Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Alureon.BF.2 and PCK,Tdss.Y.33 removal [Solved]

Started by riverjay , Sep 19 2009 02:46 PM

  • This topic is locked This topic is locked

#1
riverjay
Posted 19 September 2009 - 02:46 PM

riverjay

    New Member

  • Member
  • Pip
  • 8 posts
Hello- Have some problems-
Running XP SP2, Avira AntiVir Personal Free, and Windows Defender but still got a load of malware that seemed to show up all at once. With the Avira I was able to quarantine Sasfis.imh.1, Dldr.Stration.Gen, and Malicious.PDF.Gen. According to Avira I am still left with a PCk.Tdss.Y.33 and 5 instances of Alueron.BF.2, which are detected during an "Active Processes" scan. I am allowed to delete or quaratine them, but then the machine automatically reboots and they are back after the reboot.

I am being buried by pop-ups related to "Advanced Virus Remover". I understand these are bogus and I try to just close them, but I have the feeling I'm losing,(the numbers of occurences seem to be increasing). The option to show hidden files is removed, file extensions have been removed, I cannot access Task Manager, I cannot get a command prompt, cannot access regedit, and browser searches seem not quite right. Prior to coming to your site I tried loading Malwarebytes' AntiMalware. I got it to load by changing the name of the .exe, (although it hung for several minutes during installation). It appears to be installed, but will not execute from the shortcut or the start menu.

I did what I could from your removal guide- TFC,System Restore,ERUNT. Malwarebytes won't run, Windows Update cannot be accessed. RootRepeal and OTC logs are below. Feels like quite a mess, I would be quite grateful for any direction you could lend.

Thank you in advance

OOTREPEAL © AD, 2007-2009
==================================================
Scan Start Time: 2009/09/19 11:56
Program Version: Version 1.3.5.0
Windows Version: Windows XP SP2
==================================================

Drivers
-------------------
Name: dump_atapi.sys
Image Path: C:\WINDOWS\System32\Drivers\dump_atapi.sys
Address: 0xAA521000 Size: 98304 File Visible: No Signed: -
Status: -

Name: dump_WMILIB.SYS
Image Path: C:\WINDOWS\System32\Drivers\dump_WMILIB.SYS
Address: 0xF7DC1000 Size: 8192 File Visible: No Signed: -
Status: -

Name: rootrepeal.sys
Image Path: C:\WINDOWS\system32\drivers\rootrepeal.sys
Address: 0xA9CD6000 Size: 49152 File Visible: No Signed: -
Status: -

Hidden Services
-------------------
Service Name: UACd.sys
Image Path: C:\WINDOWS\system32\drivers\UACsxkxradeer.sys

==EOF==



OTL logfile created on: 9/19/2009 12:45:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 592.33 Mb Available Physical Memory | 58.41% Memory free
1.63 Gb Paging File | 1.22 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.57 Gb Free Space | 7.63% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 22.28 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/09/28 21:26:04 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
PRC - [2004/04/11 19:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/08/23 17:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/06/18 14:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2002/07/11 05:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/08/03 16:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/13 19:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2004/06/18 14:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 14:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/01/16 16:31:26 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2009/09/17 22:51:37 | 00,044,970 | -HS- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\winupdate.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2008/11/07 16:21:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/04/26 19:11:44 | 00,081,920 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
PRC - [2001/11/27 09:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2009/09/17 22:53:38 | 01,011,712 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscsvc32.exe
PRC - [2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
PRC - [2009/06/29 01:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/10/28 10:42:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\nzfiu3h78di.dll) - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\System32\nzfiu3h78di.dll ()
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [jamiridov] C:\WINDOWS\System32\pafiloha.DLL ()
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKLM..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe ()
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe File not found
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\Run: [WIndows Rescue Disk] C:\DOCUME~1\Joelle\LOCALS~1\Temp\win.exe File not found
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfar...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229662627796 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai....ood/Coupons.cab (cpbrkpie Control)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www.verizon.n...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (c:\windows\system32\pafiloha.dll) - C:\WINDOWS\System32\pafiloha.dll ()
O20 - AppInit_DLLs: (rigagine.dll) - C:\WINDOWS\System32\rigagine.dll ()
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: haneyohiw - {18f09260-1120-4996-af13-f8cb50ec97e1} - C:\WINDOWS\System32\pafiloha.dll ()
O22 - SharedTaskScheduler: {18f09260-1120-4996-af13-f8cb50ec97e1} - tokatiluy - C:\WINDOWS\System32\pafiloha.dll ()
O22 - SharedTaskScheduler: {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - ksfe98wjkodsngiwiojndg873hundggdd - C:\WINDOWS\System32\nzfiu3h78di.dll ()
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\nnnnNGAs) - File not found
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/31 19:29:51 | 00,000,067 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell - "" = AutoRun
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell - "" = AutoRun
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3adb29fc-5ce8-11d9-8a2c-0011113f8645}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autofred.exe -- File not found
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/19 12:39:48 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:57:35 | 00,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk
[2009/09/19 11:57:35 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protection System.lnk
[2009/09/19 11:54:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/19 11:32:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:13:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:03 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:33:13 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
[2009/09/19 05:15:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 05:15:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 05:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 05:15:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 05:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/19 04:55:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/09/19 03:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/09/19 02:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/09/19 01:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/09/18 23:55:29 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\Advanced Virus Remover.lnk
[2009/09/18 23:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\AdvancedVirusRemover
[2009/09/18 02:15:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/09/17 23:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\Protection System
[2009/09/17 22:52:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12505464
[2009/09/17 22:52:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/09/17 22:49:19 | 00,201,328 | ---- | C] (Unknown Corporation) -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/17 22:46:19 | 00,049,664 | ---- | C] () -- C:\vhlyrkv.exe
[2009/09/17 22:46:19 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\nzfiu3h78di.dll
[2009/09/17 22:46:12 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/17 22:46:11 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/09/07 18:38:20 | 01,042,432 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/07 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2009/09/07 11:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Local Settings\Application Data\DeLorme
[2009/09/07 10:50:31 | 00,002,291 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\History
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2009/09/06 10:35:09 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:19 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc

========== Files - Modified Within 14 Days ==========

[3 C:\WINDOWS\System32\*.tmp files]
[2009/09/19 12:44:10 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 12:36:55 | 00,000,729 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/19 12:36:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/09/19 12:36:55 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/19 12:22:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/09/19 12:22:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/19 12:22:08 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/19 12:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\gydurryy.job
[2009/09/19 11:57:35 | 00,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk
[2009/09/19 11:57:35 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protection System.lnk
[2009/09/19 11:54:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:49:57 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\fawenuto.dll
[2009/09/19 11:49:30 | 00,983,076 | -HS- | M] () -- C:\WINDOWS\System32\jukaraso.exe
[2009/09/19 11:49:27 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\pafiloha.dll
[2009/09/19 11:49:27 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\buyoziyi.dll
[2009/09/19 11:43:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:32:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:27:41 | 00,000,749 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\Advanced Virus Remover.lnk
[2009/09/19 11:26:56 | 00,020,992 | ---- | M] () -- C:\WINDOWS\System32\winhelper.dll
[2009/09/19 11:13:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 10:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/09/19 09:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/09/19 08:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/09/19 07:48:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/09/19 06:48:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/18 23:49:51 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\guyuzera.dll
[2009/09/18 23:49:21 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\mekijoru.dll
[2009/09/18 23:49:20 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\buvoyaki.dll
[2009/09/17 22:51:37 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\pegatijo.dll
[2009/09/17 22:49:21 | 00,201,328 | ---- | M] (Unknown Corporation) -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/17 22:46:20 | 00,049,664 | ---- | M] () -- C:\vhlyrkv.exe
[2009/09/17 22:46:19 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\nzfiu3h78di.dll
[2009/09/17 22:46:12 | 00,103,424 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2009/09/17 22:46:12 | 00,011,776 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/14 16:42:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/13 13:26:21 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:01:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 18:38:20 | 01,042,432 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/06 10:35:41 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:20 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc

========== LOP Check ==========

[2009/09/19 05:15:30 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/09/17 23:12:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\12505464
[2009/07/26 13:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2007/12/22 17:06:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/11/30 07:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/03/03 19:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/09/07 11:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/14 16:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/13 15:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/09 08:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/08/19 18:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/19 18:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/11/30 06:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/12/22 17:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/31 19:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/13 14:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/12/13 15:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/07 11:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/27 20:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2006/08/24 09:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2009/01/27 20:29:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Joelle\Application Data
[2008/12/16 08:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Amazon
[2005/03/29 21:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ArcSoft
[2009/05/24 09:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Audacity
[2008/01/22 08:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Canon
[2008/03/03 22:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Corel
[2004/12/17 22:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\CyberLink
[2009/09/07 11:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2008/03/16 22:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Intuit
[2004/12/17 22:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Leadertech
[2009/01/27 11:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Move Networks
[2009/09/13 10:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\RipIt4Me
[2007/12/22 17:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ScanSoft
[2007/09/08 23:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Snapfish
[2007/08/29 20:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\SoundSpectrum
[2008/09/03 22:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\U3
[2009/01/27 20:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Verizon
[2006/08/29 22:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\YAMAHA
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/09/19 12:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\gydurryy.job
[2009/09/19 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/19 12:22:10 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.exe >
[2009/09/17 22:46:20 | 00,049,664 | ---- | M] () -- C:\vhlyrkv.exe

< %systemroot%\system32\eventlog.dll >
[2004/08/04 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\EVENTLOG.DLL
[3 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\system32\scecli.dll >
[2004/08/04 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\SCECLI.DLL
[3 C:\WINDOWS\system32\*.tmp files]

< %systemroot%\netlogon.dll >

< %systemroot%\system32\cngaudit.dll >

< %systemroot%\system32\sceclt.dll >

< %systemroot%\ntelogon.dll >

< %systemroot%\system32\logevent.dll >
< End of report >



OTL Extras logfile created on: 9/19/2009 12:45:28 PM - Run 1
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 592.33 Mb Available Physical Memory | 58.41% Memory free
1.63 Gb Paging File | 1.22 Gb Available in Paging File | 74.55% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.57 Gb Free Space | 7.63% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 22.28 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %* File not found
chm.file [open] -- "C:\WINDOWS\hh.exe" %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %* File not found
comfile [open] -- "%1" %* File not found
exefile [open] -- "%1" %* File not found
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %* File not found
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1" File not found
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S File not found
txtfile [edit] -- Reg Error: Key error.
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [Winamp.Bookmark] -- "C:\Program Files\Winamp\winamp.exe" /BOOKMARK "%1" (Nullsoft)
Directory [Winamp.Enqueue] -- "C:\Program Files\Winamp\winamp.exe" /ADD "%1" (Nullsoft)
Directory [Winamp.Play] -- "C:\Program Files\Winamp\winamp.exe" "%1" (Nullsoft)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 1
"FirewallDisableNotify" = 1
"UpdatesDisableNotify" = 1
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"9051:UDP" = 9051:UDP:LocalSubNet:Enabled:Verizon Tech Wizard

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\WINDOWS\SYSTEM32\FXSCLNT.EXE" = C:\WINDOWS\SYSTEM32\FXSCLNT.EXE:*:Enabled:Microsoft Fax Console -- (Microsoft Corporation)
"D:\launcher\ENC2.EXE" = D:\launcher\ENC2.EXE:*:Disabled:Encore -- File not found
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe" = C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Disabled:Jasc Paint Shop Photo Album Application -- File not found
"C:\Program Files\Grisoft\AVG7\avginet.exe" = C:\Program Files\Grisoft\AVG7\avginet.exe:*:Enabled:avginet.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgamsvr.exe" = C:\Program Files\Grisoft\AVG7\avgamsvr.exe:*:Enabled:avgamsvr.exe -- File not found
"C:\Program Files\Grisoft\AVG7\avgcc.exe" = C:\Program Files\Grisoft\AVG7\avgcc.exe:*:Enabled:avgcc.exe -- File not found
"C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\ttax.exe:LocalSubNet:Disabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Deluxe 2006\32bit\updatemgr.exe:LocalSubNet:Disabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\Program Files\Windows Media Player\wmplayer.exe" = C:\Program Files\Windows Media Player\wmplayer.exe:*:Disabled:Windows Media Player -- (Microsoft Corporation)
"C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe" = C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe:LocalSubNet:Disabled:Intuit Update Shared Downloads Server -- (Intuit Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\ttax.exe:LocalSubNet:Enabled:TurboTax -- (Intuit, Inc.)
"C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe" = C:\Program Files\TurboTax\Premier 2007\32bit\updatemgr.exe:LocalSubNet:Enabled:TurboTax Update Manager -- (Intuit, Inc.)
"C:\WINDOWS\explorer.exe" = C:\WINDOWS\explorer.exe:*:Enabled:Explorer -- (Microsoft Corporation)
"C:\Program Files\Internet Explorer\iexplore.exe" = C:\Program Files\Internet Explorer\iexplore.exe:*:Enabled:Internet Explorer -- (Microsoft Corporation)
"C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe" = C:\Program Files\Seagate\SeagateManager\FreeAgent Status\stxmenumgr.exe:*:Enabled:StxMenuMgr -- (Seagate LLC)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP610_series" = Canon MP610 series
"{17334AAF-C9E7-483B-9F45-E3FCAF07FFA7}" = Intel® PROSet for Wired Connections
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Sonic MyDVD
"{21F792EB-0B7F-476D-A98E-83927CA179F3}" = Garfield K Math Readiness
"{225AF9A1-B556-88D5-94AA-0010B5426419}" = My DSC
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{27664F6E-2F86-4D5B-BC44-E33C14B6AC03}" = YAMAHA Digital Music Notebook
"{29521505-F489-4822-ADFA-32C6DEE4F114}" = TurboTax 2008 WinPerUserEducation
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{35BDEFF1-A610-4956-A00D-15453C116395}" = Internet Explorer Default Page
"{36495C59-089C-49D1-BD15-9E5BD86DC9A1}" = ItsDeductible Express
"{3D719053-5593-11D3-8F25-0060085C1758}" = Microsoft Streets and Trips 2001
"{3F92ABBB-6BBF-11D5-B229-002078017FBF}" = Modem On Hold
"{42FE04ED-8E4C-11D5-BA72-0048546FEA44}" = Reading Basics
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{4E868D3D-6EEB-4273-926C-2287236B5B79}" = 3DVIA player 5.0
"{4EF69D40-4DC9-485E-95D3-B1C22F218FC8}" = upapp
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5A8D3524-79DB-11D5-99D1-00010256D40E}" = SD Viewer for DSC
"{5E863175-E85D-44A6-8968-82507D34AE7F}" = QuickTime
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD 5.3
"{6856E07D-9B6D-4B17-B0EF-593BDED87B4D}" = Daycare Nightmare
"{6A77FE0A-6A36-44F0-A503-A4BC49EFD6BC}" = OLYMPUS DSS Player-Lite
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7148F0A8-6813-11D6-A77B-00B0D0142030}" = Java 2 Runtime Environment, SE v1.4.2_03
"{7148F0A8-6813-11D6-A77B-00B0D0142060}" = Java 2 Runtime Environment, SE v1.4.2_06
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{7570F1CA-016D-46AC-B586-CD74645EFB52}" = TurboTax 2008 WinPerFedFormset
"{78D944D7-A97B-4004-AB0A-B5AD06839940}" = My Way Search Assistant
"{7A0EFAFB-AC4B-4B88-8C6B-6731BE88DB68}" = Modem Event Monitor
"{7BE8EBFD-90AA-11D5-BA72-0048546FEA44}" = Ernie's Adventures in Space
"{7DD9A065-2C86-4A9F-A5FF-796EC1B99DCA}" = AnswerWorks 4.0 Runtime - English
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{7F142D56-3326-11D5-B229-002078017FBF}" = Modem Helper
"{88214092-836F-4E22-A5AC-569AC9EE6A0F}" = TurboTax 2008 WinPerReleaseEngine
"{8A708DD8-A5E6-11D4-A706-000629E95E20}" = Intel® Graphics Media Accelerator Driver
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{90510409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Visio Professional 2003
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{98736A65-3C79-49EC-B7E9-A3C77774B0E6}" = Google SketchUp 6
"{9A25302D-30C0-39D9-BD6F-21E6EC160475}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
"{9E397B40-13F7-4CA2-9943-ADB29ACBBFDF}" = ArcSoft Software Suite
"{9E5A03E3-6246-4920-9630-0527D5DA9B07}" = AnswerWorks 5.0 English Runtime
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A260B422-70E1-41E2-957D-F76FA21266D5}" = Apple Software Update
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A3E77D20-647C-40E2-B69B-C120D4D58190}" = G5a922EN
"{A9E27FF5-6294-46A8-B8FD-77B1DECA3021}" = Wizard101
"{AC76BA86-7AD7-1033-7B44-A70000000000}" = Adobe Reader 7.0
"{AF19F291-F22F-4798-9662-525305AE9E48}" = WordPerfect Office 12
"{B1DB1AD8-C07E-4052-81A1-D2930232BA70}" = TurboTax 2008 wrapper
"{B23726CF-68BF-41A6-A4EB-72F12F87FE05}" = TurboTax 2008 WinPerTaxSupport
"{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}" = ScanSoft OmniPage SE 4
"{B3D8B2F8-3C2C-45BC-933E-8B60E78F6684}" = Google SketchUp 6
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D1696920-9794-4BBC-8A30-7A88763DE5A2}" = ABBYY FineReader 5.0 Sprint Plus
"{D4A2EF65-9888-4EFF-8EA0-A2D2C3152A29}" = Samsung USB Driver (MCCI 4.34) WHQL v3.4
"{DBEA1034-5882-4A88-8033-81C4EF0CFA29}" = Google Toolbar for Internet Explorer
"{E3BFEE55-39E2-4BE0-B966-89FE583822C1}" = Dell Support Center (Support Software)
"{E6D9BC25-0DBC-4368-8E4A-7DEE80661CD9}" = TurboTax 2008 WinPerProgramHelp
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{F12F5528-8AE7-49DD-B883-4D469C5C211F}" = DeLorme Topo USA 8.0
"{FB91E774-867B-4567-ACE7-8144EF036068}" = Olympus Digital Wave Player
"3DGroove" = 3D Groove Playback Engine
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Shockwave Player" = Adobe Shockwave Player 11.5
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.3
"Arthur's Birthday" = Arthur's Birthday
"Arthur's Teacher Trouble" = Arthur's Teacher Trouble
"Arthur's Thinking Games" = Arthur's Thinking Games
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.5 (Unicode)
"Audacity_is1" = Audacity 1.2.4
"Autodesk DWF Viewer" = Autodesk DWF Viewer
"AVIConverter" = AVIConverter CHN-EN Package
"Avira AntiVir Desktop" = Avira AntiVir Personal - Free Antivirus
"Blue's Art Time Activities" = Blue's Art Time Activities
"BluesCluesKindergartenDKey" = Blue's Kindergarten
"Candy Land" = Candy Land
"Canon MP610 series User Registration" = Canon MP610 series User Registration
"CanonMyPrinter" = Canon My Printer
"CanonSolutionMenu" = Canon Utilities Solution Menu
"Coupon Printer for Windows4.0" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Photo AIO Printer 922" = Dell Photo AIO Printer 922
"Dreamship Tales" = Dreamship Tales
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Easy-PhotoPrint EX" = Canon Utilities Easy-PhotoPrint EX
"EESInst 99" = Encarta Encyclopedia 99
"ERUNT_is1" = ERUNT 1.1j
"Eyewitness Encyclopedia of Nature 2.0" = Eyewitness Encyclopedia of Nature 2.0
"Free Realms Installer" = Free Realms Installer
"FreeWX-Wi_is1" = FreeWX-Wi 1.01
"Gamevance" = Gamevance
"G-Force" = G-Force
"hp deskjet 5550 series" = hp deskjet 5550 series (Remove only)
"hp print screen utility" = hp print screen utility
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"InstallShield_{6693E024-E2D3-477C-8EF9-4D484F3B3071}" = Seagate Manager Installer
"Intel® 537EP V9x DF PCI Modem" = Intel® 537EP V9x DF PCI Modem
"JSLG_ABC" = JumpStart Learning Games ABC's
"Just Grandma and Me" = Just Grandma and Me
"LBT Preschool Adventure" = LBT Preschool Adventure
"Leap Ahead Phonics Ages 4-7" = Leap Ahead Phonics Ages 4-7
"Logical Journey of the Zoombinis V1.1.0" = Logical Journey of the Zoombinis V1.1.0
"Mad About Cats" = Mad About Cats
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Millie and Bailey Kindergarten" = Millie and Bailey Kindergarten
"Miss Spider" = Miss Spider
"MP Navigator EX 1.0" = Canon MP Navigator EX 1.0
"Muti ID3 Tag Editor" = Alex Buturuga - Muti ID3 Tag Editor 1.3b1
"MyWaySearchAssistantDE" = My Way Search Assistant
"NeroMultiInstaller!UninstallKey" = Nero Suite
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"PROSet" = Intel® PRO Network Adapters and Drivers
"Protection System" = Protection System
"RadialpointClientGateway_is1" = Verizon Servicepoint 1.5.20
"Read4632.exe" = Reader Rabbit's Reading Ages 4-6
"Reader Rabbit Kindergarten" = Reader Rabbit Kindergarten
"RipIt4Me" = RipIt4Me
"rrm46_32.exe" = Reader Rabbit's Math Ages 4-6
"rrpw32.exe" = Reader Rabbit's Preschool
"Scholastic's I SPY Junior" = Scholastic's I SPY Junior
"Scholastic's I SPY School Days" = Scholastic's I SPY School Days
"Scholastic's I SPY Spooky Mansion" = Scholastic's I SPY Spooky Mansion
"Scooby-Doo™, Phantom of the Knight™" = Scooby-Doo™, Phantom of the Knight™
"SearchLearnAdventures" = Sesame Street Search & Learn Adventures
"SHRThinkingGames" = Schoolhouse Rock Thinking Games
"SideStep" = SideStep
"Train Simulator 1.0" = Microsoft Train Simulator
"TurboTax 2005" = TurboTax 2005
"TurboTax 2008" = TurboTax 2008
"TurboTax Deluxe 2004" = TurboTax Deluxe 2004
"TurboTax Deluxe Deduction Maximizer 2006" = TurboTax Deluxe Deduction Maximizer 2006
"TurboTax Premier 2007" = TurboTax Premier 2007
"Verizon FiOS Activation_is1" = Verizon FiOS Activation
"Visioneer Digital Camera Utility" = Visioneer Digital Camera Utility
"WIC" = Windows Imaging Component
"Winamp" = Winamp
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 10
"WinRAR archiver" = WinRAR archiver
"WinZip" = WinZip
"WMFDist11" = Windows Media Format 11 runtime
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 9/18/2009 9:30:48 PM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/18/2009 9:30:48 PM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2009 1:11:35 AM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2009 1:11:35 AM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2009 1:29:50 AM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2009 1:29:50 AM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2009 8:29:58 AM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 80070005 from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2009 8:29:58 AM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

Error - 9/19/2009 3:11:29 PM | Computer Name = DGQ6G561 | Source = EventSystem | ID = 4609
Description = The COM+ Event System detected a bad return code during its internal
processing. HRESULT was 800706BA from line 44 of d:\comxp_sp2\com\com1x\src\events\tier1\eventsystemobj.cpp.
Please contact Microsoft Product Support Services to report this erro

Error - 9/19/2009 3:11:30 PM | Computer Name = DGQ6G561 | Source = VSS | ID = 8193
Description = Volume Shadow Copy Service error: Unexpected error calling routine
CoCreateInstance. hr = 0x80040206.

[ System Events ]
Error - 9/19/2009 2:39:05 AM | Computer Name = DGQ6G561 | Source = DCOM | ID = 10005
Description = DCOM got error "%1084" attempting to start the service EventSystem
with arguments "" in order to run the server: {1BE1F766-5536-11D1-B726-00C04FB926AF}

Error - 9/19/2009 2:40:03 AM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7026
Description = The following boot-start or system-start driver(s) failed to load:
avgio avipbb Fips intelppm ssmdrv

Error - 9/19/2009 2:00:12 PM | Computer Name = DGQ6G561 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}

Error - 9/19/2009 2:16:23 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Scheduler service terminated unexpectedly. It has
done this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 9/19/2009 2:16:23 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7031
Description = The Avira AntiVir Guard service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 0 milliseconds:
Restart the service.

Error - 9/19/2009 2:16:25 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7034
Description = The Seagate Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/19/2009 2:16:25 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7034
Description = The SupportSoft Sprocket Service (dellsupportcenter) service terminated
unexpectedly. It has done this 1 time(s).

Error - 9/19/2009 2:16:25 PM | Computer Name = DGQ6G561 | Source = Service Control Manager | ID = 7034
Description = The Intuit Update Service service terminated unexpectedly. It has
done this 1 time(s).

Error - 9/19/2009 3:02:14 PM | Computer Name = DGQ6G561 | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service wuauserv with
arguments "" in order to run the server: {E60687F7-01A1-40AA-86AC-DB1CBF673334}


< End of report >
  • 0

Advertisements

#2
Essexboy
Posted 19 September 2009 - 03:30 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hmm you have a few squatters there - time for eviction I believe :)


Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O2 - BHO: (C:\WINDOWS\system32\nzfiu3h78di.dll) - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\System32\nzfiu3h78di.dll ()
O4 - HKLM..\Run: [jamiridov] C:\WINDOWS\System32\pafiloha.DLL ()
O4 - HKLM..\Run: [winupdate.exe] C:\WINDOWS\System32\winupdate.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe ()
O4 - HKCU..\Run: [Protection System] C:\Program Files\Protection System\psystem.exe File not found
O4 - HKCU..\Run: [WIndows Rescue Disk] C:\DOCUME~1\Joelle\LOCALS~1\Temp\win.exe File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\control panel present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableTaskMgr = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 1
O9 - Extra Button: SideStep - {3E230861-5C87-11D3-A1C6-00105A1B41B8} - C:\WINDOWS\Downloaded Program Files\SbCIe02a.dll File not found
O16 - DPF: {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB} http://ak.exe.imgfarm.com/images/nocache/f...p1.0.0.15-3.cab (Reg Error: Key error.)
O16 - DPF: {9522B3FB-7A2B-4646-8AF6-36E7F593073C} http://a19.g.akamai.net/7/19/7125/4058/ftp...ood/Coupons.cab (cpbrkpie Control)
O20 - AppInit_DLLs: (c:\windows\system32\pafiloha.dll) - C:\WINDOWS\System32\pafiloha.dll ()
O20 - AppInit_DLLs: (rigagine.dll) - C:\WINDOWS\System32\rigagine.dll ()
O21 - SSODL: haneyohiw - {18f09260-1120-4996-af13-f8cb50ec97e1} - C:\WINDOWS\System32\pafiloha.dll ()
O22 - SharedTaskScheduler: {18f09260-1120-4996-af13-f8cb50ec97e1} - tokatiluy - C:\WINDOWS\System32\pafiloha.dll ()
O22 - SharedTaskScheduler: {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - ksfe98wjkodsngiwiojndg873hundggdd - C:\WINDOWS\System32\nzfiu3h78di.dll ()
O30 - LSA: Authentication Packages - (C:\WINDOWS\system32\nnnnNGAs) - File not found
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell - "" = AutoRun
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell - "" = AutoRun
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\Shell\AutoRun\command - "" = G:\LaunchU3.exe -- File not found
O33 - MountPoints2\{3adb29fc-5ce8-11d9-8a2c-0011113f8645}\Shell\AutoRun\command - "" = G:\setupSNK.exe -- File not found
O33 - MountPoints2\D\Shell - "" = AutoRun
O33 - MountPoints2\D\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\D\Shell\AutoRun\command - "" = D:\autofred.exe -- File not found
[2009/09/19 11:57:35 | 00,001,614 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk
[2009/09/19 11:57:35 | 00,000,704 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Protection System.lnk
[2009/09/19 05:33:13 | 00,020,992 | ---- | C] () -- C:\WINDOWS\System32\winhelper.dll
2009/09/19 04:55:11 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\15724.exe
[2009/09/19 03:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\19169.exe
[2009/09/19 02:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\26500.exe
[2009/09/19 01:55:10 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\6334.exe
[2009/09/18 23:55:29 | 00,000,749 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\Advanced Virus Remover.lnk
[2009/09/18 23:55:28 | 00,000,000 | ---D | C] -- C:\Program Files\AdvancedVirusRemover
[2009/09/18 02:15:02 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\18467.exe
[2009/09/17 23:24:10 | 00,000,000 | ---D | C] -- C:\Program Files\Protection System
[2009/09/17 22:52:01 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\12505464
[2009/09/17 22:52:00 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\41.exe
[2009/09/17 22:49:19 | 00,201,328 | ---- | C] (Unknown Corporation) -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/17 22:46:19 | 00,049,664 | ---- | C] () -- C:\vhlyrkv.exe
[2009/09/17 22:46:19 | 00,015,000 | ---- | C] () -- C:\WINDOWS\System32\nzfiu3h78di.dll
[2009/09/17 22:46:12 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/17 22:46:11 | 00,103,424 | ---- | C] () -- C:\WINDOWS\System32\~.exe
[2009/09/19 12:44:10 | 00,011,168 | -H-- | M] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 12:22:58 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\41.exe
[2009/09/19 12:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\tasks\gydurryy.job
[2009/09/19 11:57:35 | 00,001,614 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk
[2009/09/19 11:57:35 | 00,000,704 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Protection System.lnk
[2009/09/19 11:49:57 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\fawenuto.dll
[2009/09/19 11:49:30 | 00,983,076 | -HS- | M] () -- C:\WINDOWS\System32\jukaraso.exe
[2009/09/19 11:49:27 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\pafiloha.dll
[2009/09/19 11:49:27 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\buyoziyi.dll
[2009/09/19 10:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\15724.exe
[2009/09/19 09:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\19169.exe
[2009/09/19 08:49:00 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\26500.exe
[2009/09/19 07:48:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\6334.exe
[2009/09/19 06:48:59 | 00,000,000 | ---- | M] () -- C:\WINDOWS\System32\18467.exe
2009/09/18 23:49:51 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\guyuzera.dll
[2009/09/18 23:49:21 | 00,089,088 | -HS- | M] () -- C:\WINDOWS\System32\mekijoru.dll
[2009/09/18 23:49:20 | 00,037,888 | -HS- | M] () -- C:\WINDOWS\System32\buvoyaki.dll
[2009/09/17 22:51:37 | 00,037,376 | -HS- | M] () -- C:\WINDOWS\System32\pegatijo.dll
[2009/09/17 22:49:21 | 00,201,328 | ---- | M] (Unknown Corporation) -- C:\WINDOWS\System32\wisdstr.exe
[2009/09/17 22:46:20 | 00,049,664 | ---- | M] () -- C:\vhlyrkv.exe
[2009/09/17 22:46:19 | 00,015,000 | ---- | M] () -- C:\WINDOWS\System32\nzfiu3h78di.dll
[2009/09/17 22:46:12 | 00,103,424 | ---- | M] () -- C:\WINDOWS\System32\~.exe
[2009/09/17 22:46:12 | 00,011,776 | ---- | M] () -- C:\WINDOWS\System32\braviax.exe
[2009/09/17 23:12:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\12505464
[2009/09/19 12:00:00 | 00,000,296 | ---- | M] () -- C:\WINDOWS\Tasks\gydurryy.job
[2009/09/17 22:46:20 | 00,049,664 | ---- | M] () -- C:\vhlyrkv.exe

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL log ( don't check the boxes beside LOP Check or Purity this time )

THEN

Download Combofix from any of the links below. You must rename it before saving it. Save it to your desktop.

Link 1
Link 2

Posted Image


Posted Image
--------------------------------------------------------------------

Double click on Combo-Fix.exe & follow the prompts.
  • When finished, it will produce a report for you.
  • Please post the C:\ComboFix.txt along with a OTL log so we can continue cleaning the system.

  • 0

#3
riverjay
Posted 19 September 2009 - 05:55 PM

riverjay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thank you Essexboy for the very quick response.
The OTL fix went well and gratefully stopped the incessant pop-ups. During the fix, one small notification came up that there was a floating point error processing 00,020,992 C:\Windows\System32\winhelper.dll..., but the program completed. On the reboot, there was a report "Error loading C:\Windows\System32\pafiloha.dll". In addition to that the network connect was broken. I tried disabling, and re-enabling it, then tried repairing. The attempt to repair the connection reported that the IP address could not be renewed. Immediately after the reboot an OTL log was created. I wasn't sure if that was the log you wanted, or the results of another quick scan. I have included both.

I downloaded Combofix.exe on another computer and moved it to the desktop via USB stick. Unfortunately, the program will not run. I get an hourglass for 3-5 secs and no further activity, and no log file. Where to next?


All processes killed
========== OTL ==========
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{BA603215-23F2-42AD-F4E4-00AAC39CAA53}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA603215-23F2-42AD-F4E4-00AAC39CAA53}\ deleted successfully.
C:\WINDOWS\System32\nzfiu3h78di.dll NOT unregistered.
C:\WINDOWS\System32\nzfiu3h78di.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jamiridov deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pafiloha.DLL
C:\WINDOWS\System32\pafiloha.DLL NOT unregistered.
C:\WINDOWS\System32\pafiloha.DLL moved successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\winupdate.exe deleted successfully.
C:\WINDOWS\System32\winupdate.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Advanced Virus Remover deleted successfully.
C:\Program Files\AdvancedVirusRemover\PAVRM.exe moved successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\Protection System deleted successfully.
Registry value HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run\\WIndows Rescue Disk deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\control panel\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\Main\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Policies\Microsoft\Internet Explorer\restrictions\ deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableTaskMgr deleted successfully.
Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System\\DisableRegistryTools deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3E230861-5C87-11D3-A1C6-00105A1B41B8}\ not found.
Starting removal of ActiveX control {1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}
C:\WINDOWS\Downloaded Program Files\f3initialsetup1.0.0.15-3.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{1D4DB7D2-6EC9-47A3-BD87-1E41684E07BB}\ not found.
Starting removal of ActiveX control {9522B3FB-7A2B-4646-8AF6-36E7F593073C}
C:\WINDOWS\Downloaded Program Files\cpbrkpie.inf moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}\ not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:c:\windows\system32\pafiloha.dll deleted successfully.
File C:\WINDOWS\System32\pafiloha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\\AppInit_Dlls:rigagine.dll deleted successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\rigagine.dll
C:\WINDOWS\System32\rigagine.dll NOT unregistered.
C:\WINDOWS\System32\rigagine.dll moved successfully.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\\haneyohiw deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18f09260-1120-4996-af13-f8cb50ec97e1}\ deleted successfully.
File C:\WINDOWS\System32\pafiloha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{18f09260-1120-4996-af13-f8cb50ec97e1} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{18f09260-1120-4996-af13-f8cb50ec97e1}\ deleted successfully.
File C:\WINDOWS\System32\pafiloha.dll not found.
Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\\{BA603215-23F2-42AD-F4E4-00AAC39CAA53} deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{BA603215-23F2-42AD-F4E4-00AAC39CAA53}\ deleted successfully.
File C:\WINDOWS\System32\nzfiu3h78di.dll not found.
Registry value HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\\Authentication Packages:C:\WINDOWS\system32\nnnnNGAs deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24dce949-ac23-11dc-aeac-80312fe230b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24dce949-ac23-11dc-aeac-80312fe230b3}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{24dce949-ac23-11dc-aeac-80312fe230b3}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{24dce949-ac23-11dc-aeac-80312fe230b3}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{31ff8e87-6e68-11dd-aee0-e0d5ceae86ed}\ not found.
File G:\LaunchU3.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{3adb29fc-5ce8-11d9-8a2c-0011113f8645}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3adb29fc-5ce8-11d9-8a2c-0011113f8645}\ not found.
File G:\setupSNK.exe not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
Registry key HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\D\ not found.
File D:\autofred.exe not found.
C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk moved successfully.
C:\Documents and Settings\All Users\Desktop\Protection System.lnk moved successfully.
C:\WINDOWS\System32\winhelper.dll unregistered successfully.
C:\WINDOWS\System32\winhelper.dll moved successfully.
C:\WINDOWS\System32\19169.exe moved successfully.
C:\WINDOWS\System32\26500.exe moved successfully.
C:\WINDOWS\System32\6334.exe moved successfully.
C:\Documents and Settings\Joelle\Desktop\Advanced Virus Remover.lnk moved successfully.
C:\Program Files\AdvancedVirusRemover moved successfully.
C:\WINDOWS\System32\18467.exe moved successfully.
C:\Program Files\Protection System moved successfully.
C:\Documents and Settings\All Users\Application Data\12505464 moved successfully.
C:\WINDOWS\System32\41.exe moved successfully.
C:\WINDOWS\System32\wisdstr.exe moved successfully.
C:\vhlyrkv.exe moved successfully.
File C:\WINDOWS\System32\nzfiu3h78di.dll not found.
C:\WINDOWS\System32\braviax.exe moved successfully.
C:\WINDOWS\SYSTEM32\~.exe moved successfully.
C:\WINDOWS\System32\kuniziwi moved successfully.
File C:\WINDOWS\System32\41.exe not found.
C:\WINDOWS\tasks\gydurryy.job moved successfully.
File C:\Documents and Settings\All Users\Desktop\Protection System Support.lnk not found.
File C:\Documents and Settings\All Users\Desktop\Protection System.lnk not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\fawenuto.dll
C:\WINDOWS\System32\fawenuto.dll NOT unregistered.
C:\WINDOWS\System32\fawenuto.dll moved successfully.
C:\WINDOWS\System32\jukaraso.exe moved successfully.
File C:\WINDOWS\System32\pafiloha.dll not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\buyoziyi.dll
C:\WINDOWS\System32\buyoziyi.dll NOT unregistered.
C:\WINDOWS\System32\buyoziyi.dll moved successfully.
C:\WINDOWS\System32\15724.exe moved successfully.
File C:\WINDOWS\System32\19169.exe not found.
File C:\WINDOWS\System32\26500.exe not found.
File C:\WINDOWS\System32\6334.exe not found.
File C:\WINDOWS\System32\18467.exe not found.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\mekijoru.dll
C:\WINDOWS\System32\mekijoru.dll NOT unregistered.
C:\WINDOWS\System32\mekijoru.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\buvoyaki.dll
C:\WINDOWS\System32\buvoyaki.dll NOT unregistered.
C:\WINDOWS\System32\buvoyaki.dll moved successfully.
DllUnregisterServer procedure not found in C:\WINDOWS\System32\pegatijo.dll
C:\WINDOWS\System32\pegatijo.dll NOT unregistered.
C:\WINDOWS\System32\pegatijo.dll moved successfully.
File C:\WINDOWS\System32\wisdstr.exe not found.
File C:\vhlyrkv.exe not found.
File C:\WINDOWS\System32\nzfiu3h78di.dll not found.
File C:\WINDOWS\System32\~.exe not found.
File C:\WINDOWS\System32\braviax.exe not found.
Folder C:\Documents and Settings\All Users\Application Data\12505464\ not found.
File C:\WINDOWS\Tasks\gydurryy.job not found.
File C:\vhlyrkv.exe not found.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joelle
->Temp folder emptied: 2856 bytes
->Temporary Internet Files folder emptied: 1341306 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 152064 bytes
Windows Temp folder emptied: 1442142 bytes
RecycleBin emptied: 9354 bytes

Total Files Cleaned = 2.87 mb


OTL by OldTimer - Version 3.0.14.0 log created on 09192009_154355

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 9/19/2009 3:54:48 PM - Run 2
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 656.50 Mb Available Physical Memory | 64.74% Memory free
1.63 Gb Paging File | 1.29 Gb Available in Paging File | 79.25% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.57 Gb Free Space | 7.63% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 22.28 Gb Free Space | 9.56% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/06/29 01:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\Iexplore.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2004/09/28 21:26:04 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
PRC - [2004/04/11 19:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/08/23 17:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/06/18 14:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2002/07/11 05:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/08/03 16:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/13 19:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2004/06/18 14:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 14:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/01/16 16:31:26 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/11/07 16:21:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/04/26 19:11:44 | 00,081,920 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
PRC - [2001/11/27 09:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/10/28 10:42:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.iinet.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (734 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (C:\WINDOWS\system32\nzfiu3h78di.dll) - {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - C:\WINDOWS\System32\nzfiu3h78di.dll File not found
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - SITEguard - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [jamiridov] C:\WINDOWS\System32\pafiloha.DLL File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [vuvazehiyu] C:\WINDOWS\System32\misoselo.DLL ()
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\restrictions present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoFolderOptions = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoSetActiveDesktop = 1
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoActiveDesktopChanges = 1
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229662627796 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www.verizon.n...vzTCPConfig.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O21 - SSODL: haneyohiw - {18f09260-1120-4996-af13-f8cb50ec97e1} - C:\WINDOWS\System32\pafiloha.dll File not found
O22 - SharedTaskScheduler: {18f09260-1120-4996-af13-f8cb50ec97e1} - tokatiluy - C:\WINDOWS\System32\pafiloha.dll File not found
O22 - SharedTaskScheduler: {BA603215-23F2-42AD-F4E4-00AAC39CAA53} - ksfe98wjkodsngiwiojndg873hundggdd - C:\WINDOWS\System32\nzfiu3h78di.dll File not found
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/07/31 19:29:51 | 00,000,067 | ---- | M] () - D:\Autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/19 15:46:33 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 15:43:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/19 12:39:48 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/19 11:32:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:13:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:03 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 05:15:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 05:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 05:15:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 05:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 18:38:20 | 01,042,432 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/07 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2009/09/07 11:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Local Settings\Application Data\DeLorme
[2009/09/07 10:50:31 | 00,002,291 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\History
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2009/09/06 10:35:09 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc

========== Files - Modified Within 14 Days ==========

[2009/09/19 15:52:52 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 15:47:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/19 15:47:20 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 12:36:55 | 00,000,729 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/19 12:36:55 | 00,000,227 | ---- | M] () -- C:\WINDOWS\SYSTEM.INI
[2009/09/19 12:36:55 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/19 11:54:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:32:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:13:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/18 23:49:51 | 00,050,688 | -HS- | M] () -- C:\WINDOWS\System32\guyuzera.dll
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/14 16:42:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/13 13:26:21 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:01:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 18:38:20 | 01,042,432 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/06 10:35:41 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc

========== LOP Check ==========

[2009/09/19 15:46:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/26 13:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2007/12/22 17:06:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/11/30 07:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/03/03 19:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/09/07 11:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/14 16:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/13 15:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/09 08:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/08/19 18:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/19 18:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/11/30 06:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/12/22 17:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/31 19:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/13 14:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/12/13 15:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/07 11:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/27 20:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2006/08/24 09:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2009/01/27 20:29:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Joelle\Application Data
[2008/12/16 08:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Amazon
[2005/03/29 21:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ArcSoft
[2009/05/24 09:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Audacity
[2008/01/22 08:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Canon
[2008/03/03 22:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Corel
[2004/12/17 22:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\CyberLink
[2009/09/07 11:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2008/03/16 22:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Intuit
[2004/12/17 22:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Leadertech
[2009/01/27 11:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Move Networks
[2009/09/13 10:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\RipIt4Me
[2007/12/22 17:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ScanSoft
[2007/09/08 23:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Snapfish
[2007/08/29 20:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\SoundSpectrum
[2008/09/03 22:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\U3
[2009/01/27 20:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Verizon
[2006/08/29 22:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\YAMAHA
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/09/19 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/19 15:47:22 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >
  • 0

#4
riverjay
Posted 19 September 2009 - 08:43 PM

riverjay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Mr. Essex,
A status update with some good news and bads news. In reading some other threads it dawned on me that Combo-Fix.exe had to be renamed with a dash. And as I look at your initial reply, I have to say that you have clearly laid that out. Sadly, in an arean where details count,I missed this one. SO- ComboFix.exe did not run, but when I changed the name on the USB drive and copied it to the desktop as Combo-Fix.exe it did run!. That is the good news. The less good news is that the program wanted access to the internet to download the Recovery Console. At that point however, there was no way to exit the program. My only choice was to say yes, download it (which I knew it couldn't, due to lack of connection) or no, which caused the program to proceed "without the ability to do some serious repairs". Also, when I was asked to "disable" AntiVir I went in and "deactivated" the acitve "guard" portion. However, after the initial reboot the Antivir raised it's ugly head. Fearing the warnings of destructive interaction, every time Antivir claimed to find malware (approximately 30 times) I said ignore. Fortunately, Combo-Fix at least completed its run without hanging the machine. In my naivete, I take that as a positive. The log is posted below. I hope this will help in moving us forward. Thank you-


ComboFix 09-09-18.02 - Joelle 09/19/2009 18:35.1.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.700 [GMT -7:00]
Running from: c:\documents and settings\Joelle\Desktop\Combo-Fix.exe
AV: AntiVir Desktop *On-access scanning enabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Joelle\Application Data\Microsoft\Internet Explorer\Quick Launch\Advanced Virus Remover.lnk
c:\documents and settings\Joelle\Application Data\Microsoft\Internet Explorer\Quick Launch\VirusRemover2008.lnk
c:\documents and settings\Joelle\Start Menu\Advanced Virus Remover.lnk
c:\program files\gamevance\gamevancelib32.dll
c:\program files\Gamevance\gvtl.dll
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\desktop
c:\windows\desktop\Instal~1.lnk
c:\windows\system32\barusaya.exe
c:\windows\system32\drivers\UACsxkxradeer.sys
c:\windows\system32\jpngxrps.ini
c:\windows\system32\misoselo.dll
c:\windows\system32\sAGNnnnn.ini
c:\windows\SYSTEM32\sAGNnnnn.ini2
c:\windows\system32\UACaifkwvyevb.dll
c:\windows\system32\UACajauujihtk.dll
c:\windows\system32\uacinit.dll
c:\windows\system32\UACkjbplawobh.dll
c:\windows\system32\UACrdqdysieif.dll
c:\windows\system32\UACrumqlrmpfu.dll
c:\windows\system32\UACytftyaloix.dat
c:\windows\system32\wbem\proquota.exe
c:\windows\system32\wingenocx.dll
c:\windows\system32\wscsvc32.exe
D:\Autorun.inf

c:\windows\system32\proquota.exe was missing
Restored copy from - c:\i386\PROQUOTA.EXE

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_UACd.sys
-------\Legacy_UACd.sys


((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 01:45 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-20 01:45 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-19 22:43 . 2009-09-19 22:43 -------- d-----w- C:\_OTL
2009-09-19 18:32 . 2009-09-19 18:34 -------- d-----w- c:\program files\ERUNT
2009-09-19 12:15 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 12:15 . 2009-09-19 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 12:15 . 2009-09-19 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 12:15 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 21:54 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 18:00 . 2009-09-07 18:00 -------- d-----w- c:\documents and settings\Joelle\Application Data\DeLorme
2009-09-07 18:00 . 2009-09-07 18:00 -------- d-----w- c:\documents and settings\Joelle\Local Settings\Application Data\DeLorme
2009-09-07 17:33 . 2009-09-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DeLorme
2009-09-07 17:33 . 2009-09-07 17:33 -------- d-----w- c:\program files\DeLorme
2009-09-07 17:33 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-07 17:32 . 2009-09-07 17:32 -------- d-s---w- c:\windows\Cookies
2009-09-07 17:32 . 2009-09-07 17:32 -------- d-s---w- c:\documents and settings\Joelle\Temporary Internet Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 01:44 . 2009-08-06 20:02 -------- d-----w- c:\program files\Gamevance
2009-09-19 06:49 . 2009-06-19 06:49 50688 --sha-w- c:\windows\system32\guyuzera.dll
2009-09-14 23:44 . 2005-05-31 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-13 17:09 . 2007-01-10 06:59 -------- d-----w- c:\documents and settings\Joelle\Application Data\RipIt4Me
2009-09-05 22:57 . 2004-11-30 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 01:32 . 2009-08-20 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-20 01:32 . 2009-08-11 05:50 -------- d-----w- c:\program files\Norton Security Scan
2009-08-20 01:00 . 2009-08-20 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-20 01:00 . 2009-08-20 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-17 10:19 . 2004-12-18 05:18 91552 ----a-w- c:\documents and settings\Joelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 10:06 . 2009-08-17 10:06 -------- d-----w- c:\program files\MSBuild
2009-08-17 10:05 . 2009-08-17 10:05 -------- d-----w- c:\program files\Reference Assemblies
2009-08-10 05:09 . 2009-08-10 05:09 -------- d-----w- c:\program files\Avira
2009-08-10 05:09 . 2009-08-10 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-05 09:11 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 02:29 . 2009-08-01 02:29 -------- d-----w- c:\program files\Seagate
2009-08-01 02:29 . 2009-08-01 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-08-01 02:27 . 2009-08-01 02:27 -------- d-----w- c:\program files\MSXML 6.0
2009-07-29 04:53 . 2004-08-04 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 23:45 . 2009-07-27 03:26 -------- d-----w- c:\program files\NOS
2009-07-28 23:45 . 2009-07-27 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-28 23:33 . 2009-08-10 05:09 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-26 20:02 . 2009-07-26 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\3DVIA
2009-07-17 18:55 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-04 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 11:00 827392 ----a-w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2006-05-02 17:04 . 2006-05-05 22:51 20042176 ----a-w- c:\program files\GoogleSketchUpW-EN.exe
2009-06-19 18:50 . 2009-06-19 18:50 50688 --sha-w- c:\windows\SYSTEM32\vetahadu.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-07 68856]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-29 32881]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Device Detector 2.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2005-1-9 81920]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-12-18 106560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Seagate\\SeagateManager\\FreeAgent Status\\stxmenumgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/9/2009 10:09 PM 108289]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 DW90USB;DW90USB Device;c:\windows\SYSTEM32\DRIVERS\DW90USB.SYS [1/9/2005 1:20 AM 39096]
.
Contents of the 'Scheduled Tasks' folder

2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42]

2009-09-19 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = Provided by Pacifier Online
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
.
.
------- File Associations -------
.
JSEFile=notepad.exe "%1" %*
.
- - - - ORPHANS REMOVED - - - -

Toolbar-SITEguard - (no file)
HKLM-Run-jamiridov - c:\windows\system32\pafiloha.dll
HKLM-Run-vuvazehiyu - misoselo.dll
HKU-Default-Run-Advanced Virus Remover - c:\program files\AdvancedVirusRemover\PAVRM.exe
SharedTaskScheduler-{18f09260-1120-4996-af13-f8cb50ec97e1} - c:\windows\system32\pafiloha.dll
SSODL-haneyohiw-{18f09260-1120-4996-af13-f8cb50ec97e1} - c:\windows\system32\pafiloha.dll
SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-AVIConverter - c:\program files\AVIConverter\uninst.exe
AddRemove-Protection System - c:\program files\Protection System\Uninstall.exe
AddRemove-Scooby-Doo™ - c:\program files\The Learning Company\Scooby-Doo™
AddRemove-SearchLearnAdventures - c:\cwonders\MADTGD\CWRUN.EXE



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-19 18:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2575368738-3532047088-2986443949-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2468)
c:\windows\system32\WININET.dll
c:\program files\ScanSoft\OmniPageSE4\OpHookSE4.dll
c:\progra~1\WINDOW~2\wmpband.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\ArcSoft\Software Suite\PhotoImpression\share\pihook.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Avira\AntiVir Desktop\avguard.exe
c:\program files\Dell Support Center\bin\sprtsvc.exe
c:\program files\Dell Photo AIO Printer 922\dlbtbmon.exe
c:\windows\SYSTEM32\WSCNTFY.EXE
.
**************************************************************************
.
Completion time: 2009-09-20 18:56 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 01:55

Pre-Run: 2,695,639,040 bytes free
Post-Run: 2,613,592,064 bytes free

257 --- E O F --- 2009-09-17 21:13
  • 0

#5
Essexboy
Posted 20 September 2009 - 03:06 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Two more to kill and then we wil look at repairing your connection. If you are not used to this, then all seems new :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
c:\windows\system32\guyuzera.dll
c:\windows\SYSTEM32\vetahadu.dll

3. Then in the text file go to FILE > SAVE AS and in the dropdown box select SAVE AS TYPE to ALL FILES

4. Save the above as CFScript.txt

5. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


6. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new OTListit log.

THEN

Download and run WinsockXp fix instructions are on the download page
  • 0

#6
riverjay
Posted 20 September 2009 - 12:50 PM

riverjay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
It seems we (you) are making great progress! Thank you again.
Ran Combofix- no problems.
Ran OTL and captured a log.
Ran WinsockxpFix and that restored the net connection. Looking good.
Avira reports no malware in the active processes. Task manager, regedit, folder options have been restored. :)
One little hitch came up. Early on I used Msconfig to limit the services that started up (one was PVARM, which seemed to be one of the bogus antivirus programs). Since things were going well, I specified a normal start sequence instead of the limited one. That resulted in two error boxes on start-up. "Error loading C:\windows\system32\mekijoru.dll" and "Musicmatch DLL load problem" Dll = preferences.dll. Musicmatch is something that came on the machine I vaguely remember trying to un-install it years ago. I wouldn't mind cleaning that up. The "mekijoru.dll" looks more ominous. I ran another OTL scan (run 4, after the "normal" start seqeunce) and have included that.

Should I install the Recovery Console for future use? And how would I do that outside of Combofix.



ComboFix 09-09-18.02 - Joelle 09/20/2009 9:44.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.1014.619 [GMT -7:00]
Running from: c:\documents and settings\Joelle\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\Joelle\Desktop\CFScript.txt
AV: AntiVir Desktop *On-access scanning disabled* (Updated) {AD166499-45F9-482A-A743-FDD3350758C7}

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
"c:\windows\system32\guyuzera.dll"
"c:\windows\SYSTEM32\vetahadu.dll"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\guyuzera.dll
c:\windows\SYSTEM32\vetahadu.dll
D:\Autorun.inf

.
((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2009-09-20 01:45 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\proquota.exe
2009-09-20 01:45 . 2004-08-04 11:00 50176 ----a-w- c:\windows\system32\dllcache\proquota.exe
2009-09-19 22:43 . 2009-09-19 22:43 -------- d-----w- C:\_OTL
2009-09-19 18:32 . 2009-09-19 18:34 -------- d-----w- c:\program files\ERUNT
2009-09-19 12:15 . 2009-09-10 21:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-09-19 12:15 . 2009-09-19 12:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-09-19 12:15 . 2009-09-19 12:15 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-09-19 12:15 . 2009-09-10 21:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-09-08 21:54 . 2009-06-21 22:04 153088 ------w- c:\windows\system32\dllcache\triedit.dll
2009-09-07 18:00 . 2009-09-07 18:00 -------- d-----w- c:\documents and settings\Joelle\Application Data\DeLorme
2009-09-07 18:00 . 2009-09-07 18:00 -------- d-----w- c:\documents and settings\Joelle\Local Settings\Application Data\DeLorme
2009-09-07 17:33 . 2009-09-07 18:00 -------- d-----w- c:\documents and settings\All Users\Application Data\DeLorme
2009-09-07 17:33 . 2009-09-07 17:33 -------- d-----w- c:\program files\DeLorme
2009-09-07 17:33 . 2006-11-29 20:06 3426072 ----a-w- c:\windows\system32\d3dx9_32.dll
2009-09-07 17:32 . 2009-09-07 17:32 -------- d-s---w- c:\windows\Cookies
2009-09-07 17:32 . 2009-09-07 17:32 -------- d-s---w- c:\documents and settings\Joelle\Temporary Internet Files

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 01:44 . 2009-08-06 20:02 -------- d-----w- c:\program files\Gamevance
2009-09-14 23:44 . 2005-05-31 05:02 -------- d-----w- c:\documents and settings\All Users\Application Data\DVD Shrink
2009-09-13 17:09 . 2007-01-10 06:59 -------- d-----w- c:\documents and settings\Joelle\Application Data\RipIt4Me
2009-09-05 22:57 . 2004-11-30 14:00 -------- d--h--w- c:\program files\InstallShield Installation Information
2009-08-20 01:32 . 2009-08-20 01:01 -------- d-----w- c:\documents and settings\All Users\Application Data\Norton
2009-08-20 01:32 . 2009-08-11 05:50 -------- d-----w- c:\program files\Norton Security Scan
2009-08-20 01:00 . 2009-08-20 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Symantec
2009-08-20 01:00 . 2009-08-20 01:00 -------- d-----w- c:\documents and settings\All Users\Application Data\NortonInstaller
2009-08-17 10:19 . 2004-12-18 05:18 91552 ----a-w- c:\documents and settings\Joelle\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-17 10:06 . 2009-08-17 10:06 -------- d-----w- c:\program files\MSBuild
2009-08-17 10:05 . 2009-08-17 10:05 -------- d-----w- c:\program files\Reference Assemblies
2009-08-10 05:09 . 2009-08-10 05:09 -------- d-----w- c:\program files\Avira
2009-08-10 05:09 . 2009-08-10 05:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Avira
2009-08-05 09:11 . 2004-08-04 11:00 204800 ----a-w- c:\windows\system32\mswebdvd.dll
2009-08-01 02:29 . 2009-08-01 02:29 -------- d-----w- c:\program files\Seagate
2009-08-01 02:29 . 2009-08-01 02:29 -------- d-----w- c:\documents and settings\All Users\Application Data\Seagate
2009-08-01 02:27 . 2009-08-01 02:27 -------- d-----w- c:\program files\MSXML 6.0
2009-07-29 04:53 . 2004-08-04 11:00 82432 ----a-w- c:\windows\system32\fontsub.dll
2009-07-29 04:53 . 2004-08-04 11:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-07-28 23:45 . 2009-07-27 03:26 -------- d-----w- c:\program files\NOS
2009-07-28 23:45 . 2009-07-27 03:26 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-07-28 23:33 . 2009-08-10 05:09 55656 ----a-w- c:\windows\system32\drivers\avgntflt.sys
2009-07-26 20:02 . 2009-07-26 20:02 -------- d-----w- c:\documents and settings\All Users\Application Data\3DVIA
2009-07-17 18:55 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\atl.dll
2009-07-13 17:08 . 2004-08-04 11:00 286720 ----a-w- c:\windows\system32\wmpdxm.dll
2009-06-29 16:12 . 2004-08-04 11:00 827392 ------w- c:\windows\system32\wininet.dll
2009-06-29 16:12 . 2004-08-04 11:00 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-06-29 16:12 . 2004-08-04 11:00 17408 ----a-w- c:\windows\system32\corpol.dll
2006-05-02 17:04 . 2006-05-05 22:51 20042176 ----a-w- c:\program files\GoogleSketchUpW-EN.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="c:\program files\DellSupport\DSAgnt.exe" [2007-03-15 460784]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2004-10-13 1694208]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-11-07 68856]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Shockwave Updater"="c:\windows\system32\Adobe\Shockwave 11\SwHelper_1150596.exe" [2009-04-29 468408]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"SunJavaUpdateSched"="c:\program files\Java\j2re1.4.2_06\bin\jusched.exe" [2004-09-29 32881]
"IntelMeM"="c:\program files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-04 221184]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2004-04-12 290816]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-08-24 57344]
"UpdateManager"="c:\program files\Common Files\Sonic\Update Manager\sgtray.exe" [2004-01-07 110592]
"Dell Photo AIO Printer 922"="c:\program files\Dell Photo AIO Printer 922\dlbtbmgr.exe" [2004-06-18 290816]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb06.exe" [2002-07-11 188416]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-02-16 282624]
"CanonSolutionMenu"="c:\program files\Canon\SolutionMenu\CNSLMAIN.exe" [2007-05-15 644696]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"SSBkgdUpdate"="c:\program files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2006-10-25 210472]
"OpwareSE4"="c:\program files\ScanSoft\OmniPageSE4\OpwareSE4.exe" [2007-02-04 79400]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-11-15 16384]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2008-08-03 36352]
"DellSupportCenter"="c:\program files\Dell Support Center\bin\sprtcmd.exe" [2008-08-14 206064]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2006-11-04 866584]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2006-03-24 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2006-03-24 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2006-03-24 118784]
"VerizonServicepoint.exe"="c:\program files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"MaxMenuMgr"="c:\program files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe" [2009-01-16 181544]
"avgnt"="c:\program files\Avira\AntiVir Desktop\avgnt.exe" [2009-03-02 209153]
"MSConfig"="c:\windows\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 158208]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2004-12-14 29696]
Device Detector 2.lnk - c:\program files\OLYMPUS\DeviceDetector\DevDtct2.exe [2005-1-9 81920]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2004-12-18 106560]

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoSetActiveDesktop"= 1 (0x1)
"NoActiveDesktopChanges"= 1 (0x1)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UpdatesDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\SYSTEM32\\FXSCLNT.EXE"=
"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=
"c:\\Program Files\\Seagate\\SeagateManager\\FreeAgent Status\\stxmenumgr.exe"=

R2 AntiVirSchedulerService;Avira AntiVir Scheduler;c:\program files\Avira\AntiVir Desktop\sched.exe [8/9/2009 10:09 PM 108289]
R2 FreeAgentGoNext Service;Seagate Service;c:\program files\Seagate\SeagateManager\Sync\FreeAgentService.exe [1/16/2009 4:31 PM 161064]
R2 IntuitUpdateService;Intuit Update Service;c:\program files\Common Files\Intuit\Update Service\IntuitUpdateService.exe [10/10/2008 6:45 AM 13088]
S2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [11/3/2006 8:19 PM 13592]
S3 DW90USB;DW90USB Device;c:\windows\SYSTEM32\DRIVERS\DW90USB.SYS [1/9/2005 1:20 AM 39096]
.
Contents of the 'Scheduled Tasks' folder

2009-09-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 22:42]

2009-09-20 c:\windows\Tasks\MP Scheduled Scan.job
- c:\program files\Windows Defender\MpCmdRun.exe [2006-11-04 03:20]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com
uDefault_Search_URL = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
mStart Page = hxxp://www.google.com
mWindow Title = Provided by Pacifier Online
mSearch Bar = hxxp://www.google.com/
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: turbotax.com
Handler: ms-its50 - {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - c:\program files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll
DPF: vzTCPConfig - hxxp://www.verizon.net/checkmypc/fios/includes/vzTCPConfig.CAB
.
- - - - ORPHANS REMOVED - - - -

AddRemove-Scooby-Doo™ - c:\program files\The Learning Company\Scooby-Doo™



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 09:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-2575368738-3532047088-2986443949-1006\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
Completion time: 2009-09-20 9:57
ComboFix-quarantined-files.txt 2009-09-20 16:56
ComboFix2.txt 2009-09-20 01:56

Pre-Run: 2,594,123,776 bytes free
Post-Run: 2,552,602,624 bytes free

192 --- E O F --- 2009-09-17 21:13


OTL logfile created on: 9/20/2009 10:04:51 AM - Run 3
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 619.39 Mb Available Physical Memory | 61.08% Memory free
1.64 Gb Paging File | 1.32 Gb Available in Paging File | 80.73% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.41 Gb Free Space | 7.14% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 23.47 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive G: | 62.09 Mb Total Space | 50.30 Mb Free Space | 81.00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2004/04/11 19:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/08/23 17:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/06/18 14:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2004/06/18 14:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2002/07/11 05:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/08/13 19:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 14:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2008/11/07 16:21:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2001/04/26 19:11:44 | 00,081,920 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/10/28 10:42:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (27 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe (Microsoft Corporation)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229662627796 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www.verizon.n...vzTCPConfig.CAB (Reg Error: Key error.)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/20 09:57:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/20 09:43:30 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/20 09:43:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/20 09:43:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/20 09:43:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/20 09:43:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/20 09:43:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/20 09:43:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/20 09:43:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/20 09:43:24 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/09/20 09:33:17 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/19 18:19:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/19 18:19:38 | 03,316,998 | R--- | C] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 15:46:33 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 15:43:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/19 12:39:48 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/19 11:32:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:13:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:03 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 05:15:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 05:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 05:15:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 05:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 18:38:20 | 01,042,432 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/07 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2009/09/07 11:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Local Settings\Application Data\DeLorme
[2009/09/07 10:50:31 | 00,002,291 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\History
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2009/09/06 10:35:09 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc

========== Files - Modified Within 14 Days ==========

[2009/09/20 09:57:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/20 09:52:15 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/20 09:25:08 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/20 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/19 18:48:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/09/19 18:48:46 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/19 18:39:31 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 16:07:50 | 03,316,998 | R--- | M] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 12:36:55 | 00,000,729 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/19 12:36:55 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/19 11:54:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:32:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:13:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/14 16:42:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 13:26:21 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:01:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 18:38:20 | 01,042,432 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/06 10:35:41 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc

========== LOP Check ==========

[2009/09/19 15:46:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/26 13:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2007/12/22 17:06:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/11/30 07:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/03/03 19:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/09/07 11:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/14 16:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/13 15:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/09 08:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/08/19 18:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/19 18:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/11/30 06:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/12/22 17:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/31 19:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/13 14:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/12/13 15:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/07 11:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/27 20:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2006/08/24 09:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2009/01/27 20:29:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Joelle\Application Data
[2008/12/16 08:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Amazon
[2005/03/29 21:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ArcSoft
[2009/05/24 09:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Audacity
[2008/01/22 08:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Canon
[2008/03/03 22:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Corel
[2004/12/17 22:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\CyberLink
[2009/09/07 11:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2008/03/16 22:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Intuit
[2004/12/17 22:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Leadertech
[2009/01/27 11:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Move Networks
[2009/09/13 10:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\RipIt4Me
[2007/12/22 17:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ScanSoft
[2007/09/08 23:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Snapfish
[2007/08/29 20:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\SoundSpectrum
[2008/09/03 22:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\U3
[2009/01/27 20:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Verizon
[2006/08/29 22:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\YAMAHA
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/09/20 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/20 09:57:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >


######## OTL after unrestricted "Normal" service start ##############

OTL logfile created on: 9/20/2009 10:46:01 AM - Run 4
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 640.19 Mb Available Physical Memory | 63.13% Memory free
1.63 Gb Paging File | 1.31 Gb Available in Paging File | 80.45% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.41 Gb Free Space | 7.14% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 23.47 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive G: | 62.09 Mb Total Space | 50.30 Mb Free Space | 81.00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2004/09/28 21:26:04 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
PRC - [2004/04/11 19:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/08/23 17:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/06/18 14:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2002/07/11 05:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [2004/06/18 14:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/08/03 16:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/13 19:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 14:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/01/16 16:31:26 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2004/04/19 13:45:52 | 00,131,072 | ---- | M] (Musicmatch, Inc.) -- C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/11/07 16:21:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2001/04/26 19:11:44 | 00,081,920 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
PRC - [2001/11/27 09:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/10/28 10:42:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [braviax] C:\WINDOWS\System32\braviax.exe File not found
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [jamiridov] C:\WINDOWS\System32\mekijoru.DLL File not found
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229662627796 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www.verizon.n...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/20 10:18:55 | 00,000,067 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 14 Days ==========

[2009/09/20 09:57:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/20 09:43:30 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/20 09:43:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/20 09:43:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/20 09:43:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/20 09:43:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/20 09:43:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/20 09:43:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/20 09:43:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/20 09:43:24 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/09/20 09:33:17 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/19 18:19:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/19 18:19:38 | 03,316,998 | R--- | C] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 15:46:33 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 15:43:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/19 12:39:48 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/19 11:32:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:13:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:03 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 05:15:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 05:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 05:15:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 05:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/07 18:38:20 | 01,042,432 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/07 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2009/09/07 11:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Local Settings\Application Data\DeLorme
[2009/09/07 10:50:31 | 00,002,291 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\History
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Cookies

========== Files - Modified Within 14 Days ==========

[2009/09/20 10:25:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/20 10:25:51 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/20 10:19:31 | 00,000,729 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/20 10:19:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/20 10:19:31 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/20 10:16:20 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/09/20 09:25:08 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/20 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/19 18:48:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2009/09/19 18:39:31 | 00,001,744 | -H-- | M] () -- C:\WINDOWS\System32\kuniziwi
[2009/09/19 16:07:50 | 03,316,998 | R--- | M] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:32:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:13:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/14 16:42:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 13:26:21 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:01:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 18:38:20 | 01,042,432 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc

========== LOP Check ==========

[2009/09/19 15:46:00 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\All Users\Application Data
[2009/07/26 13:02:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\3DVIA
[2007/12/22 17:06:57 | 00,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\CanonBJ
[2004/11/30 07:02:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\CyberLink
[2008/03/03 19:10:51 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Dell
[2009/09/07 11:00:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/14 16:44:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DVD Shrink
[2008/12/13 15:25:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2009/02/09 08:31:02 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Intuit
[2009/08/19 18:32:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Norton
[2009/08/19 18:00:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NortonInstaller
[2004/11/30 06:36:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SBSI
[2007/12/22 17:14:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ScanSoft
[2009/07/31 19:29:31 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/12/13 14:30:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SITEguard
[2008/12/13 15:39:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\STOPzilla!
[2008/01/07 11:07:33 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2009/01/27 20:51:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Verizon
[2006/08/24 09:15:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAMAHA
[2009/01/27 20:29:57 | 00,000,000 | RH-D | M] -- C:\Documents and Settings\Joelle\Application Data
[2008/12/16 08:41:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Amazon
[2005/03/29 21:18:38 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ArcSoft
[2009/05/24 09:58:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Audacity
[2008/01/22 08:47:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Canon
[2008/03/03 22:22:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Corel
[2004/12/17 22:28:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\CyberLink
[2009/09/07 11:00:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2008/03/16 22:55:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Intuit
[2004/12/17 22:35:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Leadertech
[2009/01/27 11:11:08 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Move Networks
[2009/09/13 10:09:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\RipIt4Me
[2007/12/22 17:14:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\ScanSoft
[2007/09/08 23:51:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Snapfish
[2007/08/29 20:50:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\SoundSpectrum
[2008/09/03 22:02:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\U3
[2009/01/27 20:29:57 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\Verizon
[2006/08/29 22:19:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Joelle\Application Data\YAMAHA
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
[2004/08/04 04:00:00 | 00,000,065 | RH-- | M] () -- C:\WINDOWS\Tasks\DESKTOP.INI
[2009/09/20 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2009/09/20 10:25:53 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\Tasks\SA.DAT

========== Purity Check ==========


< End of report >
  • 0

#7
Essexboy
Posted 20 September 2009 - 04:07 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK lets clear them now, as they were disabled by MSConfig our scans did not see them. On completion of this run let me know of any further problems :)

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O4 - HKLM..\Run: [braviax] C:\WINDOWS\System32\braviax.exe File not found
O4 - HKLM..\Run: [jamiridov] C:\WINDOWS\System32\mekijoru.DLL File not found
O4 - HKLM..\Run: [MMTray] C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe (Musicmatch, Inc.)
[2009/09/19 15:46:33 | 00,001,744 | -H-- | C] () -- C:\WINDOWS\System32\kuniziwi

:Commands
[purity]
[emptytemp]
[start explorer]
[Reboot]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#8
riverjay
Posted 20 September 2009 - 09:34 PM

riverjay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Hello- I feels like we are almost there. Your OTL script took care of the the start-up issues. I am including the run log file and a scan file run after the reboot.

I took the liberty of running MBAM. I have attached the log from that. Should I hit the button marked "Remove Selected" which will affect the list of infected files in the log. I see that
"Protection System" is listed there. That is still on the my Programs list. Am I correct in assuming that the Uninstall option that is listed there will not actually do that? Will MBAM clean up everything related to "Protection System" when I hit remove, or is there something else I should do about that?

Am I free to start changing things? I would like to to download Windows Updates and Firefox, but I'd like your OK before I start. Is there anything else I should do for future protection before I turn the computer back to the family?

I feel like our conversation is almost over. Even if it goes a few more iterations I must say at this point that your insight, resources, and attention have been a Godsend. Things (computerwise) looked pretty grim 36 hours ago, and, over a weekend you have turned them around. Saying Thank You seems insufficient, but it is a good start. What a good website, and with 17K+ posts, what a great effort on your part. I will be making a donation. Just out of curiosity, approximately how much time do you spend, and how many people are you able to help in a week or month? I personally don't have the time at this point in my life to do this, but maybe someday. I'm grateful that you have chosen to help us all.
:)

Back to the facts:

All processes killed
========== OTL ==========
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\braviax deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\jamiridov deleted successfully.
Registry value HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Run\\MMTray deleted successfully.
C:\Program Files\MUSICMATCH\Musicmatch Jukebox\mm_tray.exe moved successfully.
C:\WINDOWS\System32\kuniziwi moved successfully.
========== COMMANDS ==========

[EMPTYTEMP]

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: Joelle
->Temp folder emptied: 51460 bytes
->Temporary Internet Files folder emptied: 8596033 bytes
->Java cache emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 32902 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
File delete failed. C:\Documents and Settings\NetworkService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot.
->Temporary Internet Files folder emptied: 33170 bytes

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 16384 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 8.33 mb


OTL by OldTimer - Version 3.0.14.0 log created on 09202009_165646

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...



OTL logfile created on: 9/20/2009 5:01:47 PM - Run 5
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 568.64 Mb Available Physical Memory | 56.08% Memory free
1.63 Gb Paging File | 1.25 Gb Available in Paging File | 76.69% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.40 Gb Free Space | 7.13% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 23.47 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
Drive G: | 62.09 Mb Total Space | 50.30 Mb Free Space | 81.00% Space Free | Partition Type: FAT
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2004/09/28 21:26:04 | 00,032,881 | ---- | M] () -- C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe
PRC - [2004/04/11 19:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/08/23 17:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/01/07 00:01:00 | 00,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2004/06/18 14:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2004/06/18 14:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2002/07/11 05:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/08/03 16:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/13 19:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 14:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/01/16 16:31:26 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/11/07 16:21:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2001/04/26 19:11:44 | 00,081,920 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
PRC - [2001/11/27 09:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2004/08/04 04:00:00 | 00,013,824 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wscntfy.exe
PRC - [2009/02/06 09:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/06/29 01:35:10 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\internet explorer\iexplore.exe
PRC - [2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/10/28 10:42:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2002/09/10 21:42:00 | 00,024,808 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys -- (DCamUSBSQTECH [On_Demand | Stopped])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/04/09 20:17:58 | 00,039,096 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\WINDOWS\System32\DRIVERS\DW90USB.sys -- (DW90USB [On_Demand | Stopped])
DRV - [2004/02/10 14:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2006/03/23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Stopped])
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Stopped])
DRV - [2004/06/15 21:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Stopped])
DRV - [2003/03/31 15:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Stopped])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/09/19 16:47:24 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004/08/03 22:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/04/09 11:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2005/10/20 18:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2006/04/10 19:05:10 | 00,104,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - URLSearchHook: {4D25F926-B9FE-4682-BF72-8AB8210D6D75} - C:\Program Files\MyWaySA\SrchAsDe\1.bin\deSrcAs.dll File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [SunJavaUpdateSched] C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe ()
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe File not found
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229662627796 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www.verizon.n...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/20 10:18:55 | 00,000,067 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/20 16:56:51 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/20 09:57:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/20 09:43:30 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/20 09:43:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/20 09:43:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/20 09:43:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/20 09:43:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/20 09:43:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/20 09:43:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/20 09:43:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/20 09:43:24 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/09/20 09:33:17 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/19 18:45:55 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/09/19 18:45:55 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/09/19 18:19:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/19 18:19:38 | 03,316,998 | R--- | C] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 15:43:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/19 12:39:48 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/19 11:32:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:13:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:03 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 05:15:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 05:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 05:15:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 05:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/08 14:54:37 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 18:38:20 | 01,042,432 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/07 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2009/09/07 11:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Local Settings\Application Data\DeLorme
[2009/09/07 10:50:31 | 00,002,291 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/07 10:33:14 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/09/07 10:33:12 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\History
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2009/09/06 10:35:09 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:19 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc
[2009/08/30 20:40:26 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Order Confirmation REI GPS.doc
[2007/12/22 17:14:36 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/11/18 11:01:28 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\ftp4w32.dll
[2007/05/19 12:50:44 | 00,000,168 | ---- | C] () -- C:\WINDOWS\BluesCluesKindergarten.ini
[2007/04/19 12:09:45 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/04/19 12:08:38 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2006/01/09 20:24:57 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/22 14:37:48 | 00,000,440 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/11/19 21:16:41 | 00,000,879 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2005/04/16 21:53:50 | 00,001,671 | ---- | C] () -- C:\WINDOWS\FACTNET.INI
[2005/03/28 21:27:40 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/02/25 21:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/01 15:40:31 | 00,000,081 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/01/31 20:49:06 | 00,000,355 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/01/16 16:20:55 | 00,000,094 | ---- | C] () -- C:\WINDOWS\CuriousP.INI
[2005/01/12 23:06:50 | 00,005,535 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/02 11:00:38 | 00,000,435 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/02 11:00:32 | 00,000,242 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/12/28 19:13:33 | 00,001,774 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/12/20 00:33:36 | 00,015,317 | ---- | C] () -- C:\WINDOWS\Hornet2.ini
[2004/12/18 13:23:25 | 00,001,023 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/18 00:49:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/30 07:12:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/30 07:10:19 | 00,003,556 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/30 06:36:52 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:04:08 | 00,000,729 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 11:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 04:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/06/14 14:21:46 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/06/14 14:21:02 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/06/14 14:15:48 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/06/14 14:09:22 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/06/04 18:25:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/06/04 18:23:44 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/04/20 10:08:08 | 00,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2003/10/08 13:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/11/17 18:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1979/12/31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[2009/09/20 16:58:05 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/20 16:58:03 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/20 10:19:31 | 00,000,729 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/20 10:19:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/20 10:19:31 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/20 10:16:20 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/09/20 09:25:08 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/20 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/19 18:48:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2009/09/19 16:07:50 | 03,316,998 | R--- | M] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:32:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:13:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/14 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/14 16:42:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 13:26:21 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:01:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 18:38:20 | 01,042,432 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/06 10:35:41 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:20 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc
[2009/08/30 20:40:27 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Order Confirmation REI GPS.doc
< End of report >



Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 5.1.2600 Service Pack 2

9/20/2009 7:46:57 PM
mbam-log-2009-09-20 (19-46-50).txt

Scan type: Full Scan (C:\|)
Objects scanned: 216126
Time elapsed: 1 hour(s), 36 minute(s), 39 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 8
Registry Values Infected: 2
Registry Data Items Infected: 2
Folders Infected: 5
Files Infected: 27

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_CLASSES_ROOT\CLSID\{d714a94f-123a-45cc-8f03-040bcaf82ad6} (Fake.Dropped.Malware) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{d714a94f-123a-45cc-8f03-040bcaf82ad6} (Fake.Dropped.Malware) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Trojan.Vundo) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\gamevance (Adware.Gamevance) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> No action taken.

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\URLSearchHooks\{4d25f926-b9fe-4682-bf72-8ab8210d6d75} (Adware.MyWebSearch) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\sunjavaupdatesched (Trojan.Agent) -> No action taken.

Registry Data Items Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Security Center\FirewallDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
C:\Program Files\Gamevance (Adware.Gamevance) -> No action taken.
C:\Program Files\MyWaySA (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe (Adware.MyWebSearch) -> No action taken.
C:\Program Files\MyWaySA\SrchAsDe\1.bin (Adware.MyWebSearch) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System (Rogue.ProtectionSystem) -> No action taken.

Files Infected:
C:\Qoobox\Quarantine\C\WINDOWS\system32\barusaya.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACkjbplawobh.dll.vir (Trojan.Agent) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrdqdysieif.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\UACrumqlrmpfu.dll.vir (Rootkit.TDSS) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wingenocx.dll.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\wscsvc32.exe.vir (Trojan.FakeAlert) -> No action taken.
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\UACsxkxradeer.sys.vir (Trojan.TDSS.T) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\vhlyrkv.exe (Trojan.Vundo) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\Program Files\AdvancedVirusRemover\PAVRM.exe (Rogue.Installer) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\Program Files\Protection System\coreext.dll (Trojan.FakeAlert) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\Program Files\Protection System\firewall.dll (Trojan.FakeAlert) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\Program Files\Protection System\psystem.exe (Rogue.ProtectionSystem) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\buyoziyi.dll (Trojan.Vundo) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\jukaraso.exe (Rogue.TotalSecurity) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\mekijoru.dll (Trojan.Vundo) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\nzfiu3h78di.dll (Trojan.Agent) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\pegatijo.dll (Trojan.Vundo) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\winhelper.dll (Trojan.FakeAlert) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\winupdate.exe (Trojan.FakeAlert) -> No action taken.
C:\_OTL\MovedFiles\09192009_154355\WINDOWS\System32\wisdstr.exe (Rogue.AntivirusPro) -> No action taken.
C:\Program Files\Gamevance\ars.cfg (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\gvun.exe (Adware.Gamevance) -> No action taken.
C:\Program Files\Gamevance\icon.ico (Adware.Gamevance) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System Support.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Uninstall Protection System.lnk (Rogue.ProtectionSystem) -> No action taken.
C:\Program Files\Java\j2re1.4.2_06\bin\jusched.exe (Trojan.Agent) -> No action taken.
  • 0

#9
Essexboy
Posted 21 September 2009 - 12:50 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
As you say nearly done - I missed one entry :) But we will rectify that next

I took the liberty of running MBAM. I have attached the log from that. Should I hit the button marked "Remove Selected" which will affect the list of infected files in the log. I see that

That would have been your next task :) So run MBAM again and select everything to be fixed

Am I free to start changing things? I would like to to download Windows Updates and Firefox, but I'd like your OK before I start. Is there anything else I should do for future protection before I turn the computer back to the family?

Yep, I will give some security hints when I remove my tools at the end

Just out of curiosity, approximately how much time do you spend, and how many people are you able to help in a week or month?

I usually spend two hours or so on week nights and probably four hours at the weekend. I don't get as many done now due to the severity of the infections and my duties teaching here

Run OTL.exe
  • Under the Custom Scans/Fixes box at the bottom, paste in the following
    :OTL
O4 - HKCU..\Run: [Advanced Virus Remover] C:\Program Files\AdvancedVirusRemover\PAVRM.exe File not found

:Files
C:\Program Files\Gamevance\gvun.exe 
C:\Program Files\Gamevance\icon.ico 
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System Support.lnk 
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Protection System.lnk 
C:\Documents and Settings\All Users\Start Menu\Programs\Protection System\Uninstall Protection System.lnk 

:Commands
[purity]
[emptytemp]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot when it is done
  • Then post a new OTL2 log ( don't check the boxes beside LOP Check or Purity this time )

  • 0

#10
riverjay
Posted 21 September 2009 - 07:32 PM

riverjay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Completed the MBAM "removal" step.
Ran OTL again. Scan log below.


OTL logfile created on: 9/21/2009 6:11:54 PM - Run 6
OTL by OldTimer - Version 3.0.14.0 Folder = C:\Documents and Settings\Joelle\Desktop
Windows XP Home Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.13)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.07 Mb Total Physical Memory | 608.80 Mb Available Physical Memory | 60.04% Memory free
1.63 Gb Paging File | 1.29 Gb Available in Paging File | 79.01% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 33.71 Gb Total Space | 2.40 Gb Free Space | 7.11% Space Free | Partition Type: NTFS
Drive D: | 465.76 Gb Total Space | 413.59 Gb Free Space | 88.80% Space Free | Partition Type: NTFS
E: Drive not present or media not loaded
Drive F: | 232.88 Gb Total Space | 23.47 Gb Free Space | 10.08% Space Free | Partition Type: NTFS
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: DGQ6G561
Current User Name: Joelle
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Standard

========== Processes (SafeList) ==========

PRC - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe
PRC - [2007/06/13 03:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Explorer.EXE
PRC - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe
PRC - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe
PRC - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2004/04/11 19:15:14 | 00,290,816 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\Media Experience\PCMService.exe
PRC - [2004/08/23 17:19:22 | 00,057,344 | ---- | M] (CyberLink Corp.) -- C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe
PRC - [2004/01/07 00:01:00 | 00,110,592 | ---- | M] (Sonic Solutions) -- C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe
PRC - [2004/06/18 14:30:26 | 00,290,816 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe
PRC - [2004/06/18 14:46:00 | 00,102,400 | ---- | M] () -- C:\Program Files\Dell Photo AIO Printer 922\dlbtbmon.exe
PRC - [2002/07/11 05:06:23 | 00,188,416 | ---- | M] (HP) -- C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe
PRC - [2007/02/16 10:54:04 | 00,282,624 | ---- | M] (Apple Computer, Inc.) -- C:\Program Files\QuickTime\qttask.exe
PRC - [2007/04/03 18:50:00 | 01,603,152 | ---- | M] (CANON INC.) -- C:\Program Files\Canon\MyPrinter\BJMyPrt.exe
PRC - [2007/02/04 13:02:14 | 00,079,400 | ---- | M] (Nuance Communications, Inc.) -- C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe
PRC - [2008/08/03 16:02:20 | 00,036,352 | ---- | M] () -- C:\Program Files\Winamp\winampa.exe
PRC - [2008/08/13 19:32:40 | 00,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2006/03/23 21:13:40 | 00,077,824 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\hkcmd.exe
PRC - [2006/03/23 21:17:50 | 00,118,784 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\igfxpers.exe
PRC - [2008/02/13 14:03:14 | 02,065,648 | ---- | M] (Verizon) -- C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
PRC - [2009/01/16 16:31:26 | 00,181,544 | ---- | M] (Seagate LLC) -- C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe
PRC - [2009/03/02 13:08:47 | 00,209,153 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgnt.exe
PRC - [2007/03/15 11:09:36 | 00,460,784 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\DSAgnt.exe
PRC - [2004/10/13 09:24:37 | 01,694,208 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Messenger\msmsgs.exe
PRC - [2008/11/07 16:21:43 | 00,068,856 | ---- | M] (Google Inc.) -- C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
PRC - [2008/08/13 19:32:46 | 01,017,648 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\gs_agent\dsc.exe
PRC - [2004/12/14 04:44:06 | 00,029,696 | ---- | M] (Adobe Systems Incorporated) -- C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
PRC - [2001/04/26 19:11:44 | 00,081,920 | ---- | M] (OLYMPUS Optical Co.,Ltd) -- C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe
PRC - [2001/11/27 09:10:00 | 00,106,560 | ---- | M] (WinZip Computing, Inc.) -- C:\Program Files\WinZip\WZQKPICK.EXE
PRC - [2009/02/06 09:39:29 | 00,227,840 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\wbem\wmiprvse.exe
PRC - [2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe

========== Win32 Services (SafeList) ==========

SRV - [2009/05/13 16:48:22 | 00,108,289 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\sched.exe -- (AntiVirSchedulerService [Auto | Running])
SRV - [2009/07/21 14:34:33 | 00,185,089 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avguard.exe -- (AntiVirService [Auto | Running])
SRV - [2008/07/25 11:16:40 | 00,034,312 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\aspnet_state.exe -- (aspnet_state [On_Demand | Stopped])
SRV - [2008/07/25 11:17:02 | 00,069,632 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v2.0.50727\mscorsvw.exe -- (clr_optimization_v2.0.50727_32 [On_Demand | Stopped])
SRV - [2004/03/16 19:33:24 | 00,421,888 | ---- | M] (Dell) -- C:\WINDOWS\System32\dlbtcoms.exe -- (dlbt_device [On_Demand | Stopped])
SRV - [2007/03/07 15:47:46 | 00,076,848 | ---- | M] () -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService [On_Demand | Stopped])
SRV - [2008/07/29 21:10:04 | 00,046,104 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\WPF\PresentationFontCache.exe -- (FontCache3.0.0.0 [On_Demand | Stopped])
SRV - [2009/01/16 16:31:58 | 00,161,064 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\SeagateManager\Sync\FreeAgentService.exe -- (FreeAgentGoNext Service [Auto | Running])
SRV - [2008/10/28 10:42:08 | 00,138,168 | ---- | M] (Google) -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc [On_Demand | Stopped])
SRV - [2004/08/04 04:00:00 | 00,038,912 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\PCHealth\HelpCtr\Binaries\pchsvc.dll -- (helpsvc [Auto | Running])
SRV - [2008/07/29 19:24:50 | 00,881,664 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\infocard.exe -- (idsvc [Unknown | Stopped])
SRV - [2008/10/10 06:45:26 | 00,013,088 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService [Auto | Running])
SRV - [2003/12/17 12:59:48 | 00,143,360 | ---- | M] (Intel® Corporation) -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc [On_Demand | Stopped])
SRV - [2008/07/29 19:16:38 | 00,132,096 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\Microsoft.NET\Framework\v3.0\Windows Communication Foundation\SMSvcHost.exe -- (NetTcpPortSharing [Disabled | Stopped])
SRV - [2003/07/28 13:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose [On_Demand | Stopped])
SRV - [2008/08/13 19:32:40 | 00,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter [Auto | Running])
SRV - [2006/11/03 20:19:58 | 00,013,592 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend [Auto | Stopped])

========== Driver Services (SafeList) ==========

DRV - [2002/04/01 12:15:00 | 00,004,816 | ---- | M] (Andrea Electronics Corporation) -- C:\WINDOWS\System32\drivers\aeaudio.sys -- (aeaudio [On_Demand | Running])
DRV - [2001/08/17 12:51:56 | 00,005,248 | ---- | M] (Acer Laboratories Inc.) -- C:\WINDOWS\system32\DRIVERS\aliide.sys -- (AliIde [Boot | Running])
DRV - [2004/08/03 22:07:44 | 00,043,008 | ---- | M] (Advanced Micro Devices, Inc.) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys -- (amdagp [Boot | Running])
DRV - [2001/08/17 12:52:00 | 00,026,496 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc.sys -- (asc [Boot | Running])
DRV - [2001/08/17 12:51:58 | 00,014,848 | ---- | M] (Advanced System Products, Inc.) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys -- (asc3550 [Boot | Running])
DRV - [2009/02/13 12:35:05 | 00,011,608 | ---- | M] (Avira GmbH) -- C:\Program Files\Avira\AntiVir Desktop\avgio.sys -- (avgio [System | Running])
DRV - [2009/07/28 16:33:56 | 00,055,656 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avgntflt.sys -- (avgntflt [Auto | Running])
DRV - [2009/03/30 10:33:07 | 00,096,104 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\avipbb.sys -- (avipbb [System | Running])
DRV - [2001/08/17 12:51:54 | 00,006,656 | ---- | M] (CMD Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys -- (CmdIde [Boot | Running])
DRV - [2001/08/17 12:52:16 | 00,179,584 | ---- | M] (Mylex Corporation) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys -- (dac2w2k [Boot | Running])
DRV - [2002/09/10 21:42:00 | 00,024,808 | ---- | M] (Service & Quality Technology.) -- C:\WINDOWS\System32\Drivers\SQcaptur.sys -- (DCamUSBSQTECH [On_Demand | Stopped])
DRV - [2006/10/05 16:07:28 | 00,004,736 | ---- | M] (Gteko Ltd.) -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct [On_Demand | Running])
DRV - [2007/02/25 12:10:48 | 00,005,376 | --S- | M] (Gteko Ltd.) -- C:\WINDOWS\System32\DRIVERS\dsunidrv.sys -- (dsunidrv [Auto | Running])
DRV - [2001/04/09 20:17:58 | 00,039,096 | ---- | M] (OLYMPUS OPTICAL CO.,LTD.) -- C:\WINDOWS\System32\DRIVERS\DW90USB.sys -- (DW90USB [On_Demand | Stopped])
DRV - [2004/02/10 14:49:14 | 00,154,112 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\e100b325.sys -- (E100B [On_Demand | Running])
DRV - [2006/03/23 21:47:06 | 01,166,972 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\ialmnt5.sys -- (ialm [On_Demand | Running])
DRV - [2004/03/05 21:14:42 | 01,233,525 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC51.sys -- (IntelC51 [On_Demand | Stopped])
DRV - [2004/03/05 21:15:34 | 00,647,929 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC52.sys -- (IntelC52 [On_Demand | Stopped])
DRV - [2004/06/15 21:52:40 | 00,061,157 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\IntelC53.sys -- (IntelC53 [On_Demand | Stopped])
DRV - [2003/03/31 15:29:00 | 00,625,537 | ---- | M] (LT) -- C:\WINDOWS\System32\DRIVERS\ltmdmnt.sys -- (ltmodem5 [On_Demand | Running])
DRV - [2001/08/17 12:57:38 | 00,016,128 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\drivers\MODEMCSA.sys -- (MODEMCSA [On_Demand | Stopped])
DRV - [2004/03/05 21:13:38 | 00,037,048 | ---- | M] (Intel Corporation) -- C:\WINDOWS\System32\DRIVERS\mohfilt.sys -- (mohfilt [On_Demand | Stopped])
DRV - [2001/08/17 12:52:12 | 00,017,280 | ---- | M] (American Megatrends Inc.) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys -- (mraid35x [Boot | Running])
DRV - [2004/08/03 21:29:56 | 01,897,408 | ---- | M] (NVIDIA Corporation) -- C:\WINDOWS\System32\DRIVERS\nv4_mini.sys -- (nv [On_Demand | Stopped])
DRV - [2002/11/08 12:45:06 | 00,017,217 | ---- | M] (Dell Computer Corporation) -- C:\WINDOWS\System32\DRIVERS\omci.sys -- (omci [System | Running])
DRV - [2003/09/19 16:47:24 | 00,010,368 | ---- | M] (Padus, Inc.) -- C:\WINDOWS\System32\drivers\pfc.sys -- (pfc [On_Demand | Running])
DRV - [2004/08/04 04:00:00 | 00,017,792 | ---- | M] (Parallel Technologies, Inc.) -- C:\WINDOWS\System32\DRIVERS\ptilink.sys -- (Ptilink [On_Demand | Running])
DRV - [2007/03/07 16:51:00 | 00,043,528 | ---- | M] (Sonic Solutions) -- C:\WINDOWS\System32\Drivers\PxHelp20.sys -- (PxHelp20 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,040,320 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys -- (ql1080 [Boot | Running])
DRV - [2001/08/17 12:52:20 | 00,045,312 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys -- (ql12160 [Boot | Running])
DRV - [2001/08/17 12:52:18 | 00,049,024 | ---- | M] (QLogic Corporation) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys -- (ql1280 [Boot | Running])
DRV - [2007/11/13 03:25:53 | 00,020,480 | ---- | M] (Macrovision Corporation, Macrovision Europe Limited, and Macrovision Japan and Asia K.K.) -- C:\WINDOWS\System32\DRIVERS\secdrv.sys -- (Secdrv [Auto | Running])
DRV - [2004/08/03 22:07:44 | 00,041,088 | ---- | M] (Silicon Integrated Systems Corporation) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys -- (sisagp [Boot | Running])
DRV - [2004/04/09 11:41:30 | 00,612,352 | ---- | M] (Analog Devices, Inc.) -- C:\WINDOWS\System32\drivers\smwdm.sys -- (smwdm [On_Demand | Running])
DRV - [2001/08/17 13:07:44 | 00,019,072 | ---- | M] (Adaptec, Inc.) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys -- (Sparrow [Boot | Running])
DRV - [2009/05/11 10:12:24 | 00,028,520 | ---- | M] (Avira GmbH) -- C:\WINDOWS\System32\DRIVERS\ssmdrv.sys -- (ssmdrv [System | Running])
DRV - [2001/08/17 13:07:34 | 00,016,256 | ---- | M] (Symbios Logic Inc.) -- C:\WINDOWS\system32\DRIVERS\symc810.sys -- (symc810 [Boot | Running])
DRV - [2001/08/17 13:07:36 | 00,032,640 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys -- (symc8xx [Boot | Running])
DRV - [2001/08/17 13:07:40 | 00,028,384 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys -- (sym_hi [Boot | Running])
DRV - [2001/08/17 13:07:42 | 00,030,688 | ---- | M] (LSI Logic) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys -- (sym_u3 [Boot | Running])
DRV - [2001/08/17 12:52:22 | 00,036,736 | ---- | M] (Promise Technology, Inc.) -- C:\WINDOWS\system32\DRIVERS\ultra.sys -- (ultra [Boot | Running])
DRV - [2004/08/04 00:08:44 | 00,025,600 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usbser.sys -- (usbser [On_Demand | Stopped])
DRV - [2005/10/20 18:47:05 | 00,012,800 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\usb8023x.sys -- (usb_rndisx [On_Demand | Stopped])
DRV - [2006/04/10 19:05:10 | 00,104,576 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\DRIVERS\wceusbsh.sys -- (wceusbsh [On_Demand | Stopped])

========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Page_Transitions = 1
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.microsoft...amp;ar=iesearch
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.co...m...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: C:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:38 | 00,000,000 | ---D | M]


O1 HOSTS File: (736 bytes) - C:\WINDOWS\System32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O3 - HKLM\..\Toolbar: (&Google) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Google) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll (Google Inc.)
O4 - HKLM..\Run: [avgnt] C:\Program Files\Avira\AntiVir Desktop\avgnt.exe (Avira GmbH)
O4 - HKLM..\Run: [CanonMyPrinter] C:\Program Files\Canon\MyPrinter\BJMyPrt.exe (CANON INC.)
O4 - HKLM..\Run: [CanonSolutionMenu] C:\Program Files\Canon\SolutionMenu\CNSLMAIN.exe (CANON INC.)
O4 - HKLM..\Run: [Dell Photo AIO Printer 922] C:\Program Files\Dell Photo AIO Printer 922\dlbtbmgr.exe ()
O4 - HKLM..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe ( )
O4 - HKLM..\Run: [DVDLauncher] C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe (CyberLink Corp.)
O4 - HKLM..\Run: [HPDJ Taskbar Utility] C:\WINDOWS\System32\spool\drivers\w32x86\3\hpztsb06.exe (HP)
O4 - HKLM..\Run: [igfxhkcmd] C:\WINDOWS\System32\hkcmd.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxpers] C:\WINDOWS\System32\igfxpers.exe (Intel Corporation)
O4 - HKLM..\Run: [igfxtray] C:\WINDOWS\System32\igfxtray.exe (Intel Corporation)
O4 - HKLM..\Run: [IntelMeM] C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe (Intel Corporation)
O4 - HKLM..\Run: [Malwarebytes Anti-Malware (reboot)] C:\Program Files\Malwarebytes' Anti-Malware\mbam.exe (Malwarebytes Corporation)
O4 - HKLM..\Run: [MaxMenuMgr] C:\Program Files\Seagate\SeagateManager\FreeAgent Status\StxMenuMgr.exe (Seagate LLC)
O4 - HKLM..\Run: [NeroFilterCheck] C:\WINDOWS\System32\NeroCheck.exe (Ahead Software Gmbh)
O4 - HKLM..\Run: [OpwareSE4] C:\Program Files\ScanSoft\OmniPageSE4\OpwareSE4.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\Media Experience\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [QuickTime Task] C:\Program Files\QuickTime\qttask.exe (Apple Computer, Inc.)
O4 - HKLM..\Run: [SSBkgdUpdate] C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe (Nuance Communications, Inc.)
O4 - HKLM..\Run: [UpdateManager] C:\Program Files\Common Files\Sonic\Update Manager\sgtray.exe (Sonic Solutions)
O4 - HKLM..\Run: [UserFaultCheck] File not found
O4 - HKLM..\Run: [VerizonServicepoint.exe] C:\Program Files\Verizon\VSP\VerizonServicepoint.exe (Verizon)
O4 - HKLM..\Run: [WinampAgent] C:\Program Files\Winamp\winampa.exe ()
O4 - HKLM..\Run: [Windows Defender] C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DellSupport] C:\Program Files\DellSupport\DSAgnt.exe (Gteko Ltd.)
O4 - HKCU..\Run: [DellSupportCenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKCU..\Run: [MSMSGS] C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - HKCU..\RunOnce: [Shockwave Updater] C:\WINDOWS\System32\Adobe\Shockwave 11\SwHelper_1150596.exe -Update -1150596 -Mozilla\4.0 ( File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Device Detector 2.lnk = C:\Program Files\OLYMPUS\DeviceDetector\DevDtct2.exe (OLYMPUS Optical Co.,Ltd)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\WinZip Quick Pick.lnk = C:\Program Files\WinZip\WZQKPICK.EXE (WinZip Computing, Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: DisableRegistryTools = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\control panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - Reg Error: Key error. File not found
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: MUSICMATCH MX Web Player - {d81ca86b-ef63-42af-bee3-4502d9a03c2d} - File not found
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\WINDOWS\System32\nwprovau.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\System32\rsvpsp.dll (Microsoft Corporation)
O15 - HKLM\..Trusted Domains: 1 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} https://activatemyfi...20Installer.cab (Support.com Configuration Class)
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} http://upload.facebo...toUploader5.cab (Facebook Photo Uploader 5 Control)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photo.walgree...eensActivia.cab (Snapfish Activia)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://update.micros...b?1229662627796 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://www.nick.com/.../GrooveAX27.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {CAFEEFAC-0014-0002-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.4.2_06)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://download.macr...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} http://3dlifeplayer....r_installer.exe (Virtools WebPlayer Class)
O16 - DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} http://platformdl.ad...Plus/1.6/gp.cab (Reg Error: Key error.)
O16 - DPF: vzTCPConfig http://www.verizon.n...vzTCPConfig.CAB (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\SYSTEM\Ole DB\msdaipp.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-its50 {F8606A00-F5CF-11D1-B6BB-0000F80149F6} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\itss50.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap {3D9F03FA-7A94-11D3-BE81-0050048385D1} - C:\Program Files\Common Files\Microsoft Shared\Web Components\10\OWC10.DLL (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Filter: - text/xml - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\Explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2004/08/10 12:04:08 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2009/09/20 10:18:55 | 00,000,067 | ---- | M] () - D:\autorun.inf -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck) - File not found
O34 - HKLM BootExecute: (autochk) - C:\WINDOWS\System32\autochk.exe (Microsoft Corporation)
O34 - HKLM BootExecute: (*) - File not found

========== Files/Folders - Created Within 30 Days ==========

[2009/09/20 17:14:41 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\Malwarebytes
[2009/09/20 16:56:51 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/09/20 09:57:38 | 00,000,000 | ---D | C] -- C:\WINDOWS\temp
[2009/09/20 09:43:30 | 00,229,888 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/09/20 09:43:30 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/09/20 09:43:30 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/09/20 09:43:30 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/09/20 09:43:30 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/09/20 09:43:30 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/09/20 09:43:30 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/09/20 09:43:30 | 00,031,232 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2009/09/20 09:43:24 | 00,000,000 | ---D | C] -- C:\Combo-Fix
[2009/09/20 09:33:17 | 01,445,888 | ---- | C] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/19 18:45:55 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\proquota.exe
[2009/09/19 18:45:55 | 00,050,176 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\proquota.exe
[2009/09/19 18:19:57 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/09/19 18:19:38 | 03,316,998 | R--- | C] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 15:43:55 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/09/19 12:39:48 | 00,514,560 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | C] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:34:58 | 00,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2009/09/19 11:32:09 | 00,000,611 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | C] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:32:09 | 00,000,000 | ---D | C] -- C:\Program Files\ERUNT
[2009/09/19 11:13:20 | 00,791,393 | ---- | C] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:47 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:03 | 00,271,872 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/19 05:15:31 | 00,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/19 05:15:30 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2009/09/19 05:15:29 | 00,019,160 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/19 05:15:29 | 00,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2009/09/08 14:54:37 | 00,153,088 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\triedit.dll
[2009/09/07 18:38:20 | 01,042,432 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/07 11:00:22 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Application Data\DeLorme
[2009/09/07 11:00:20 | 00,000,000 | ---D | C] -- C:\Documents and Settings\Joelle\Local Settings\Application Data\DeLorme
[2009/09/07 10:50:31 | 00,002,291 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Program Files\DeLorme
[2009/09/07 10:33:16 | 00,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\DeLorme
[2009/09/07 10:33:14 | 03,426,072 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_32.dll
[2009/09/07 10:33:12 | 02,323,664 | ---- | C] (Microsoft Corporation) -- C:\WINDOWS\System32\d3dx9_28.dll
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Temporary Internet Files
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\History
[2009/09/07 10:32:36 | 00,000,000 | --SD | C] -- C:\WINDOWS\Cookies
[2009/09/06 10:35:09 | 00,020,480 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:19 | 00,037,376 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc
[2009/08/30 20:40:26 | 00,041,472 | ---- | C] () -- C:\Documents and Settings\Joelle\My Documents\Order Confirmation REI GPS.doc
[2007/12/22 17:14:36 | 00,000,412 | ---- | C] () -- C:\WINDOWS\MAXLINK.INI
[2007/11/18 11:01:28 | 00,030,720 | ---- | C] () -- C:\WINDOWS\System32\ftp4w32.dll
[2007/05/19 12:50:44 | 00,000,168 | ---- | C] () -- C:\WINDOWS\BluesCluesKindergarten.ini
[2007/04/19 12:09:45 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2007/04/19 12:08:38 | 00,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2006/01/09 20:24:57 | 00,000,069 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2005/12/22 14:37:48 | 00,000,440 | ---- | C] () -- C:\WINDOWS\QTW.INI
[2005/11/19 21:16:41 | 00,000,879 | ---- | C] () -- C:\WINDOWS\ARCADE.INI
[2005/04/16 21:53:50 | 00,001,671 | ---- | C] () -- C:\WINDOWS\FACTNET.INI
[2005/03/28 21:27:40 | 00,000,021 | ---- | C] () -- C:\WINDOWS\CS_SETUP.ini
[2005/02/25 21:43:17 | 00,000,000 | ---- | C] () -- C:\WINDOWS\SETUP32.INI
[2005/02/01 15:40:31 | 00,000,081 | ---- | C] () -- C:\WINDOWS\encore_launcher.ini
[2005/01/31 20:49:06 | 00,000,355 | ---- | C] () -- C:\WINDOWS\TLCAPPS.INI
[2005/01/16 16:20:55 | 00,000,094 | ---- | C] () -- C:\WINDOWS\CuriousP.INI
[2005/01/12 23:06:50 | 00,005,535 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2005/01/02 11:00:38 | 00,000,435 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2005/01/02 11:00:32 | 00,000,242 | ---- | C] () -- C:\WINDOWS\KA.INI
[2004/12/28 19:13:33 | 00,001,774 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2004/12/20 00:33:36 | 00,015,317 | ---- | C] () -- C:\WINDOWS\Hornet2.ini
[2004/12/18 13:23:25 | 00,001,023 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2004/12/18 00:49:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2004/11/30 07:12:39 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/11/30 07:10:19 | 00,003,556 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2004/11/30 06:36:52 | 00,000,520 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2004/09/15 21:03:14 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2004/08/10 12:13:12 | 00,000,780 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/10 12:04:08 | 00,000,729 | ---- | C] () -- C:\WINDOWS\WIN.INI
[2004/08/10 11:57:52 | 00,000,227 | ---- | C] () -- C:\WINDOWS\system.ini
[2004/08/04 04:00:00 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\FXSPERF.INI
[2004/06/14 14:21:46 | 00,114,688 | ---- | C] () -- C:\WINDOWS\System32\dlbtcur.dll
[2004/06/14 14:21:02 | 00,557,056 | ---- | C] () -- C:\WINDOWS\System32\dlbtjswr.dll
[2004/06/14 14:15:48 | 00,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlbtcu.dll
[2004/06/14 14:09:22 | 00,401,408 | ---- | C] () -- C:\WINDOWS\System32\dlbtutil.dll
[2004/06/04 18:25:38 | 00,126,976 | ---- | C] () -- C:\WINDOWS\System32\dlbtsnls.dll
[2004/06/04 18:23:44 | 00,143,360 | ---- | C] () -- C:\WINDOWS\System32\dlbtcoin.dll
[2004/04/20 10:08:08 | 00,000,276 | ---- | C] () -- C:\WINDOWS\System32\DLBTPLC.INI
[2003/10/08 13:09:46 | 00,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlbtvs.dll
[2003/01/07 16:05:08 | 00,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI
[1997/11/17 18:13:16 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[1979/12/31 23:00:00 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Files - Modified Within 30 Days ==========

[2009/09/21 18:06:19 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/09/21 18:06:18 | 00,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2009/09/21 17:39:00 | 00,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2009/09/21 02:08:00 | 00,000,330 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2009/09/20 10:19:31 | 00,000,729 | ---- | M] () -- C:\WINDOWS\WIN.INI
[2009/09/20 10:19:31 | 00,000,227 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/09/20 10:19:31 | 00,000,211 | RHS- | M] () -- C:\BOOT.INI
[2009/09/20 10:16:20 | 00,000,736 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2009/09/20 09:25:08 | 01,445,888 | ---- | M] (Option^Explicit Software Solutions) -- C:\Documents and Settings\Joelle\Desktop\WinsockxpFix.exe
[2009/09/19 18:48:55 | 00,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts.bak
[2009/09/19 16:07:50 | 03,316,998 | R--- | M] () -- C:\Documents and Settings\Joelle\Desktop\Combo-Fix.exe
[2009/09/19 12:40:18 | 00,514,560 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\OTL.exe
[2009/09/19 11:54:13 | 00,000,000 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\settings.dat
[2009/09/19 11:43:33 | 00,472,064 | ---- | M] ( ) -- C:\Documents and Settings\Joelle\Desktop\RootRepeal.exe
[2009/09/19 11:32:09 | 00,000,611 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\NTREGOPT.lnk
[2009/09/19 11:32:09 | 00,000,592 | ---- | M] () -- C:\Documents and Settings\Joelle\Desktop\ERUNT.lnk
[2009/09/19 11:13:20 | 00,791,393 | ---- | M] (Lars Hederer ) -- C:\Documents and Settings\Joelle\Desktop\erunt_setup.exe
[2009/09/19 11:12:48 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Joelle\Desktop\SysRestorePoint.exe
[2009/09/19 11:06:04 | 00,271,872 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Joelle\Desktop\TFC.exe
[2009/09/19 05:15:34 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/09/14 16:42:27 | 00,000,069 | ---- | M] () -- C:\WINDOWS\NeroDigital.ini
[2009/09/14 02:12:36 | 00,229,888 | ---- | M] () -- C:\WINDOWS\PEV.exe
[2009/09/13 13:26:21 | 00,002,291 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\DeLorme Topo USA 8.0.lnk
[2009/09/10 14:54:06 | 00,038,224 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2009/09/10 14:53:50 | 00,019,160 | ---- | M] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2009/09/09 03:01:41 | 00,001,355 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2009/09/07 18:38:20 | 01,042,432 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\animal crossing CF Hairstyles.doc
[2009/09/06 10:35:41 | 00,020,480 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Tim Carslson family.doc
[2009/09/05 13:40:20 | 00,037,376 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Creamy Cucumber Gazpacho.doc
[2009/08/30 20:40:27 | 00,041,472 | ---- | M] () -- C:\Documents and Settings\Joelle\My Documents\Order Confirmation REI GPS.doc
< End of report >
  • 0

#11
riverjay
Posted 21 September 2009 - 09:35 PM

riverjay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Also ran MBAM again-
Looking good- (?)

Malwarebytes' Anti-Malware 1.41
Database version: 2833
Windows 5.1.2600 Service Pack 2

9/21/2009 8:01:48 PM
mbam-log-2009-09-21 (20-01-48).txt

Scan type: Full Scan (C:\|)
Objects scanned: 215985
Time elapsed: 1 hour(s), 25 minute(s), 24 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#12
Essexboy
Posted 22 September 2009 - 11:25 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Now for the big questions. How is your computer running now ? Any further problems ?
  • 0

#13
riverjay
Posted 22 September 2009 - 10:57 PM

riverjay

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Everything is looking good. Last night I upgraded to SP3 and IE8. Tonight I’m going to get Firefox (do you recommend it over IE8?).

Could you answer a few questions before we part ways? I have been looking over this fine site, and see firewalls are recommended. Why is a 3rd party firewall superior to the built it Windows firewall?

Can SpyWareGuard be used simultaneously with Avira, or would their realtime components conflict?

We pay bills from this computer, do you know if the "bad stuff" that was on here might have collected any account information, or was it busy downloading crap to my system.

It seems like this malware is inevitable. I have been looking through some of the cases on this site. One that you are working on with a chap from NY that spans 6 pages so far. That makes my problem look insignificant. My computing needs are relatively small. I am getting by (almost!) with a 40 GB C: drive. What about the solution of imaging the C: drive weekly or daily to one of those external USB drives, and physically disconnecting it from the computer when done. The next time I get tangled up with a rootkit or whatever it was that we dealt with, which disables all of my anti virus tools- I reformat C:, boot from a CD and move the healthy image back. That seems simpler, (and something I can do myself) than returning to this site for another multi-round of help from you guys. Is this feasible, could you comment on any problems this might pose? I have obviously never captured an “image”, but it sounds like what I want.

Once again, my sincere thanks for your help on this problem, one of many to you, but one of huge importance to me!
:)
Jay
  • 0

#14
Essexboy
Posted 23 September 2009 - 02:12 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Can SpyWareGuard be used simultaneously with Avira, or would their realtime components conflict?

There is no conflict at all here

We pay bills from this computer, do you know if the "bad stuff" that was on here might have collected any account information, or was it busy downloading crap to my system.

There is a possibility, however I saw no indication of a keylogger/password stealer

What about the solution of imaging the C: drive weekly or daily to one of those external USB drives, and physically disconnecting it from the computer when done. The next time I get tangled up with a rootkit or whatever it was that we dealt with, which disables all of my anti virus tools- I reformat C:, boot from a CD and move the healthy image back.

That is an ideal solution for a small computer, I know that Acronis can restore an image from USB (I use it myself). It is an easy to use programme, and I would recommend doing this whenever you have some changes to system data (added new pictures/documents etc.) or failing that quarterly

Why is a 3rd party firewall superior to the built it Windows firewall?

Windows XP firewall only controls inbound traffic, not outbound. That is the primary difference.

Tonight I’m going to get Firefox (do you recommend it over IE8?).

Difficult as have never liked Firefox, but others swear by it. If you do not visit dodgy sites then generally there is not a great deal of difference. Best answer I am afraid


Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. MBAM can be uninstalled via control panel add/remove along with ERUNT. But they may be useful tools to keep

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

Posted Image Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system. Please follow these steps to remove older version of Java components and upgrade the application. Beware it is NOT supported for use in 9x or ME and probably will not install in those systems

Upgrading Java:
  • Download the latest version of Java SE Runtime Environment (JRE)JRE 6 Update 16.
  • Click the "Download" button to the right.
  • Select your Platform and check the box that says: "I agree to the Java SE Runtime Environment 6 License Agreement.".
  • Click on Continue.
  • Click on the link to download Windows Offline Installation (jre-6u16-windows-i586-p.exe) and save it to your desktop. Do NOT use the Sun Download Manager..
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel, double-click on Add/Remove programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on the download to install the newest version.(Vista users, right click on the jre-6u16-windows-i586-p.exe and select "Run as an Administrator.")

XP
Now to get you off to a good start we will clean your restore points so that all the bad stuff is gone for good. Then if you need to restore at some stage you will be clean. There are several ways to reset your restore points, but this is my method:
  • Select Start > All Programs > Accessories > System tools > System Restore.
  • On the dialogue box that appears select Create a Restore Point
  • Click NEXT
  • Enter a name e.g. Clean
  • Click CREATE
You now have a clean restore point, to get rid of the bad ones:
  • Select Start > All Programs > Accessories > System tools > Disk Cleanup.
  • In the Drop down box that appears select your main drive e.g. C
  • Click OK
  • The System will do some calculation and the display a dialogue box with TABS
  • Select the More Options Tab.
  • At the bottom will be a system restore box with a CLEANUP button click this
  • Accept the Warning and select OK again, the program will close and you are done

SPRING CLEAN

Download TFC to your desktop
  • Open the file and close any other windows.
  • It will close all programs itself when run, make sure to let it run uninterrupted.
  • Click the Start button to begin the process. The program should not take long to finish its job
  • Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

THEN

Download and run Auslogics Disc Defragmenter

Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes: It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :)
  • 0

#15
Essexboy
Posted 25 September 2009 - 10:49 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP