup.exe,
version 0.0.0.0, fault address 0x00001b86.

Error - 8/24/2009 9:32:42 AM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application SpybotSD.exe, version 1.5.2.20, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 10:40:43 AM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application ATF-Cleaner.exe, version 3.0.0.2, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 11:17:25 AM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 1.9.0.3498, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 1:18:22 PM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.0.10.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 1:18:22 PM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.0.10.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 1:18:24 PM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application OTL.exe, version 3.0.10.7, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 2:03:04 PM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application Kodak Software Updater.exe, version 0.0.0.0, hang
module hungapp, version 0.0.0.0, hang address 0x00000000.

Error - 8/24/2009 2:30:53 PM | Computer Name = BTJ | Source = Application Hang | ID = 1002
Description = Hanging application rundll32.exe, version 5.1.2600.5512, hang module
hungapp, version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/27/2009 9:07:42 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:08:26 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:08:57 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:13:11 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:18:35 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:20:22 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:24:59 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:33:06 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:42:33 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.

Error - 8/27/2009 9:48:14 AM | Computer Name = BTJ | Source = DCOM | ID = 10010
Description = The server {0002DF01-0000-0000-C000-000000000046} did not register
with DCOM within the required timeout.


< End of report >
  • 0

#6
Perplexus
Posted 27 August 2009 - 08:55 PM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi jodee2814,

Let's clean some stuff up and get a couple more scans :)

------------------
Step 1:
------------------

Too Many Antivirus Programs Installed

You have too many Antivirus programs installed. Antivirus programs often conflict and can cause system slowdowns, crashes, or even leave you unprotected. Select one of these to keep and remove the other:

  • McAfee Antivirus - Download and run the McAfee removal tool from HERE. This should get rid of McAfee.
  • Avast - Go HERE and follow the instructions to completely remove Avast.
.

------------------
Step 2:
------------------

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\WINDOWS\System32\filemgmt32.dll) - C:\WINDOWS\System32\filemgmt32.dll ()
O20 - Winlogon\Notify\3c623b87660: DllName - C:\WINDOWS\System32\filemgmt32.dll - C:\WINDOWS\System32\filemgmt32.dll ()

:Reg
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\CaffeLatte\CafeClient\CafeProtocol.exe"=-
"C:\Program Files\BearShare Applications\BearShare\BearShare.exe"=-
"C:\Program Files\FrostWire\FrostWire.exe"=-

:Files
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660C.manifest
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660P.manifest
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660O.manifest
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660S.manifest
C:\WINDOWS\System32\filemgmt32.dll
C:\WINDOWS\System32\iWp27ZuiGMbMAUV.vbs
C:\Program Files\FBSearch Toolbar

:Commands
[purity]
[emptytemp]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Post the log it produces in your next reply.

------------------
Step 3:
------------------

Posted ImageRun Malwarebytes' Anti-Malware
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

------------------
Step 4:
------------------

Please download JavaRa to your desktop and unzip it to its own folder
  • Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
  • Accept any prompts.
  • Open JavaRa.exe again and select Search For Updates.
  • Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

------------------
Step 5:
------------------

Using Internet Explorer or Firefox, visit Kaspersky Online Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.

2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan. Click HERE to see how to disable the most common antivirus programs.
3. Click Run at the Security prompt.

The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on Settings.
  • Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
    • Spyware, adware, dialers, and other riskware
    • Archives
    • E-mail databases
  • Click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View report... at the bottom.
  • Click the Save report... button.

    Posted Image

  • Change the Files of type dropdown box to Text file (.txt) and name the file KasReport.txt to save the file to your desktop so that you may post it in your next reply

------------------
Step 6:
------------------

Please post back with the following:
  • How your machine is running
  • OTL fix log
  • new MBAM log
  • KasReport.txt

  • 0

#7
Perplexus
Posted 01 September 2009 - 05:37 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0

#8
jodee2814
Posted 01 September 2009 - 07:03 PM

jodee2814

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OK So here it finally is LOL!

My computer is VERY VERY SLOW!! OMG wow. But the pop ups and stuff are gone!

OTL Fix Log

All processes killed
========== OTL ==========
No active process named explorer.exe was found!
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\filemgmt32.dll scheduled to be deleted on reboot.
File C:\WINDOWS\System32\filemgmt32.dll not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\3c623b87660\ not found.
File C:\WINDOWS\System32\filemgmt32.dll not found.
========== REGISTRY ==========
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\CaffeLatte\CafeClient\CafeProtocol.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\BearShare Applications\BearShare\BearShare.exe not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\Program Files\FrostWire\FrostWire.exe not found.
========== FILES ==========
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660C.manifest moved successfully.
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660P.manifest moved successfully.
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660O.manifest moved successfully.
C:\Documents and Settings\Denise Adams\Application Data\020000008c9c9776660S.manifest moved successfully.
File\Folder C:\WINDOWS\System32\filemgmt32.dll not found.
File\Folder C:\WINDOWS\System32\iWp27ZuiGMbMAUV.vbs not found.
File\Folder C:\Program Files\FBSearch Toolbar not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Administrator.BTJ
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: All Users

User: Application Data

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Denise Adams
File delete failed. C:\Documents and Settings\Denise Adams\Local Settings\Temp\IadHide5.dll scheduled to be deleted on reboot.
->Temp folder emptied: 82391899 bytes
->Temporary Internet Files folder emptied: 3975404 bytes
->Java cache emptied: 127542 bytes
->FireFox cache emptied: 55863637 bytes
->Opera cache emptied: 16779796 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Rebecca Mahar
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
File delete failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be deleted on reboot.
File delete failed. C:\WINDOWS\temp\Perflib_Perfdata_59c.dat scheduled to be deleted on reboot.
Windows Temp folder emptied: 49816 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 151.85 mb


OTL by OldTimer - Version 3.0.10.7 log created on 09012009_082144

Files\Folders moved on Reboot...
DllUnregisterServer procedure not found in C:\Documents and Settings\Denise Adams\Local Settings\Temp\IadHide5.dll
C:\Documents and Settings\Denise Adams\Local Settings\Temp\IadHide5.dll NOT unregistered.
C:\Documents and Settings\Denise Adams\Local Settings\Temp\IadHide5.dll moved successfully.
File move failed. C:\WINDOWS\temp\_avast4_\Webshlock.txt scheduled to be moved on reboot.
C:\WINDOWS\temp\Perflib_Perfdata_59c.dat moved successfully.

Registry entries deleted on Reboot...
Registry delete failed. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:C:\WINDOWS\System32\filemgmt32.dll scheduled to be deleted on reboot.

MBAM NEW LOG

Malwarebytes' Anti-Malware 1.40
Database version: 2551
Windows 5.1.2600 Service Pack 3

8/27/2009 10:49:48 PM
mbam-log-2009-08-27 (22-49-48).txt

Scan type: Quick Scan
Objects scanned: 111995
Time elapsed: 28 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 1
Registry Keys Infected: 1
Registry Values Infected: 1
Registry Data Items Infected: 2
Folders Infected: 2
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
C:\WINDOWS\SYSTEM32\filemgmt32.dll (Backdoor.Bot) -> Delete on reboot.

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\3c623b87660 (Backdoor.Bot) -> Delete on reboot.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\WINID (Malware.Trace) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: c:\windows\system32\filemgmt32.dll -> Delete on reboot.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Backdoor.Bot) -> Data: system32\filemgmt32.dll -> Delete on reboot.

Folders Infected:
C:\Program Files\Registry Mighty (Rogue.RegistryMighty) -> Quarantined and deleted successfully.
C:\Program Files\Registry Mighty\RepairBackup (Rogue.RegistryMighty) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\Registry Mighty\RegistryMighty.exe (Rogue.RegistryMighty) -> Quarantined and deleted successfully.
C:\Program Files\Registry Mighty\RepairBackup\_20090322_213253.reg (Rogue.RegistryMighty) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\B.tmp (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\SYSTEM32\filemgmt32.dll (Backdoor.Bot) -> Delete on reboot.
  • 0

#9
jodee2814
Posted 01 September 2009 - 07:30 PM

jodee2814

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
OK so I am having to put the KasReport in two different post because it is too long. I know that can not be good right? Ugh :) :) :) :)
I really really really appreciate your patience with me and all your help! You guys are amazing here at geekstogo.com!! :)

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Tuesday, September 1, 2009
Operating system: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Tuesday, September 01, 2009 17:33:03
Records in database: 2736649
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\

Scan statistics:
Objects scanned: 122021
Threats found: 1
Infected objects found: 37540
Suspicious objects found: 0
Scan duration: 08:18:42


File name / Threat / Threats count
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\ Games.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\ Music.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\ Software.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\! # (theroulettesystem) complete ebook.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\%5BVP-Raw%5D One Piece 321 SD (704x396) avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\' (fmx) Let Me Show You A Hole New World Of POKER Money Making (windows xp) (software) (ebook).zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Bioshock Uncut [PAL][XBOX360][Multi5][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Bioshock [PC][DVD][Multi5][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Crazy Taxi Fare Wars [NTSC][UMDFull][English][PSP][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Dungeons And Dragons Tactics[NTSC][UMDFull][English][PSP][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'El Novio De Mi Madre [DVDRIP XViD MP3][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'En El Valle [DVDRIP XViD MP3][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Ghost Recon Advanced Warfighter 2 [NTSC][UMDFull][English][PSP][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Ghost Recon Advanced Warfighter 2 [NTSC][UMDRip][English][PSP][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'La Cosecha [DVDRIP XViD MP3][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Las Vueltas De La Vida [DVDRIP XViD MP3][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Madden NFL 08 [PAL][PS2DVD][English][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Nascar [PAL][PS2DVD][English][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Stuntman Ignition [PAL][PS2DVD][Multi][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'The Sims 2 Bon Voyage (Expansion) [PC][DVD][Multi16][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Tiger Woods PGA Tour 08 [PAL][Wii][English][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\'Transformers The Game [PAL][UMDFull][English][PSP][www.emwreloaded.com].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[Anonymous] Kaibutsu Oujo - 20 (h264)[6D911F9D] mkv.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[Anonymous] Kaibutsu Oujo - 21 (h264)[1645CE22] mkv.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[Anonymous] Kaibutsu Oujo - 21 (XviD)[C92D1A0C] avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[Anonymous] Potemayo - 09 [704x400 h264][Vorbis][8E588C4E] mkv.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[Anonymous] Potemayo - 09 [704x400 XviD][MP3][66A1DBCE][2] avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[Ayako] Murder Princess - OVA 06 [D0B4A58B] avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 22 [1280x720][h264][6039D9AF] mkv.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 22 [704x400][XviD][3AD8088F] avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 23 [1280x720 x264][4007292D] mkv.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[BSS-Anon] Tengen Toppa Gurren-Lagann - 23 [704x400 XviD][AE32ED93] avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[Flomp-Rumbel] Bleach - 137 [H264][85FA5F24].zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[INP]One Piece 320 avi.zip Infected: P2P-Worm.Win32.VB.dw 1
C:\Documents and Settings\Rebecca Mahar\My Documents\My Music\Shared\(AniRena)[INP]One Piece 322 avi.zip Infected: P2P-Worm.Win32.VB.dw 1
  • 0

#10
jodee2814
Posted 01 September 2009 - 07:46 PM

jodee2814

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
ok Nevermind I completely give up, everytime I try to post it in here or even parts of it it freezes up. And then by the time it un freezes its way to long and it wont let me attach it........I don't get it. I know its unbelievably long ugh ugh ugh
  • 0

Advertisements

#11
Perplexus
Posted 02 September 2009 - 05:16 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi jodee2814,

I know it's frustrating. I've been in your shoes. Kaspersky does not clean anything so it's important that I get the log so I can finish cleaning.

If it is to large to attach then upload to Mediafire and post the sharing link.

Which Antivirus did you uninstall, McAfee or Avast?
  • 0

#12
Perplexus
Posted 02 September 2009 - 06:40 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Hi jodee2814,

On second thought, if Kaspersky is really that long then let's go ahead and run something else first. We will probably need to redo Kaspersky at some point :)

Download Combofix from any of the links below and save it to your desktop. You must rename it to Combo-Fix.exe before saving it.

Link 1
Link 2

**Note: In the event you already have Combofix, this is a new version that I need you to download. It is important that it is saved and renamed following this process directly to your desktop**
  • If you are using FireFox, make sure that your download settings are as follows:
    • Tools->Options->Main tab
    • Set to Always ask me where to Save the files
  • During the download, rename it to Combo-Fix.exe as follows:

    Posted Image

    Posted Image
  • It is important to rename it during the download and not after.
  • Please do not rename it to something other than what was indicated.
  • Make sure to do the following:
    • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before performing a scan. They can interfere with ComboFix or remove some of its embedded files which may cause unpredictable results
    • Click on this link to see a list of programs that should be disabled. The list is not all inclusive. If yours is not listed and you don't know how to disable it, please ask.
    • Close any open browsers.
    • Warning: ComboFix will disconnect your machine from the internet as soon as it starts.
    • Please do not attempt to re-connect your machine back to the Internet until Combofix has completely finished.
    • If there is no internet connection after running Combofix, then restart your computer to restore back your connection.
  • Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt log so we can continue cleaning the system.
**Note: Do not mouseclick combo-fix's window while it's running. That may cause it to stall**
  • 0

#13
jodee2814
Posted 02 September 2009 - 06:58 AM

jodee2814

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
http://www.mediafire...04e75f6e8ebb871

I hope that works and thank you for telling me about that I was getting so annoyed last night lol. I removed McAfee...I like Avast alot!
  • 0

#14
Perplexus
Posted 02 September 2009 - 07:15 AM

Perplexus

    Lord of the Geeks

  • Malware Removal
  • 1,185 posts
Thanks for the log :) You have an alcan infection. So here's my backdoor speech:

You have a backdoor trojan installed on your computer.
Backdoor Trojans, IRCBots and Infostealers are very dangerous because they provide a means of accessing a computer system that bypasses security mechanisms and steal sensitive information like passwords, personal and financial data which they send back to the hacker. Remote attackers use backdoor Trojans as part of an exploit to to gain unauthorized access to a computer and take control of it without your knowledge.

If your computer was used for online banking, has credit card information or other sensitive data on it, you should immediately disconnect from the Internet until your system is cleaned.
All passwords should be changed immediately to include those used for banking, email, eBay and forums. You should consider them to be compromised. They should be changed by using a different computer and not the infected one. If not, an attacker may get the new passwords and transaction information. Banking and credit card institutions should be notified of the possible security breach.

I'll await the ComboFix run from above before proceeding :)
  • 0

#15
jodee2814
Posted 02 September 2009 - 07:16 AM

jodee2814

    Member

  • Topic Starter
  • Member
  • PipPip
  • 30 posts
Ok So I tried the combo fix and did everything I was told to do and when I click on it a little box comes up that says combofix and has a bar under it like is loading and then when its done loading it disappears and nothing happens?
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP