Google redirect virus - NEED HELP! [Solved]

Geeks to Go Forums > Security > Virus, Spyware, Malware Removal

Today's New Content

Google redirect virus - NEED HELP! [Solved] Redirects google search in both IE7 and Firefox

#1 need-hijack-help

Group: Member
Posts: 14
Joined: 19-May 07

Posted 27 December 2009 - 08:23 PM

I am in need of some virus help. I have a nasty virus that wont go away and keeps redirecting any Gooogle searches using both IE7 and Firefox. I have tried all the steps outlined in the guidelines posted on the Geeks to go site. I found abd removed some trojan horse virus when I ran Malwarebytes scan, but the virus came back after rebooting. I tired this a fe times, but still the same.... I could not create a GMER scan post - I kept getting the "blue screen" when running this program. I am posting the Malwarebytes file and OTL files below. Thanks in advance for the help!! It is appreciated!

Malwarebytes' Anti-Malware 1.42
Database version: 3442
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/27/2009 7:40:38 PM
mbam-log-2009-12-27 (19-40-38).txt

Scan type: Quick Scan
Objects scanned: 126960
Time elapsed: 7 minute(s), 17 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

---------------------------------------
OTL scan report file:
OTL logfile created on: 12/27/2009 8:56:59 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Dan and Linda\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 115.49 Gb Free Space | 50.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEYMACHINE
Current User Name: Dan and Linda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/27 18:44:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
PRC - [2009/12/18 06:38:40 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/10/28 01:54:16 | 00,634,632 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Internet Explorer\iexplore.exe
PRC - [2009/09/17 11:42:40 | 02,647,336 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/15 14:29:04 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/11 14:50:26 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008/07/11 14:46:44 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/04/30 09:27:50 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/10/14 19:38:52 | 00,214,360 | ---- | M] (Hewlett-Packard Co.) -- C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/06/28 18:47:18 | 00,230,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/08/02 15:55:12 | 00,040,960 | ---- | M] (V Communications, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
PRC - [2003/08/29 18:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 10:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2009/12/27 18:44:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/06/28 18:47:26 | 00,042,552 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2005/11/08 07:30:42 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2004/08/10 04:00:00 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2004/08/02 15:29:34 | 00,081,920 | ---- | M] (V Communications, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (UMWdfsrservice)
SRV - File not found [Disabled | Stopped] -- -- (0260971179115609mcinstcleanup) McAfee Application Installer Cleanup (0260971179115609)
SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 11:43:30 | 01,049,896 | ---- | M] (SMART Technologies ULC) [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)
SRV - [2009/09/17 11:43:16 | 01,258,792 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe -- (SMART Web Server)
SRV - [2009/09/17 11:42:40 | 02,647,336 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/28 10:27:55 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/15 14:29:04 | 00,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/20 17:45:49 | 00,078,104 | ---- | M] (iWin Inc.) [Disabled | Stopped] -- C:\Program Files\iWin Games\iWinGamesInstaller.exe -- (iWinGamesInstaller)
SRV - [2008/09/15 19:10:03 | 00,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/07/23 12:54:10 | 00,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/30 09:27:50 | 00,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/16 18:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/01/16 18:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/11/11 10:22:28 | 00,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/06 20:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 20:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/14 20:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/09/05 20:25:04 | 00,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 17:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/10/15 09:12:38 | 00,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Secondary Start Pages = [Binary data over 100 bytes]
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}:5.8.809.8522
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0847}:1.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2008/09/20 19:42:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/27 11:58:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 19:27:40 | 00,000,000 | ---D | M]

[2008/08/16 08:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Extensions
[2009/12/26 15:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions
[2008/12/10 19:48:37 | 00,000,000 | ---D | M] (Google Gadget Plugin) -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}
[2009/02/08 20:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\autofillForms@blueimp.net
[2009/06/20 21:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\moveplayer@movenetworks.com
[2009/12/26 15:38:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/21 17:59:12 | 00,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2009/01/22 18:12:08 | 00,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (27 bytes) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Dan and Linda\Start Menu\Programs\Startup\Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe (V Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Dan and Linda\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Dan and Linda\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 91 00 00 00 [binary data]
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: ClassicShell = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 15 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: auerbachconsultants.com ([mail.ny] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cvs.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: k12.nj.us ([stufile.riverdell] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qvc.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 433 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1180577985743 (WUWebControl Class)
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab (CPlayFirstDoggieDashControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1180577974990 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Quantum Streaming IE Player Class)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://aolsvc.aol.com/onlinegames/free-tri...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{17bdb15d-2024-11dc-954a-006073edb755}\Shell\AutoRun\command - "" = J:\travel&work.exe -- File not found
O33 - MountPoints2\{17bdb15d-2024-11dc-954a-006073edb755}\Shell\Shell00\Command - "" = J:\travel&work.exe -- File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{be7b740a-ed9f-11db-94a8-006073edb755}\Shell\AutoRun\command - "" = J:\travel&work.exe -- File not found
O33 - MountPoints2\{be7b740a-ed9f-11db-94a8-006073edb755}\Shell\Shell00\Command - "" = J:\travel&work.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 03:22:48 | 00,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

CREATERESTOREPOINT
Restore point Set: OTL Restore Point (52639325338206208)

========== Files/Folders - Created Within 14 Days ==========

[2009/12/27 19:29:02 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Dan and Linda\Desktop\SysRestorePoint.exe
[2009/12/27 19:13:55 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\TFC.exe
[2009/12/27 18:44:06 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
[2009/12/27 09:30:22 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/12/27 09:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/12/27 09:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/12/27 09:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/11 16:32:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/11 16:32:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/11 16:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/11 16:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/22 22:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/12/22 21:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/09/21 05:50:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/12 09:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Neopets Toolbar
[2007/05/12 09:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/05/12 09:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/02/26 08:23:52 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/12/12 09:47:24 | 00,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/06/24 08:35:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\Dan and Linda\My Documents\*.tmp files -> C:\Documents and Settings\Dan and Linda\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/27 20:54:59 | 00,528,892 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/27 20:54:59 | 00,445,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/27 20:54:59 | 00,072,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/27 20:53:16 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/27 20:51:04 | 00,350,196 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/27 20:50:35 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/27 20:50:21 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/27 20:32:47 | 00,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/12/27 20:32:47 | 00,055,316 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/12/27 20:32:47 | 00,055,316 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/12/27 20:32:47 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/12/27 20:32:47 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/12/27 20:32:37 | 14,155,776 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\NTUSER.DAT
[2009/12/27 20:32:37 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan and Linda\ntuser.ini
[2009/12/27 19:29:02 | 00,021,504 | ---- | M] (Doug Knox) -- C:\Documents and Settings\Dan and Linda\Desktop\SysRestorePoint.exe
[2009/12/27 19:13:56 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\TFC.exe
[2009/12/27 18:44:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
[2009/12/27 18:08:37 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.zip
[2009/12/27 15:45:25 | 00,756,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/27 15:44:33 | 13,107,200 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\NTUSER.bak
[2009/12/27 09:33:41 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 21:16:12 | 02,154,896 | -H-- | M] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\IconCache.db
[2009/12/26 16:35:53 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\Windows Explorer.lnk
[2009/12/24 10:30:56 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/23 15:30:23 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\Word 2003.lnk
[2009/12/20 11:01:16 | 00,171,520 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.exe
[1 C:\Documents and Settings\Dan and Linda\My Documents\*.tmp files -> C:\Documents and Settings\Dan and Linda\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/27 18:08:46 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.exe
[2009/12/27 18:08:34 | 00,284,915 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.zip
[2009/07/15 14:27:17 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2009/07/10 16:29:55 | 00,000,203 | ---- | C] () -- C:\Program Files\INSTALL.LOG
[2008/12/24 11:00:56 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\srctrl.dll
[2008/12/14 11:51:32 | 00,001,330 | ---- | C] () -- C:\WINDOWS\TLMPRO.INI
[2008/12/14 11:50:12 | 00,000,933 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2008/12/14 11:46:50 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\699918FB8A.sys
[2008/12/14 11:46:49 | 00,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/09/10 21:54:36 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/09/10 21:52:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/08/29 08:08:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/12 11:15:51 | 00,000,000 | ---- | C] () -- C:\Program Files\temp01
[2008/07/11 14:50:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/07/11 14:50:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/06 17:38:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/03/14 00:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2007/12/22 16:52:47 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2007/08/18 09:31:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/06/10 11:51:16 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2007/05/20 09:00:40 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/19 12:39:42 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/05/13 22:49:31 | 00,005,765 | ---- | C] () -- C:\WINDOWS\System32\windev-peers(2).ini
[2007/05/06 16:47:33 | 00,000,016 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\.rdr.ini
[2007/03/31 15:46:40 | 00,000,082 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/03/31 15:08:19 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/03/15 12:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/04 10:08:59 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/04 10:08:43 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/22 23:29:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/30 18:31:46 | 00,002,850 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/02 16:53:23 | 00,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2006/11/11 20:47:30 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/29 17:09:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/09/02 08:38:29 | 00,088,576 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\rbap550.dll
[2006/09/02 08:38:29 | 00,073,728 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\RBRegEx550.dll
[2006/09/02 08:38:29 | 00,044,032 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\MBSMainPlugin3542.dll
[2006/09/02 08:38:29 | 00,033,792 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\MBSIconPlugin3542.dll
[2006/09/02 08:38:29 | 00,029,184 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\RBInternetEncodings550.dll
[2006/09/02 08:38:29 | 00,027,648 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\MBSRegistrationPlugin3542.dll
[2006/08/06 11:19:43 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/07 10:19:42 | 00,001,377 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/07/07 10:16:53 | 00,001,591 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 10:14:35 | 00,000,565 | ---- | C] () -- C:\WINDOWS\Spidey.ini
[2006/07/04 15:01:07 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/06/28 21:16:03 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\dvd.bmk
[2006/06/28 15:24:40 | 00,002,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/27 20:53:28 | 00,008,496 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2006/06/27 20:34:10 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/27 20:34:10 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\699918FB8A.sys
[2006/06/26 21:15:07 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/06/25 15:28:53 | 00,000,098 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/25 10:04:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/25 09:44:16 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/25 09:08:54 | 00,171,520 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/24 17:18:32 | 00,002,318 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/24 08:11:12 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\fusioncache.dat
[2006/06/15 19:39:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/15 19:33:16 | 00,000,155 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/15 18:58:36 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/14 09:37:26 | 00,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2005/11/22 02:28:04 | 00,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 07:43:30 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/09/05 01:10:28 | 00,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:18:37 | 00,022,040 | ---- | C] () -- C:\WINDOWS\System32\_003669_.tmp.dll
[2005/08/16 03:18:22 | 00,249,270 | ---- | C] () -- C:\WINDOWS\System32\_003701_.tmp.dll
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/21 04:56:10 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2009/01/24 17:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/08/13 17:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2007/11/13 20:26:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/10/09 16:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2008/11/12 19:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2009/03/29 19:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/10/01 09:58:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/07/12 10:30:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/02/24 14:47:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/04/11 16:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/07/21 09:29:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/09/30 11:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/07/14 20:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/02/24 14:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/09/22 07:39:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/08/16 08:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/06/25 12:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/09/13 16:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/12/11 15:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/03/15 14:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/23 19:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/09/20 19:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/11/21 18:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2009/02/10 20:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/06/08 17:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/15 09:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009/06/15 18:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/15 14:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2007/05/07 20:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/19 15:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/01 15:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/19 12:28:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2008/08/15 17:25:45 | 00,000,000 | -HSD | M] -- C:\Documents and Settings\Dan and Linda\Application Data\.#
[2009/01/24 17:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\acccore
[2006/06/25 10:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Aim
[2009/08/16 17:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Amazon
[2007/11/13 20:26:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Autodesk
[2009/12/20 13:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Azureus
[2008/09/06 16:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\BeachPartyCraze
[2009/03/15 14:31:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Boolat Games
[2008/10/05 13:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\EleFun Games
[2008/02/24 14:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Eyeblaster
[2008/08/03 12:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Gaijin Ent
[2008/09/30 14:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Gamelab
[2008/08/14 21:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Go-Go Gourmet Chef of the Year
[2008/08/24 16:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Home Sweet Home
[2008/09/14 08:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Home Sweet Home 2
[2008/02/24 15:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Hulabee
[2008/10/22 18:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Inspiration Software
[2009/03/24 17:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\iWin
[2008/07/14 20:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\iWinArcade
[2008/08/22 14:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\IWin_Janes_Realty
[2007/03/03 18:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Jamdat
[2008/07/17 10:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Jane s Hotel
[2006/06/26 21:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Leadertech
[2007/04/24 20:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\MagicBall3
[2008/07/21 09:24:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Meridian93
[2006/06/27 17:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Neopets Toolbar
[2008/09/13 16:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Oberon Games
[2009/06/15 17:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\ooVoo Details
[2008/12/11 15:57:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\pdf995
[2007/03/02 14:15:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\pixelStorm
[2009/03/15 14:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\PlayFirst
[2008/12/14 11:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Progeny
[2008/08/30 15:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\SBTT
[2009/11/21 18:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\SMART Technologies Inc
[2006/11/12 21:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Snapfish
[2008/11/15 09:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\SulusGames
[2008/12/11 15:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\TaxCut
[2008/08/15 17:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Teggo
[2008/11/15 09:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Valusoft
[2006/06/25 16:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\VCOM
[2007/01/18 13:20:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Viewpoint
[2008/11/15 09:59:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\ViquaSoft
[2009/07/15 14:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Webcammax
[2006/07/06 15:49:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\WildTangent
[2006/07/10 19:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\WinPatrol

========== Purity Check ==========

========== Custom Scans ==========

< %SYSTEMDRIVE%\*.exe >

< MD5 for: AGP440.SYS >
[2008/04/13 13:36:38 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=08FD04AA961BDC77FB983F328334E3D7 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\agp440.sys
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\i386\AGP440.SYS
[2004/08/03 22:07:42 | 00,042,368 | ---- | M] (Microsoft Corporation) MD5=2C428FA0C3E3A01ED93C9B2A27D8D4BB -- C:\WINDOWS\system32\drivers\agp440.sys

< MD5 for: ATAPI.SYS >
[2008/04/13 13:40:30 | 00,096,512 | ---- | M] (Microsoft Corporation) MD5=9F3A2F5AA6875C72BF062C712CFA2674 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\i386\atapi.sys
[2009/12/27 01:52:09 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\dllcache\atapi.sys
[2009/12/27 01:52:09 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\drivers\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0004\DriverFiles\i386\atapi.sys
[2004/08/03 21:59:44 | 00,095,360 | ---- | M] (Microsoft Corporation) MD5=CDFE4411A69C224BD1D11B2DA92DAC51 -- C:\WINDOWS\system32\ReinstallBackups\0011\DriverFiles\i386\atapi.sys

< MD5 for: EVENTLOG.DLL >
[2008/04/13 19:11:53 | 00,056,320 | ---- | M] (Microsoft Corporation) MD5=6D4FEB43EE538FC5428CC7F0565AA656 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\eventlog.dll
[2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\i386\eventlog.dll
[2004/08/10 04:00:00 | 00,055,808 | ---- | M] (Microsoft Corporation) MD5=82B24CB70E5944E6E34662205A2A5B78 -- C:\WINDOWS\system32\eventlog.dll

< MD5 for: NETLOGON.DLL >
[2008/04/13 19:12:01 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=1B7F071C51B77C272875C3A23E1E4550 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\dllcache\netlogon.dll
[2009/02/06 13:46:09 | 00,408,064 | ---- | M] (Microsoft Corporation) MD5=6C476D33D82F1054849790181E8F7772 -- C:\WINDOWS\system32\netlogon.dll
[2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\i386\netlogon.dll
[2004/08/10 04:00:00 | 00,407,040 | ---- | M] (Microsoft Corporation) MD5=96353FCECBA774BB8DA74A1C6507015A -- C:\WINDOWS\$NtUninstallKB968389$\netlogon.dll

< MD5 for: SCECLI.DLL >
[2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\i386\scecli.dll
[2004/08/10 04:00:00 | 00,180,224 | ---- | M] (Microsoft Corporation) MD5=0F78E27F563F2AAF74B91A49E2ABF19A -- C:\WINDOWS\system32\scecli.dll
[2008/04/13 19:12:05 | 00,181,248 | ---- | M] (Microsoft Corporation) MD5=A86BB5E61BF3E39B62AB4C7E7085A084 -- C:\WINDOWS\SoftwareDistribution\Download\dd9ab5193501484cf5e6884fa1d22f9e\scecli.dll

< %systemroot%\*. /mp /s >

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80EB80C
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7377F1F0
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30261F39
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C42CD73
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D74540D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5DF7C58
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A33DC717
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4870D32
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F280981
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A6EA835
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03C75FD1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E106B617
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F99A630
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B66030
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5402E4B9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6253983
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7867C00C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C19FC3F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9092478
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B970D7A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E855BDCF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52067872
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:672C5D08
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38EDA867
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C4D34AD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027C556
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24E8169B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6E981A9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:877DEA57
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A2493EF
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
< End of report >

---------------------------------------------------
OTL Extras scan report file:
OTL Extras logfile created on: 12/27/2009 8:56:59 PM - Run 1
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Dan and Linda\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 69.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 85.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 115.49 Gb Free Space | 50.62% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEYMACHINE
Current User Name: Dan and Linda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Extra Registry (SafeList) ==========

========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- C:\Program Files\Internet Explorer\IEXPLORE.EXE (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = htmlfile] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [open] -- "%1" %*
cmdfile [open] -- "%1" %*
comfile [open] -- "%1" %*
exefile [open] -- "%1" %*
htmlfile [edit] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
htmlfile [print] -- "C:\Program Files\Microsoft Office\OFFICE11\msohtmed.exe" /p %1 (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" -nohome (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [merge] -- Reg Error: Key error.
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l (Microsoft Corporation)
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [File Finder...] -- C:\Program Files\VCOM\PowerDesk\pdfind.exe /PATH:%1 (V Communications, Inc.)
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [MediaMonkey.1Play] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" "%1" (Ventis Media Inc.)
Directory [MediaMonkey.2PlayNext] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /NEXT "%1" (Ventis Media Inc.)
Directory [MediaMonkey.3Enqueue] -- "C:\Program Files\MediaMonkey\MediaMonkey.exe" /ADD "%1" (Ventis Media Inc.)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\IEXPLORE.EXE" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "C:\Program Files\Internet Explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"FirstRunDisabled" = 1
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 0
"FirewallOverride" = 0

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"enablefirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"37674:TCP" = 37674:TCP:*:Enabled:ooVoo TCP port 37674
"37674:UDP" = 37674:UDP:*:Enabled:ooVoo UDP port 37674
"37675:UDP" = 37675:UDP:*:Enabled:ooVoo UDP port 37675
"443:UDP" = 443:UDP:*:Disabled:ooVoo UDP port 443

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\LimeWire\LimeWire.exe" = C:\Program Files\LimeWire\LimeWire.exe:*:Enabled:LimeWire -- (Lime Wire, LLC)
"C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe" = C:\Program Files\Microsoft Games\Zoo Tycoon 2\zt.exe:*:Enabled:Zoo Tycoon 2 Executable -- (Microsoft Corporation)
"C:\Program Files\Windows Live\Messenger\livecall.exe" = C:\Program Files\Windows Live\Messenger\livecall.exe:*:Enabled:Windows Live Messenger (Phone) -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeCam.exe" = C:\Program Files\Microsoft LifeCam\LifeCam.exe:*:Enabled:LifeCam.exe -- (Microsoft Corporation)
"C:\Program Files\Microsoft LifeCam\LifeExp.exe" = C:\Program Files\Microsoft LifeCam\LifeExp.exe:*:Enabled:LifeExp.exe -- (Microsoft Corporation)
"D:\setup\HPZNUI01.EXE" = D:\setup\HPZNUI01.EXE:*:Enabled:hpznui01.exe -- File not found
"C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe:*:Enabled:hpqtra08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe:*:Enabled:hpqste08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe" = C:\Program Files\HP\Digital Imaging\bin\hpofxm08.exe:*:Enabled:hpofxm08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe" = C:\Program Files\HP\Digital Imaging\bin\hposfx08.exe:*:Enabled:hposfx08.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hposid01.exe" = C:\Program Files\HP\Digital Imaging\bin\hposid01.exe:*:Enabled:hposid01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpzwiz01.exe:*:Enabled:hpzwiz01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe" = C:\Program Files\HP\Digital Imaging\Unload\HpqPhUnl.exe:*:Enabled:hpqphunl.exe -- ()
"C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe" = C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe:*:Enabled:hpoews01.exe -- (Hewlett-Packard Co.)
"C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe:*:Enabled:hpiscnapp.exe -- (Hewlett-Packard)
"C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe" = C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe:*:Enabled:hpqkygrp.exe -- (Hewlett-Packard)
"C:\Program Files\iWin Games\iWinGames.exe" = C:\Program Files\iWin Games\iWinGames.exe:*:Enabled:iWin Games application. -- (iWin Inc.)
"C:\Program Files\iWin Games\WebUpdater.exe" = C:\Program Files\iWin Games\WebUpdater.exe:*:Enabled:iWin Games updater. -- ()
"C:\Program Files\Common Files\AOL\Loader\aolload.exe" = C:\Program Files\Common Files\AOL\Loader\aolload.exe:*:Enabled:AOL Loader -- (AOL LLC)
"C:\Program Files\AIM6\aim6.exe" = C:\Program Files\AIM6\aim6.exe:*:Enabled:AIM -- (AOL LLC)
"C:\Program Files\Bonjour\mDNSResponder.exe" = C:\Program Files\Bonjour\mDNSResponder.exe:*:Enabled:Bonjour -- (Apple Inc.)
"C:\Program Files\Skype\Phone\Skype.exe" = C:\Program Files\Skype\Phone\Skype.exe:*:Enabled:Skype -- ()
"C:\Program Files\iTunes\iTunes.exe" = C:\Program Files\iTunes\iTunes.exe:*:Enabled:iTunes -- (Apple Inc.)
"C:\Program Files\SMART Technologies\SMART Board Drivers\UCGui.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\UCGui.exe:*:Enabled:SMART Universal Controller Interface -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe:*:Enabled:SMART SNMPAgent -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\UCService.exe:*:Enabled:SMART Universal Controller Service -- (SMART Technologies ULC)
"C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe" = C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe:*:Enabled:SMART Web Server -- ()

========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{02E89EFC-7B07-4D5A-AA03-9EC0902914EE}" = VC 9.0 Runtime
"{07287123-B8AC-41CE-8346-3D777245C35B}" = Bonjour
"{075473F5-846A-448B-BCB3-104AA1760205}" = Roxio RecordNow Data
"{09BDEEF0-5590-457D-89A9-5DB2742F9BBF}" = 32 Bit HP CIO Components Installer
"{0BEDBD4E-2D34-47B5-9973-57E62B29307C}" = ATI Control Panel
"{0CE1A6C0-F3F7-49E6-8F9D-2431F9827441}" = Guitar Hero III
"{0EB5D9B7-8E6C-4A9E-B74F-16B7EE89A67B}" = Microsoft Plus! Photo Story 2 LE
"{0F7C2E47-089E-4d23-B9F7-39BE00100776}" = Toolbox
"{0FE55E01-5D5A-4823-A71E-F4F5E8BB473D}" = TaxCut New Jersey 2007
"{11B83AD3-7A46-4C2E-A568-9505981D4C6F}" = HP Update
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Roxio DLA
"{12A76360-388E-4B27-ABEB-D5FC5378DD2A}" = HPPhotoSmartPhotobookWebPack1
"{13AD768A-9E04-499D-AE80-967A65DCCBA5}" = ebgcSDK
"{18669FF9-C8FE-407a-9F70-E674896B1DB4}" = GPBaseService
"{18D10072035C4515918F7E37EAFAACFC}" = AutoUpdate
"{18F11181-EA1A-42AE-AF89-4867C7F7A6FA}" = Sound Blaster X-Fi
"{195F2C6C-A343-4b10-B1A4-3F00AB9E9DD9}" = Fax
"{1CB92574-96F2-467B-B793-5CEB35C40C29}" = Image Resizer Powertoy for Windows XP
"{20B30DC1-E423-4939-B51D-05C58B0F9BBB}" = HP Photosmart All-In-One Driver Software 10.0 Rel .2
"{21657574-BD54-48A2-9450-EB03B2C7FC29}" = Roxio MyDVD LE
"{22A85543-D8DF-461F-A1A8-CEA0BFBAE0AB}" = Infinite Pre-Algebra
"{2B7BDADB-EC8C-4C54-B5DD-CE45A016D3A7}" = Free Ride Games Player
"{2DE65DF3-E614-4D5C-B5F9-BF3464DBEBD5}" = ebgcRes
"{2E0C1913-886B-4C5C-8DAF-D1E649CE5FCC}" = Creative MediaSource
"{30465B6C-B53F-49A1-9EBA-A3F187AD502E}" = Sonic Update Manager
"{3248F0A8-6813-11D6-A77B-00B0D0160010}" = Java™ SE Runtime Environment 6 Update 1
"{33BB4982-DC52-4886-A03B-F4C5C80BEE89}" = Windows Media Player 10
"{34BFB099-07B2-4E95-A673-7362D60866A2}" = PSSWCORE
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{36DD7F44-24D9-480A-A777-C69D9FB3C5D3}" = The Princess Bride Game
"{36FDBE6E-6684-462b-AE98-9A39A1B200CC}" = HPProductAssistant
"{39B1BD87-561E-4762-AED9-7C5213B06C24}" = ebgcInfra
"{3AC54383-31D1-4907-961B-B12CBB1D0AE8}" = MobileMe Control Panel
"{3CF78481-FB7B-4B51-99A2-D5E0CD0B3AAF}" = HPSystemDiagnostics
"{3EE33958-7381-4E7B-A4F3-6E43098E9E9C}" = URL Assistant
"{41254D7B-EADF-4078-AE4A-BD73B300EE86}" = Unload
"{43CAC9A1-1993-4F65-9096-7C9AFC2BBF54}" = Dell CinePlayer
"{4667B940-BB01-428B-986E-A0CC46497BF7}" = ELIcon
"{46C73DE4-E96D-4F7C-8371-F28052183B12}" = Sonic Advanced Decoder
"{48A6E89E-D2D3-4DA7-8A7C-FBB8F1083409}" = SeaWorld Adventure Park Tycoon
"{4BAC29B6-145B-49D0-A2FC-A79AE4F606E5}" = TaxCut New York 2008
"{4CACFCD9-F71B-413A-8DF5-1A6419D5CDC6}" = Cards_Calendar_OrderGift_DoMorePlugout
"{501451DE-5808-4599-B544-8BD0915B6B24}_is1" = FreeRIP v3.1
"{508CE775-4BA4-4748-82DF-FE28DA9F03B0}" = Windows Live Messenger
"{5109C064-813E-4e87-B0DE-C8AF7B5BC02B}" = SmartWebPrintingOC
"{52A69E11-7CEB-4a7d-9607-68BA4F39A89B}" = DeviceDiscovery
"{52D56C42-8C69-4882-A661-39695537C9CF}" = DellConnect
"{53648F92-1CC5-22D2-A6DF-00A0C9A23BCD}" = SonicWALL Global VPN Client
"{5545EEE1-FA36-4F76-B6BE-5696E7F4E2D6}" = VBA (2627.01)
"{5783F2D7-0201-0409-0000-0060B0CE6BBA}" = AutoCAD 2004
"{5783F2D7-0211-0409-0000-0060B0CE6BBA}" = AutoCAD Express Tools Volumes 1-9
"{5783F2D7-6001-0409-0002-0060B0CE6BBA}" = AutoCAD 2008 - English
"{58381EE3-A57D-448F-BC8E-FFC66987615E}" = TaxCut New York 2007
"{5905F42D-3F5F-4916-ADA6-94A3646AEE76}" = Dell Driver Reset Tool
"{5ACE69F0-A3E8-44eb-88C1-0A841E700180}" = TrayApp
"{5B39603F-2A77-40E6-950D-ED7B8307933D}" = Microsoft IntelliPoint 5.3
"{5B6BE547-21E2-49CA-B2E2-6A5F470593B1}" = Sonic Activation Module
"{5C98A4FE-1F42-4F02-B738-F32886AE5467}" = Notebook Software
"{62BD0AE0-4EB1-4BBB-8F43-B6400C8FEB2C}" = AOLIcon
"{63AFACBC-4795-4A1B-8037-5085DC03FC54}" = Microsoft LifeCam
"{663E217E-FC26-4249-9E8E-F190CD63E737}" = TaxCut Premium + State 2007
"{66E6CE0C-5A1E-430C-B40A-0C90FF1804A8}" = eSupportQFolder
"{679EC478-3FF9-4987-B2FF-C2C2B27532A2}" = DocProc
"{683D93AD-D18D-4668-9DBD-A5BC5D7A1EA0}" = Mathematics Worksheet Factory 3.0
"{687FEF8A-8597-40b4-832C-297EA3F35817}" = BufferChm
"{6956856F-B6B3-4BE0-BA0B-8F495BE32033}" = Apple Software Update
"{69FDFBB6-351D-4B8C-89D8-867DC9D0A2A4}" = Windows Media Player Firefox Plugin
"{6B437F94-056F-4791-AF2C-0D10E2706AF0}" = PanoStandAlone
"{6D5FCA42-1486-4E32-AFE8-1B7E2AA59D33}" = Digital Content Portal
"{6E45BA47-383C-4C1E-8ED0-0D4845C293D7}" = Microsoft Plus! Digital Media Edition Installer
"{7299052b-02a4-4627-81f2-1818da5d550d}" = Microsoft Visual C++ 2005 Redistributable
"{74F7662C-B1DB-489E-A8AC-07A06B24978B}" = Dell System Restore
"{770657D0-A123-3C07-8E44-1C83EC895118}" = Microsoft Visual C++ 2005 ATL Update kb973923 - x86 8.0.50727.4053
"{7A1F1E81-A017-43EE-8A24-E88878164C91}" = SeaWorld Adventure Parks Tycoon 3D
"{7B3C7EFB-0D6B-4532-8441-C960AC30F931}" = Timeline Maker Professional 2.0
"{7B63B2922B174135AFC0E1377DD81EC2}" = DivX Codec
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{80533B67-C407-485D-8B5D-63BB8ED9D878}" = Scan
"{83F793B5-8BBF-42FD-A8A6-868CB3E2AAEA}" = Intel® PROSet for Wired Connections
"{8777AC6D-89F9-4793-8266-DE406F343E89}" = QFolder
"{87E2B986-07E8-477a-93DC-AF0B6758B192}" = DocProcQFolder
"{89F915D1-FD53-45E1-AA90-6D3234540A1F}" = Timeline Maker Professional 2.0
"{8A85DEAD-7C1F-4368-881C-72AC74CB2E91}" = UnloadSupport
"{8AB8D458-939E-403F-0097-9BA1C1F013D5}" = The Sims 2
"{90110409-6000-11D3-8CFE-0150048383C9}" = Microsoft Office Professional Edition 2003
"{90120000-0020-0409-0000-0000000FF1CE}" = Compatibility Pack for the 2007 Office system
"{91746221-0B6A-4572-BEE3-A4D587FF98EA}" = ebgcRes
"{9422C8EA-B0C6-4197-B8FC-DC797658CA00}" = Windows Live Sign-in Assistant
"{9941F0AA-B903-4AF4-A055-83A9815CC011}" = Sonic Encoders
"{9A346205-EA92-4406-B1AB-50379DA3F057}" = Autodesk DWF Viewer 7
"{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"{A040AC77-C1AA-4CC9-8931-9F648AF178F6}" = VC 9.0 Runtime
"{A07840FC-CE63-4CB8-8030-EF4B9805925A}" = HPPhotoSmartDiscLabel_PaperLabel
"{A0B9F8DF-C949-45ed-9808-7DC5C0C19C81}" = Status
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A429C2AE-EBF1-4F81-A221-1C115CAADDAD}" = QuickTime
"{A462213D-EED4-42C2-9A60-7BDD4D4B0B17}" = SigmaTel Audio
"{A5AB9D5E-52E2-440e-A3ED-9512E253C81A}" = SolutionCenter
"{A683A2C0-821C-486F-858C-FA634DB5E864}" = EducateU
"{A7E4ECCA-4A8E-4258-8EC8-2DCCF5B11320}" = Windows Live installer
"{AA9C1126-50DD-4993-9CDC-0BED8167293C}" = SMART Board Drivers
"{AADEA55D-C834-4BCB-98A3-4B8D1C18F4EE}" = Apple Mobile Device Support
"{AB5D51AE-EBC3-438D-872C-705C7C2084B0}" = DeviceManagementQFolder
"{AB708C9B-97C8-4AC9-899B-DBF226AC9382}" = Roxio RecordNow Audio
"{AC76BA86-1033-0000-7760-100000000002}" = Adobe Acrobat 7.0 Professional
"{ACDE260A-602B-4cfb-A650-D0DBA6FFAD85}" = NetDeviceManager
"{ADFB9653-F44C-460C-BF58-189CC552DFFE}" = hpphotosmartdisclabelplugin
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B0DF58A2-40DF-4465-AA56-38623EC9938C}" = Documentation & Support Launcher
"{B12665F4-4E93-4AB4-B7FC-37053B524629}" = Roxio RecordNow Copy
"{B13A7C41581B411290FBC0395694E2A9}" = DivX Converter
"{B3F5DDF3-D77D-42E7-90B8-54D91F73DBA8}" = Dove Reality Diaries
"{B4092C6D-E886-4CB2-BA68-FE5A88D31DE6}_is1" = Spybot - Search & Destroy
"{B4E91E95-A5BA-4E50-A465-DB7EFEB176E8}" = HPPhotoSmartDiscLabel_PrintOnDisc
"{B4FEA924-630D-11D4-B78E-005004566E4D}" = ViewSonic Monitor Drivers
"{B607C354-CD79-4D22-86D1-92DC94153F42}" = Apple Application Support
"{B6884A07-0305-47AE-9969-8F26FADC17DE}" = Games, Music, & Photos Launcher
"{B7050CBDB2504B34BC2A9CA0A692CC29}" = DivX Web Player
"{B93251B5-9209-4DAB-867C-AA98D91584CD}" = PowerDesk 6
"{b9be267c-e096-4cce-a4fd-f24eec004938}" = PS_AIO_02_ProductContext
"{BAD0FA60-09CF-4411-AE6A-C2844C8812FA}" = HP Photosmart Essential 2.5
"{BAF78226-3200-4DB4-BE33-4D922A799840}" = Windows Presentation Foundation
"{BBB33AD6-BCF7-4002-B6A0-6DC679AE5C18}" = TaxCut Premium + State + Efile 2008
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C3ABE126-2BB2-4246-BFE1-6797679B3579}" = LG USB Modem driver
"{C4124E95-5061-4776-8D5D-E3D931C778E1}" = Microsoft VC9 runtime libraries
"{c4549405-195f-4450-8865-6be9dc5ad136}" = PS_AIO_02_Software_Min
"{c600ab3d-8b64-41df-bf36-b3d87ce0706b}" = C7200_Help
"{C6141748-CA45-4F24-A519-2401F2CCA01D}" = TaxCut New Jersey 2008
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CB8251EE-C86B-410D-83B2-1E28E9DE2C2B}" = LG GSM PC Components
"{CCB9B81A-167F-4832-B305-D2A0430840B3}" = WebReg
"{cd0b9359-b716-4fd0-8e0a-09b3e312e8a4}" = PS_AIO_02_Software
"{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}" = SUPERAntiSpyware Free Edition
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{CECEB0FF-5C45-4b50-9A00-C596E36D88F4}" = C7200
"{D1A74FBB-CA8D-4CCA-9B89-BAAA436DB178}" = iTunes
"{D2023740-9AAC-11D4-B54D-006008571948}" = Pac-Man Adventures in Time
"{D2988E9B-C73F-422C-AD4B-A66EBE257120}" = MCU
"{D99A8E3A-AE5A-4692-8B19-6F16D454E240}" = Destination Component
"{DD3C88A0-C53C-41D0-A21B-6D021981D23E}" = HPPhotoSmartDiscLabelContent1
"{DF6A589A-7A1A-430C-9FF2-A0BDB42669DC}" = Search Assist
"{E08DC77E-D09A-4e36-8067-D6DBBCC5F8DC}" = VideoToolkit01
"{e0d14efd-5ce1-42c9-97dd-a782d4cf3f07}" = RelevantKnowledge
"{E56D39F8-2A9F-44B4-B068-A72E45A073E6}" = Safari
"{E6380875-C349-4CAD-B331-FF22632D44D4}" = Big Green Help
"{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"{F17FE8C5-193F-48B6-8EE2-BE8CCEE3E6FB}" = SonicWALL Global VPN Client
"{F42CD69D-E393-47c8-B2CD-B139C4ADA9A8}" = Copy
"{F6B2ED65-7378-4065-802D-F2E5689F3A4E}" = Photo Viewer
"{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1" = BitPim 1.0.6
"{FAA7F8FF-3C05-4A61-8F14-D8A6E9ED6623}" = ooVoo
"{FC1DE151-D85B-499E-9B7C-419C15D881E5}" = iPodCopy
"{FCD9CD52-7222-4672-94A0-A722BA702FD0}" = Dell Resource CD
"00BD1CD47675C125126C80095FCC12CFA4D311DB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"3DGroove" = OTOY
"A622B79B943ECA1F0AECF1FF5BE13D458F345EBB" = Windows Driver Package - FTDI CDM Driver Package (06/27/2007 2.02.04)
"AC3Filter" = AC3Filter (remove only)
"Adobe Acrobat 7.0 Professional - V" = Adobe Acrobat 7.1.0 Professional
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Photoshop Elements 1.0" = Adobe Photoshop Elements
"Adobe Shockwave Player" = Adobe Shockwave Player
"Adobe SVG Viewer" = Adobe SVG Viewer
"AIM_6" = AIM 6
"Amazon MP3 Downloader" = Amazon MP3 Downloader 1.0.5
"AOL Instant Messenger" = AOL Instant Messenger
"ATI Display Driver" = ATI Display Driver
"Audacity_is1" = Audacity 1.2.6
"AudioCS" = Creative Audio Console
"AutoCAD 2008 - English" = AutoCAD 2008 - English
"Autodesk Express Viewer" = Autodesk Express Viewer
"avast!" = avast! Antivirus
"AVGantiRootkit" = AVG Anti-Rootkit Free
"Azureus" = Azureus
"Babysitting Mania" = Babysitting Mania (remove only)
"BFGC" = Big Fish Games Client
"CAL" = Canon Camera Access Library
"CameraWindowDVC5" = Canon Camera Window DC_DV 5 for ZoomBrowser EX
"CameraWindowDVC6" = Canon Camera Window DC_DV 6 for ZoomBrowser EX
"CameraWindowMC" = Canon Camera Window MC 6 for ZoomBrowser EX
"Canon G.726 WMP-Decoder" = Canon G.726 WMP-Decoder
"Children's Encyclopedia" = Children's Encyclopedia
"Chocolatier Decadence by Design" = Chocolatier Decadence by Design (remove only)
"Cooking Academy" = Cooking Academy (remove only)
"Cricut DesignStudio" = Cricut DesignStudio
"CSCLIB" = Canon Camera Support Core Library
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"Dell Game Console" = Dell Game Console
"Diner Dash" = Diner Dash
"Disney Toontown Online" = Disney Toontown Online
"DivX Content Uploader" = DivX Content Uploader
"Ease Audio Converter_is1" = Ease Audio Converter 4.30
"EmeraldQFE2" = Windows Media Player 10 Hotfix [See EmeraldQFE2 for more information]
"EOS Utility" = Canon Utilities EOS Utility
"EphPod" = EphPod
"ERUNT_is1" = ERUNT 1.1j
"FamilyFeudOnlineParty" = FamilyFeudOnlineParty (remove only)
"Fashion Boutique" = Fashion Boutique
"FormatFactory" = FormatFactory 1.70
"HijackThis" = HijackThis 1.99.1
"Hijackthis_is1" = Hijackthis 1.99.1
"HP Imaging Device Functions" = HP Imaging Device Functions 10.0
"HP Photo & Imaging" = HP Image Zone 4.2
"HP Photosmart Essential" = HP Photosmart Essential 2.5
"HP Smart Web Printing" = HP Smart Web Printing
"HP Solution Center & Imaging Support Tools" = HP Solution Center 10.0
"HPOCR" = OCR Software by I.R.I.S. 10.0
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"Inspiration 8" = Inspiration 8
"InstallShield_{9CC4840D-EF1C-406F-AF08-3C19EB1335B9}" = Zoo Tycoon 2 - Ultimate Collection
"InstallShield_{EEFB15EB-FE8B-47DF-A496-1C4D1420294A}" = Doom 3
"iWinArcade" = iWin Games (remove only)
"Jewel Quest Solitaire" = Jewel Quest Solitaire (remove only)
"LimeWire" = LimeWire 4.16.2
"M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player_is1" = M4a/Flac/Ogg/Ape/Mpc Tag Support Plugin for Media Player v 1.1
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware
"MediaMonkey_is1" = MediaMonkey 3.1
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"MovieEditTask" = Canon MovieEdit Task for ZoomBrowser EX
"Mozilla Firefox (3.0.16)" = Mozilla Firefox (3.0.16)
"MSTTS" = Microsoft Text-to-Speech Engine 4.0 (English)
"Musicnotes Player_is1" = Musicnotes Player V1.23.1
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"Norton PC Checkup" = Norton PC Checkup
"Panda ActiveScan" = Panda ActiveScan
"Pdf995" = Pdf995 (installed by TaxCut)
"PdfEdit995" = PdfEdit995 (installed by TaxCut)
"PDF-XChange 3_is1" = PDF-XChange 3.5
"PeerGuardian_is1" = PeerGuardian 2.0
"PhotoStitch" = Canon Utilities PhotoStitch
"PROSet" = Intel® PRO Network Connections Drivers
"RAW Image Task" = Canon RAW Image Task for ZoomBrowser EX
"RealArcade 1.2" = RealArcade
"RealPlayer 6.0" = RealPlayer
"RemoteCaptureTask" = Canon RemoteCapture Task for ZoomBrowser EX
"Scholastic's I SPY Fantasy" = Scholastic's I SPY Fantasy
"Scholastic's I SPY Treasure Hunt" = Scholastic's I SPY Treasure Hunt
"Sibelius Scorch Plugin" = Sibelius Scorch Plugin
"Skype_is1" = Skype 2.5
"Sound Forge 5.0" = Sound Forge 5.0
"Spybot - Search & Destroy_is1" = Spybot - Search & Destroy 1.4
"SpywareBlaster_is1" = SpywareBlaster v3.5.1
"SpywareGuard_is1" = SpywareGuard v2.2
"TaxCut Premium 2006" = TaxCut Premium 2006
"The Princess Bride Game" = The Princess Bride Game (remove only)
"UnityWebPlayer" = Unity Web Player
"VCast Music Essentials Manager" = V CAST Music Manager
"ViewpointMediaPlayer" = Viewpoint Media Player
"voxware_is1" = Voxware Audio decoder 1.6
"WebcamMax" = WebcamMax
"WebCyberCoach_wtrb" = WebCyberCoach 3.2 Dell
"West_Point_Bridge_Designer_2007" = West Point Bridge Designer 2007
"WIC" = Windows Imaging Component
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"WinPatrol" = WinPatrol
"WinRAR archiver" = WinRAR archiver
"WMCSetup" = Windows Media Connect
"WMFDist11" = Windows Media Format 11 runtime
"WT009832" = Zoo Vet
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Xbox_360_CC_Driver" = Xbox 360 Controller for Windows
"XpsEPSC" = XML Paper Specification Shared Components Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"ZoneAlarm" = ZoneAlarm
"ZoneAlarmSB Uninstall" = ZoneAlarm Spy Blocker
"ZoomBrowser EX" = Canon Utilities ZoomBrowser EX

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"GoToMeeting" = GoToMeeting 4.0.0.320

========== Last 10 Event Log Errors ==========

[ Antivirus Events ]
Error - 11/12/2009 8:32:39 PM | Computer Name = MONKEYMACHINE | Source = avast! | ID = 33554522
Description = AAVM - scanning error: x_AavmCheckFileDirectEx: avfilesScanReal of
C:\Documents and Settings\Dan and Linda\Local Settings\Temporary Internet Files\Content.IE5\A9QRGNDS\json2.min[1].js
failed, 0000A413.

[ Application Events ]
Error - 12/27/2009 8:43:43 PM | Computer Name = MONKEYMACHINE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 12/27/2009 8:43:52 PM | Computer Name = MONKEYMACHINE | Source = STacSV | ID = 268435455
Description =

Error - 12/27/2009 9:16:04 PM | Computer Name = MONKEYMACHINE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 12/27/2009 9:16:10 PM | Computer Name = MONKEYMACHINE | Source = STacSV | ID = 268435455
Description =

Error - 12/27/2009 9:29:45 PM | Computer Name = MONKEYMACHINE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 12/27/2009 9:29:54 PM | Computer Name = MONKEYMACHINE | Source = STacSV | ID = 268435455
Description =

Error - 12/27/2009 9:34:06 PM | Computer Name = MONKEYMACHINE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 12/27/2009 9:34:15 PM | Computer Name = MONKEYMACHINE | Source = STacSV | ID = 268435455
Description =

Error - 12/27/2009 9:50:48 PM | Computer Name = MONKEYMACHINE | Source = Media Center Receiver | ID = 4
Description = TV tuner malfunction. (0xc0040597) WebcamMax, WDM Video Capture

Error - 12/27/2009 9:50:57 PM | Computer Name = MONKEYMACHINE | Source = STacSV | ID = 268435455
Description =

[ System Events ]
Error - 12/27/2009 9:53:56 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:53:58 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:53:59 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:54:00 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:54:00 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:54:04 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:54:04 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:54:04 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:54:04 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

Error - 12/27/2009 9:54:04 PM | Computer Name = MONKEYMACHINE | Source = DCOM | ID = 10005
Description = DCOM got error "%1058" attempting to start the service hpqcxs08 with
arguments "" in order to run the server: {1DAEDD8A-30ED-4585-9CF1-13BDF7791DDE}

< End of report >

#2 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 28 December 2009 - 08:29 AM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
SRV - File not found [Disabled | Stopped] -- -- (UMWdfsrservice)
O33 - MountPoints2\{17bdb15d-2024-11dc-954a-006073edb755}\Shell\AutoRun\command - "" = J:\travel&work.exe -- File not found
O33 - MountPoints2\{17bdb15d-2024-11dc-954a-006073edb755}\Shell\Shell00\Command - "" = J:\travel&work.exe -- File not found
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{be7b740a-ed9f-11db-94a8-006073edb755}\Shell\AutoRun\command - "" = J:\travel&work.exe -- File not found
O33 - MountPoints2\{be7b740a-ed9f-11db-94a8-006073edb755}\Shell\Shell00\Command - "" = J:\travel&work.exe -- File not found
[2009/12/27 19:29:02 | 00,021,504 | ---- | C] (Doug Knox) -- C:\Documents and Settings\Dan and Linda\Desktop\SysRestorePoint.exe
[2009/12/27 19:13:55 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\TFC.exe
[2009/12/27 18:08:37 | 00,284,915 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.zip
[2008/12/24 11:00:56 | 00,081,920 | R--- | C] () -- C:\WINDOWS\System32\srctrl.dll

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

Download ComboFix from one of these locations:

Link 1
Link 2

* IMPORTANT !!! Save ComboFix.exe to your Desktop

Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. If you don't know how to disable them then just continue on.
Double click on ComboFix.exe & follow the prompts.
As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.

**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image

Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image

Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt log in your next reply.

#3 need-hijack-help

Group: Member
Posts: 14
Joined: 19-May 07

Posted 28 December 2009 - 10:30 AM

Thanks for the guidance on this! I have included the OTL log file below. I also want to let you know that this morning, when I first turned on the computer it was worse than yesterday, and I ran another malwarebytes scan. It found a bunch of problems and I have included that log as well. I ran the malwarebytes scan before the combofix scan. I am also sending this reply from another computer until mine is fixed. Thank you very, very much for your help!

ComboFix 09-12-27.03 - Dan and Linda 12/28/2009 10:52:20.1.2 - x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2046.1479 [GMT -5:00]
Running from: c:\documents and settings\Dan and Linda\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1368 [VPS 091227-1] *On-access scanning disabled* (Updated) {7591DB91-41F0-48A3-B128-1A293FD8233D}
FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\Dan and Linda\Application Data\.#
c:\documents and settings\Dan and Linda\Application Data\.rdr.ini
c:\program files\INSTALL.LOG
c:\windows\Downloaded Program Files\popcaploader.inf
c:\windows\EventSystem.log
c:\windows\kb913800.exe
c:\windows\system32\_003658_.tmp.dll
c:\windows\system32\_003659_.tmp.dll
c:\windows\system32\_003660_.tmp.dll
c:\windows\system32\_003661_.tmp.dll
c:\windows\system32\_003666_.tmp.dll
c:\windows\system32\_003667_.tmp.dll
c:\windows\system32\_003668_.tmp.dll
c:\windows\system32\_003669_.tmp.dll
c:\windows\system32\_003670_.tmp.dll
c:\windows\system32\_003671_.tmp.dll
c:\windows\system32\_003672_.tmp.dll
c:\windows\system32\_003673_.tmp.dll
c:\windows\system32\_003674_.tmp.dll
c:\windows\system32\_003675_.tmp.dll
c:\windows\system32\_003676_.tmp.dll
c:\windows\system32\_003677_.tmp.dll
c:\windows\system32\_003678_.tmp.dll
c:\windows\system32\_003679_.tmp.dll
c:\windows\system32\_003680_.tmp.dll
c:\windows\system32\_003681_.tmp.dll
c:\windows\system32\_003682_.tmp.dll
c:\windows\system32\_003683_.tmp.dll
c:\windows\system32\_003684_.tmp.dll
c:\windows\system32\_003685_.tmp.dll
c:\windows\system32\_003686_.tmp.dll
c:\windows\system32\_003687_.tmp.dll
c:\windows\system32\_003688_.tmp.dll
c:\windows\system32\_003689_.tmp.dll
c:\windows\system32\_003690_.tmp.dll
c:\windows\system32\_003691_.tmp.dll
c:\windows\system32\_003692_.tmp.dll
c:\windows\system32\_003693_.tmp.dll
c:\windows\system32\_003694_.tmp.dll
c:\windows\system32\_003695_.tmp.dll
c:\windows\system32\_003696_.tmp.dll
c:\windows\system32\_003697_.tmp.dll
c:\windows\system32\_003698_.tmp.dll
c:\windows\system32\_003699_.tmp.dll
c:\windows\system32\_003700_.tmp.dll
c:\windows\system32\_003701_.tmp.dll
c:\windows\system32\_003702_.tmp.dll
c:\windows\system32\_003703_.tmp.dll
c:\windows\system32\_003704_.tmp.dll
c:\windows\system32\_003705_.tmp.dll
c:\windows\system32\_003706_.tmp.dll
c:\windows\system32\_003707_.tmp.dll
c:\windows\system32\_003708_.tmp.dll
c:\windows\system32\_003709_.tmp.dll
c:\windows\system32\_003710_.tmp.dll
c:\windows\system32\_003711_.tmp.dll
c:\windows\system32\_003713_.tmp.dll
c:\windows\system32\_003714_.tmp.dll
c:\windows\system32\_003716_.tmp.dll
c:\windows\system32\_003717_.tmp.dll
c:\windows\system32\_003718_.tmp.dll
c:\windows\system32\_003719_.tmp.dll
c:\windows\system32\_003720_.tmp.dll
c:\windows\system32\_003721_.tmp.dll
c:\windows\system32\_003722_.tmp.dll
c:\windows\system32\_003723_.tmp.dll
c:\windows\system32\_003724_.tmp.dll
c:\windows\system32\_003725_.tmp.dll
c:\windows\system32\_003726_.tmp.dll
c:\windows\system32\_003728_.tmp.dll
c:\windows\system32\_003729_.tmp.dll
c:\windows\system32\_003730_.tmp.dll
c:\windows\system32\_003731_.tmp.dll
c:\windows\system32\_003733_.tmp.dll
c:\windows\system32\_003735_.tmp.dll
c:\windows\system32\_003736_.tmp.dll
c:\windows\system32\_003737_.tmp.dll
c:\windows\system32\_003738_.tmp.dll
c:\windows\system32\_003739_.tmp.dll
c:\windows\system32\_003740_.tmp.dll
c:\windows\system32\_003741_.tmp.dll
c:\windows\system32\_003742_.tmp.dll
c:\windows\system32\_003744_.tmp.dll
c:\windows\system32\_003745_.tmp.dll
c:\windows\system32\_003746_.tmp.dll
c:\windows\system32\_003747_.tmp.dll
c:\windows\system32\_003748_.tmp.dll
c:\windows\system32\_003749_.tmp.dll
c:\windows\system32\_003750_.tmp.dll
c:\windows\system32\_003751_.tmp.dll
c:\windows\system32\_003752_.tmp.dll
c:\windows\system32\_003753_.tmp.dll
c:\windows\system32\_003754_.tmp.dll
c:\windows\system32\_003755_.tmp.dll
c:\windows\system32\_003756_.tmp.dll
c:\windows\system32\_003757_.tmp.dll
c:\windows\system32\_003758_.tmp.dll
c:\windows\system32\_003759_.tmp.dll
c:\windows\system32\_003760_.tmp.dll
c:\windows\system32\_003761_.tmp.dll
c:\windows\system32\_003763_.tmp.dll
c:\windows\system32\_003764_.tmp.dll
c:\windows\system32\_003765_.tmp.dll
c:\windows\system32\_003766_.tmp.dll
c:\windows\system32\_003767_.tmp.dll
c:\windows\system32\_003769_.tmp.dll
c:\windows\system32\_003770_.tmp.dll
c:\windows\system32\_003772_.tmp.dll
c:\windows\system32\_003773_.tmp.dll
c:\windows\system32\_003774_.tmp.dll
c:\windows\system32\_003775_.tmp.dll
c:\windows\system32\_003776_.tmp.dll
c:\windows\system32\_003777_.tmp.dll
c:\windows\system32\_003778_.tmp.dll
c:\windows\system32\_003779_.tmp.dll
c:\windows\system32\_003780_.tmp.dll
c:\windows\system32\_003781_.tmp.dll
c:\windows\system32\_003782_.tmp.dll
c:\windows\system32\_003784_.tmp.dll
c:\windows\system32\_003785_.tmp.dll
c:\windows\system32\_003786_.tmp.dll
c:\windows\system32\_003787_.tmp.dll
c:\windows\system32\_003789_.tmp.dll
c:\windows\system32\_003790_.tmp.dll
c:\windows\system32\_003793_.tmp.dll
c:\windows\system32\_003794_.tmp.dll
c:\windows\system32\_003798_.tmp.dll
c:\windows\system32\_003799_.tmp.dll
c:\windows\system32\_003801_.tmp.dll
c:\windows\system32\_003803_.tmp.dll
c:\windows\system32\_003804_.tmp.dll
c:\windows\system32\_003806_.tmp.dll
c:\windows\system32\_003807_.tmp.dll
c:\windows\system32\_003808_.tmp.dll
c:\windows\system32\_003809_.tmp.dll
c:\windows\system32\_003812_.tmp.dll
c:\windows\system32\_003813_.tmp.dll
c:\windows\system32\_003814_.tmp.dll
c:\windows\system32\_003815_.tmp.dll
c:\windows\system32\_003816_.tmp.dll
c:\windows\system32\_003821_.tmp.dll
c:\windows\system32\_003823_.tmp.dll
c:\windows\system32\3224795903.dat

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_iWinGamesInstaller

((((((((((((((((((((((((( Files Created from 2009-11-28 to 2009-12-28 )))))))))))))))))))))))))))))))
.

2009-12-28 15:23 . 2009-12-28 15:23 -------- d-----w- C:\_OTL
2009-12-27 14:30 . 2009-12-27 14:30 -------- d-----w- c:\program files\TeaTimer (Spybot - Search & Destroy)
2009-12-27 14:30 . 2009-12-27 14:30 -------- d-----w- c:\program files\SDHelper (Spybot - Search & Destroy)
2009-12-27 14:30 . 2009-12-27 14:30 -------- d-----w- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2009-12-27 14:30 . 2009-12-27 14:30 -------- d-----w- c:\program files\File Scanner Library (Spybot - Search & Destroy)

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-12-28 15:22 . 2008-09-16 01:47 -------- d-----w- c:\documents and settings\Dan and Linda\Application Data\U3
2009-12-27 20:16 . 2007-05-20 17:08 -------- d-----w- c:\program files\SpywareBlaster
2009-12-27 17:18 . 2009-02-28 23:18 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-12-27 17:06 . 2008-07-15 01:37 -------- d-----w- c:\program files\iWin Games
2009-12-27 16:27 . 2006-06-16 00:34 -------- d-----w- c:\program files\Google
2009-12-27 15:17 . 2007-05-14 04:00 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-12-27 14:35 . 2007-05-14 04:00 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-12-27 06:52 . 2009-03-27 01:06 95360 ----a-w- c:\windows\system32\drivers\atapi.sys
2009-12-27 03:13 . 2007-05-20 17:12 -------- d-----w- c:\program files\SpywareGuard
2009-12-20 18:04 . 2007-04-14 19:50 -------- d-----w- c:\documents and settings\Dan and Linda\Application Data\Azureus
2009-12-20 18:04 . 2007-04-14 19:43 -------- d-----w- c:\program files\PeerGuardian2
2009-12-20 17:59 . 2007-04-14 19:35 -------- d-----w- c:\program files\Azureus
2009-12-18 11:38 . 2007-05-20 12:16 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-12-03 21:14 . 2009-02-28 23:18 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-12-03 21:13 . 2009-02-28 23:18 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-24 23:54 . 2009-04-11 20:03 1280480 ----a-w- c:\windows\system32\aswBoot.exe
2009-11-24 23:51 . 2009-04-11 20:04 93424 ----a-w- c:\windows\system32\drivers\aswmon.sys
2009-11-24 23:50 . 2009-04-11 20:04 94160 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2009-11-24 23:50 . 2009-04-11 20:04 114768 ----a-w- c:\windows\system32\drivers\aswSP.sys
2009-11-24 23:50 . 2009-04-11 20:04 20560 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2009-11-24 23:49 . 2009-04-11 20:04 48560 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2009-11-24 23:48 . 2009-04-11 20:04 23120 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2009-11-24 23:47 . 2009-04-11 20:04 27408 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2009-11-24 23:47 . 2009-04-11 20:04 97480 ----a-w- c:\windows\system32\AvastSS.scr
2009-11-24 12:04 . 2009-11-24 12:04 -------- d-----w- c:\program files\Schoolhouse Technologies
2009-11-21 23:26 . 2009-11-21 22:58 -------- d-----w- c:\program files\SMART Technologies
2009-11-21 23:25 . 2009-11-21 23:10 -------- d-----w- c:\documents and settings\All Users\Application Data\SMART Technologies
2009-11-21 23:10 . 2009-11-21 23:10 -------- d-----w- c:\documents and settings\Dan and Linda\Application Data\SMART Technologies Inc
2009-11-21 23:10 . 2009-11-21 22:58 -------- d-----w- c:\program files\Common Files\SMART Technologies
2009-11-01 18:24 . 2009-11-01 18:23 -------- d-----w- c:\program files\iTunes
2009-11-01 18:23 . 2009-11-01 18:23 -------- d-----w- c:\program files\iPod
2009-11-01 18:23 . 2007-09-02 14:22 -------- d-----w- c:\program files\Common Files\Apple
2009-10-29 07:46 . 2005-08-16 08:18 832512 ----a-w- c:\windows\system32\wininet.dll
2009-10-29 07:46 . 2005-08-16 08:18 78336 ----a-w- c:\windows\system32\ieencode.dll
2009-10-29 07:46 . 2005-08-16 08:18 17408 ----a-w- c:\windows\system32\corpol.dll
2009-10-21 06:00 . 2005-08-16 08:18 75776 ----a-w- c:\windows\system32\strmfilt.dll
2009-10-21 06:00 . 2005-08-16 08:18 25088 ----a-w- c:\windows\system32\httpapi.dll
2009-10-20 14:58 . 2009-03-27 01:07 263552 ----a-w- c:\windows\system32\drivers\http.sys
2009-10-13 10:53 . 2005-08-16 08:18 266752 ----a-w- c:\windows\system32\oakley.dll
2009-10-12 13:54 . 2005-08-16 08:18 112128 ----a-w- c:\windows\system32\rastls.dll
2009-10-12 13:54 . 2005-08-16 08:18 69632 ----a-w- c:\windows\system32\raschap.dll
2009-10-04 19:14 . 2006-06-24 22:09 270088 ----a-w- c:\documents and settings\Dan and Linda\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2008-07-12 16:15 . 2008-07-12 16:15 0 ----a-w- c:\program files\temp01
2007-02-26 13:23 . 2007-02-26 13:23 774144 ----a-w- c:\program files\RngInterstitial.dll
2006-06-29 21:17 . 2006-06-28 01:34 88 --sh--r- c:\windows\system32\699918FB8A.sys
2006-06-29 21:17 . 2006-06-28 01:34 3766 --sha-w- c:\windows\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-12-18 2002160]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2006-06-28 230976]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-16 981384]
"CTxfiHlp"="CTXFIHLP.EXE" [2008-07-11 19968]
"avast!"="c:\progra~1\ALWILS~1\Avast4\ashDisp.exe" [2009-11-24 81000]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-10-29 141600]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2009-04-28 39408]
"Exetender"="c:\program files\Free Ride Games\GPlayer.exe" [2008-06-17 2057728]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 53760]

c:\documents and settings\Dan and Linda\Start Menu\Programs\Startup\
Dialog Helper.lnk - c:\program files\VCOM\PowerDesk\pddlghlp.exe [2004-8-2 40960]
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]
SpywareGuard.lnk - c:\program files\SpywareGuard\sgmain.exe [2003-8-29 360448]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2007-10-14 214360]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-23 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-06 12:10 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\Microsoft Games\\Zoo Tycoon 2\\zt.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeCam.exe"=
"c:\\Program Files\\Microsoft LifeCam\\LifeExp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpiscnapp.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\iWin Games\\iWinGames.exe"=
"c:\\Program Files\\iWin Games\\WebUpdater.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\AIM6\\aim6.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCGui.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\SMARTSNMPAgent.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\UCService.exe"=
"c:\\Program Files\\SMART Technologies\\SMART Board Drivers\\WebServer.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37674:TCP"= 37674:TCP:ooVoo TCP port 37674
"37674:UDP"= 37674:UDP:ooVoo UDP port 37674
"37675:UDP"= 37675:UDP:ooVoo UDP port 37675
"443:UDP"= 443:UDP:*:Disabled:ooVoo UDP port 443

R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [4/11/2009 3:04 PM 114768]
R1 RCFOX;SonicWALL IPsec Driver;c:\windows\system32\drivers\RCFOX.SYS [5/7/2007 7:19 PM 91136]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\SASDIFSV.SYS [10/10/2006 11:53 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2/27/2007 10:39 AM 74480]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [4/11/2009 3:04 PM 20560]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;c:\windows\system32\drivers\CAMTHWDM.sys [7/15/2009 2:27 PM 941784]
R2 iWinTrusted;iWinTrusted;c:\program files\iWin Games\iWinTrusted.exe [3/15/2009 2:29 PM 78104]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [6/15/2009 6:42 PM 24652]
R2 X4HSX32Ex;X4HSX32Ex;c:\program files\Free Ride Games\X4HSX32Ex.sys [11/12/2008 7:37 PM 29856]
R3 rcvpn;SonicWALL VPN Adapter;c:\windows\system32\drivers\rcvpn.sys [6/25/2006 4:53 PM 23180]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2/16/2006 3:51 PM 4096]
S3 SMART SNMP Agent Service;SMART SNMP Agent Service;c:\program files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe [9/17/2009 11:43 AM 1049896]
S3 SMART Web Server;SMART Web Server;c:\program files\SMART Technologies\SMART Board Drivers\WebServer.exe [9/17/2009 11:43 AM 1258792]
S4 0260971179115609mcinstcleanup;McAfee Application Installer Cleanup (0260971179115609);c:\docume~1\DANAND~1\LOCALS~1\Temp\026097~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service --> c:\docume~1\DANAND~1\LOCALS~1\Temp\026097~1.EXE c:\progra~1\COMMON~1\McAfee\INSTAL~1\cleanup.ini -cleanup -nolog -service [?]
S4 Creative Audio Engine Licensing Service;Creative Audio Engine Licensing Service;c:\program files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [9/15/2008 7:10 PM 79360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
HPService REG_MULTI_SZ HPSLPSVC
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = iexplore
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
Trusted Zone: auerbachconsultants.com\mail.ny
Trusted Zone: cvs.com\www
Trusted Zone: excite.com\www
Trusted Zone: k12.nj.us\stufile.riverdell
Trusted Zone: qvc.com\www
DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} - hxxp://aolsvc.aol.com/onlinegames/free-trial-doggie-dash/DoggieDash.1.0.0.6.cab
FF - ProfilePath - c:\documents and settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/
FF - plugin: c:\documents and settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}\plugins\npGoogleGadgetPluginFirefoxWin.dll
FF - plugin: c:\documents and settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll
FF - plugin: c:\program files\Free Ride Games\npExentCtl.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\np-mswmp.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npmusicn.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF - plugin: c:\program files\Real\RealArcade\Plugins\Mozilla\npracplug.dll
FF - plugin: c:\program files\Unity\WebPlayer\loader\npUnity3D32.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.
- - - - ORPHANS REMOVED - - - -

SafeBoot-AVG Anti-Spyware Driver
SafeBoot-AVG Anti-Spyware Guard
AddRemove-Children's Encyclopedia - c:\windows\uninst.exe -rDK Multimedia\Children's Encyclopedia\1.0.0
AddRemove-WebCyberCoach_wtrb - c:\program files\WebCyberCoach\b_Dell\WCC_Wipe.exe WebCyberCoach ext\wtrb
AddRemove-{e0d14efd-5ce1-42c9-97dd-a782d4cf3f07} - c:\windows\system32\rlvknlg.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-12-28 11:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
CTxfiHlp = CTXFIHLP.EXE?

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-971993284-1774959694-2366912202-1005\Software\Microsoft\Windows\CurrentVersion\Shell Extensions\Approved\{6BB743C1-37FA-8D27-29BD-1B981E57C8AF}*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
"ianpnkpbpmcdioachh"=hex:6a,61,6c,6f,6c,65,67,68,62,67,63,6d,6e,63,6e,6e,69,63,
6f,69,00,00
"hadadlcegkknjjlk"=hex:69,61,69,70,61,64,61,69,61,69,6a,6a,6c,6d,61,63,67,6e,
00,00

[HKEY_LOCAL_MACHINE\software\DeterministicNetworks\DNE\Parameters]
"SymbolicLinkValue"=hex(6):5c,00,52,00,65,00,67,00,69,00,73,00,74,00,72,00,79,
00,5c,00,4d,00,41,00,43,00,48,00,49,00,4e,00,45,00,5c,00,53,00,79,00,73,00,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1192)
c:\program files\SUPERAntiSpyware\SASWINLO.DLL
c:\windows\system32\WININET.dll

- - - - - - - > 'explorer.exe'(2296)
c:\windows\system32\WININET.dll
c:\program files\VCOM\PowerDesk\pddlghlp.dll
c:\program files\BillP Studios\WinPatrol\PATROLPRO.DLL
c:\windows\system32\ctagent.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\mshtml.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\Ati2evxx.exe
c:\program files\Alwil Software\Avast4\aswUpdSv.exe
c:\program files\Alwil Software\Avast4\ashServ.exe
c:\program files\Creative\Shared Files\CTAudSvc.exe
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\windows\system32\CTsvcCDA.exe
c:\windows\eHome\ehRecvr.exe
c:\windows\eHome\ehSched.exe
c:\program files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
c:\windows\ehome\mcrdsvc.exe
c:\windows\system32\dllhost.exe
c:\windows\system32\CTXFIHLP.EXE
c:\windows\SYSTEM32\CTXFISPI.EXE
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-12-28 11:24:52 - machine was rebooted
ComboFix-quarantined-files.txt 2009-12-28 16:24
ComboFix2.txt 2007-05-26 02:05

Pre-Run: 123,822,538,752 bytes free
Post-Run: 123,708,907,520 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Windows XP Media Center Edition" /noexecute=optin /fastdetect

Current=1 Default=1 Failed=0 LastKnownGood=6 Sets=1,2,3,4,5,6
- - End Of File - - 015CC34954370DD2944CA3CFADAE4B87

-----------------------------------------
Malwarebytes log:

Malwarebytes' Anti-Malware 1.42
Database version: 3442
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/28/2009 8:54:40 AM
mbam-log-2009-12-28 (08-54-40).txt

Scan type: Quick Scan
Objects scanned: 126986
Time elapsed: 6 minute(s), 18 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 1
Registry Data Items Infected: 7
Folders Infected: 0
Files Infected: 7

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\Desktop\General\wallpaper (Hijack.Wallpaper) -> Quarantined and deleted successfully.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: c:\windows\system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Trojan.FakeAlert) -> Data: system32\winlogon86.exe -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Userinit (Hijack.Userinit) -> Bad: (C:\WINDOWS\system32\winlogon86.exe) Good: (Userinit.exe) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\activedesktop\NoChangingWallpaper (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoActiveDesktopChanges (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetActiveDesktop (Hijack.DisplayProperties) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Dan and Linda\Local Settings\Temporary Internet Files\Content.IE5\KQ48ILLO\eHf7c0d601V03f01630002Re261e2b7102Tbcf8c89fQ000002fc901807F002a000aJ01000601l0409K91c2aa9e316P000001070[1] (Rootkit.MBR) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\critical_warning.html (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winupdate86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\AVR10.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winhelper86.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\41.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Winlogon86.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.

#4 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 28 December 2009 - 11:43 AM

hi

Please download OTM

Save it to your desktop.
Please double-click OTM to run it. (Note: If you are running on Vista, right-click on the file and choose Run As Administrator).
Copy the lines in the codebox below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):
```
:Processes

:Services

:Reg

:Files
c:\program files\temp01
:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]
```
Return to OTM, right click in the "Paste Instructions for Items to be Moved" window (under the yellow bar) and choose Paste.
Click the red Moveit! button.
Copy everything in the Results window (under the green bar) to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose copy), and paste it in your next reply.
Close OTM and reboot your PC.

Note: If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes. In this case, after the reboot, open Notepad (Start->All Programs->Accessories->Notepad), click File->Open, in the File Name box enter *.log and press the Enter key, navigate to the C:\_OTMoveIt\MovedFiles folder, and open the newest .log file present, and copy/paste the contents of that document back here in your next post.

Download TFC to your desktop

Open the file and close any other windows.
It will close all programs itself when run, make sure to let it run uninterrupted.
Click the Start button to begin the process. The program should not take long to finish its job
Once its finished it should reboot your machine, if not, do this yourself to ensure a complete clean

Please download Malwarebytes' Anti-Malware from Here

Double Click mbam-setup.exe to install the application.

Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select "Perform Quick Scan", then click Scan.
The scan may take some time to finish,so please be patient.
When the scan is complete, click OK, then Show Results to view the results.
Make sure that everything is checked, and click Remove Selected.
When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
Copy&Paste the entire report in your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.

Go to Kaspersky website and perform an online antivirus scan.

Read through the requirements and privacy statement and click on Accept button.
It will start downloading and installing the scanner and virus definitions. You will be prompted to install an application from Kaspersky. Click Run.
When the downloads have finished, click on Settings.
Make sure these boxes are checked (ticked). If they are not, please tick them and click on the Save button:
Click on My Computer under Scan.
Once the scan is complete, it will display the results. Click on View Scan Report.
You will see a list of infected items there. Click on Save Report As....
Save this report to a convenient place. Change the Files of type to Text file (.txt) before clicking on the Save button. Then post it here.

#5 need-hijack-help

Group: Member
Posts: 14
Joined: 19-May 07

Posted 28 December 2009 - 05:22 PM

OK- I had some trouble with the kaspersky web site. It took over 4 hours and crashed before I could get the report. I will try that again. here is the other info in the meantime. thanks again

OTM log:
All processes killed
========== PROCESSES ==========
========== SERVICES/DRIVERS ==========
========== REGISTRY ==========
========== FILES ==========
c:\program files\temp01 moved successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

[EMPTYTEMP]

User: 0828f77c29086e3647

User: Administrator
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes

User: All Users

User: Dan and Linda
->Temp folder emptied: 1834566 bytes
->Temporary Internet Files folder emptied: 2219835 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes
->Google Chrome cache emptied: 0 bytes
->Apple Safari cache emptied: 0 bytes

User: Default User
->Temporary Internet Files folder emptied: 0 bytes

User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32902 bytes

User: Nature Grl
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
->Java cache emptied: 0 bytes
->FireFox cache emptied: 0 bytes

User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes

User: Splash Mary

%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 33688 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temp folder emptied: 0 bytes
%systemroot%\system32\config\systemprofile\Local Settings\Temporary Internet Files folder emptied: 64741 bytes
RecycleBin emptied: 0 bytes

Total Files Cleaned = 4.00 mb

OTM by OldTimer - Version 3.1.4.0 log created on 12282009_131629

Files moved on Reboot...
C:\Documents and Settings\Dan and Linda\Local Settings\Temp\~DF2F04.tmp moved successfully.
File C:\WINDOWS\temp\_avast4_\Webshlock.txt not found!
C:\WINDOWS\temp\Perflib_Perfdata_2f0.dat moved successfully.
File C:\WINDOWS\temp\ZLT074ab.TMP not found!

Registry entries deleted on Reboot...

------------------------------------------------------------------------------------------------------------
MBAM log:

Malwarebytes' Anti-Malware 1.42
Database version: 3444
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/28/2009 1:37:22 PM
mbam-log-2009-12-28 (13-37-22).txt

Scan type: Quick Scan
Objects scanned: 125948
Time elapsed: 7 minute(s), 57 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#6 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 28 December 2009 - 05:46 PM

#7 need-hijack-help

Group: Member
Posts: 14
Joined: 19-May 07

Posted 28 December 2009 - 09:54 PM

OK -here is the kaspersky site report file - thanks!:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, December 28, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, December 28, 2009 22:49:17
Records in database: 3414453
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
F:\
G:\
H:\

Scan statistics:
Objects scanned: 181244
Threats found: 2
Infected objects found: 2
Suspicious objects found: 0
Scan duration: 03:57:22

File name / Threat / Threats count
C:\Dan\Music\Downloads\freeripmp3.exe Infected: not-a-virus:WebToolbar.Win32.MyWebSearch.br 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.y 1

Selected area has been scanned.

#8 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 29 December 2009 - 07:10 AM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL

:Services

:Reg

:Files
C:\Dan\Music\Downloads\freeripmp3.exe

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done
Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

#9 need-hijack-help

Group: Member
Posts: 14
Joined: 19-May 07

Posted 29 December 2009 - 07:39 AM

OK, here is the OTL scan log:

OTL logfile created on: 12/29/2009 8:33:48 AM - Run 2
OTL by OldTimer - Version 3.1.20.1 Folder = C:\Documents and Settings\Dan and Linda\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 7.0.5730.11)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.00 Gb Total Physical Memory | 1.00 Gb Available Physical Memory | 68.00% Memory free
4.00 Gb Paging File | 3.00 Gb Available in Paging File | 86.00% Paging File free
Paging file location(s): C:\pagefile.sys 2046 4092 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 228.13 Gb Total Space | 116.08 Gb Free Space | 50.88% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: MONKEYMACHINE
Current User Name: Dan and Linda
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: On
Skip Microsoft Files: On
File Age = 14 Days
Output = Standard
Quick Scan

========== Processes (SafeList) ==========

PRC - [2009/12/27 18:44:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
PRC - [2009/12/18 06:38:40 | 02,002,160 | ---- | M] (SUPERAntiSpyware.com) -- C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE
PRC - [2009/11/24 18:51:40 | 00,081,000 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashDisp.exe
PRC - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashServ.exe
PRC - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
PRC - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
PRC - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
PRC - [2009/10/28 20:21:26 | 00,141,600 | ---- | M] (Apple Inc.) -- C:\Program Files\iTunes\iTunesHelper.exe
PRC - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) -- C:\Program Files\iPod\bin\iPodService.exe
PRC - [2009/09/17 11:42:40 | 02,647,336 | ---- | M] (SMART Technologies) -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe
PRC - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
PRC - [2009/03/15 14:29:04 | 00,078,104 | ---- | M] (iWin Inc.) -- C:\Program Files\iWin Games\iWinTrusted.exe
PRC - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) -- C:\WINDOWS\system32\ZoneLabs\vsmon.exe
PRC - [2009/02/15 23:10:22 | 00,981,384 | ---- | M] (Check Point Software Technologies LTD) -- C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe
PRC - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) -- C:\Program Files\Bonjour\mDNSResponder.exe
PRC - [2008/07/11 14:50:26 | 00,019,968 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\Ctxfihlp.exe
PRC - [2008/07/11 14:46:44 | 00,969,216 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTxfispi.exe
PRC - [2008/04/30 09:27:50 | 00,417,792 | ---- | M] (Creative Technology Ltd) -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe
PRC - [2007/06/13 05:23:07 | 01,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/06/28 18:47:18 | 00,230,976 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) -- C:\WINDOWS\system32\ati2evxx.exe
PRC - [2004/08/02 15:55:12 | 00,040,960 | ---- | M] (V Communications, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.exe
PRC - [2003/08/29 18:05:35 | 00,360,448 | ---- | M] () -- C:\Program Files\SpywareGuard\sgmain.exe
PRC - [2003/08/29 10:14:56 | 00,233,472 | ---- | M] () -- C:\Program Files\SpywareGuard\sgbhp.exe
PRC - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTSVCCDA.EXE

========== Modules (SafeList) ==========

MOD - [2009/12/27 18:44:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
MOD - [2006/08/25 10:45:55 | 01,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll
MOD - [2006/06/28 18:47:26 | 00,042,552 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\patrolpro.dll
MOD - [2005/11/08 07:30:42 | 00,007,168 | ---- | M] (Creative Technology Ltd) -- C:\WINDOWS\system32\CTAGENT.DLL
MOD - [2004/08/10 04:00:00 | 00,413,696 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\msvcp60.dll
MOD - [2004/08/02 15:29:34 | 00,081,920 | ---- | M] (V Communications, Inc.) -- C:\Program Files\VCOM\PowerDesk\pddlghlp.dll

========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (0260971179115609mcinstcleanup) McAfee Application Installer Cleanup (0260971179115609)
SRV - [2009/11/24 18:51:35 | 00,138,680 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\ashServ.exe -- (avast! Antivirus)
SRV - [2009/11/24 18:51:21 | 00,254,040 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe -- (avast! Mail Scanner)
SRV - [2009/11/24 18:48:48 | 00,352,920 | ---- | M] (ALWIL Software) [On_Demand | Running] -- C:\Program Files\Alwil Software\Avast4\ashWebSv.exe -- (avast! Web Scanner)
SRV - [2009/11/24 18:43:56 | 00,018,752 | ---- | M] (ALWIL Software) [Auto | Running] -- C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe -- (aswUpdSv)
SRV - [2009/10/28 20:21:14 | 00,545,568 | ---- | M] (Apple Inc.) [On_Demand | Running] -- C:\Program Files\iPod\bin\iPodService.exe -- (iPod Service)
SRV - [2009/09/17 11:43:30 | 01,049,896 | ---- | M] (SMART Technologies ULC) [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTSNMPAgent.exe -- (SMART SNMP Agent Service)
SRV - [2009/09/17 11:43:16 | 01,258,792 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\SMART Technologies\SMART Board Drivers\WebServer.exe -- (SMART Web Server)
SRV - [2009/09/17 11:42:40 | 02,647,336 | ---- | M] (SMART Technologies) [Auto | Running] -- C:\Program Files\SMART Technologies\SMART Board Drivers\SMARTBoardService.exe -- (SMART Board Service)
SRV - [2009/06/05 10:48:14 | 00,144,712 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe -- (Apple Mobile Device)
SRV - [2009/04/28 10:27:55 | 00,182,768 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe -- (gusvc)
SRV - [2009/03/15 14:29:04 | 00,078,104 | ---- | M] (iWin Inc.) [Auto | Running] -- C:\Program Files\iWin Games\iWinTrusted.exe -- (iWinTrusted)
SRV - [2009/02/15 23:10:22 | 02,402,184 | ---- | M] (Check Point Software Technologies LTD) [Auto | Running] -- C:\WINDOWS\System32\ZoneLabs\vsmon.exe -- (vsmon)
SRV - [2008/12/12 10:17:38 | 00,238,888 | ---- | M] (Apple Inc.) [Auto | Running] -- C:\Program Files\Bonjour\mDNSResponder.exe -- (Bonjour Service)
SRV - [2008/09/15 19:10:03 | 00,079,360 | ---- | M] (Creative Labs) [Disabled | Stopped] -- C:\Program Files\Common Files\Creative Labs Shared\Service\CTAELicensing.exe -- (Creative Audio Engine Licensing Service)
SRV - [2008/07/23 12:54:10 | 00,185,632 | ---- | M] (Protexis Inc.) [Disabled | Stopped] -- C:\Program Files\Common Files\Protexis\License Service\PsiService_2.exe -- (PSI_SVC_2)
SRV - [2008/04/30 09:27:50 | 00,417,792 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\Program Files\Creative\Shared Files\CTAudSvc.exe -- (CTAudSvcService)
SRV - [2008/01/16 18:14:20 | 00,053,760 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZipm12.dll -- (Pml Driver HPZ12)
SRV - [2008/01/16 18:14:18 | 00,043,520 | ---- | M] (Hewlett-Packard) [Auto | Running] -- C:\WINDOWS\system32\HPZinw12.dll -- (Net Driver HPZ12)
SRV - [2007/11/11 10:22:28 | 00,085,096 | ---- | M] (Autodesk) [Disabled | Stopped] -- C:\Program Files\Common Files\Autodesk Shared\Service\AdskScSrv.exe -- (Autodesk Licensing Service)
SRV - [2007/11/06 20:16:54 | 00,217,088 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqcxs08.dll -- (hpqcxs08)
SRV - [2007/11/06 20:16:54 | 00,139,264 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\hpqddsvc.dll -- (hpqddsvc)
SRV - [2007/10/25 15:27:54 | 00,266,240 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\installer\WLSetupSvc.exe -- (WLSetupSvc)
SRV - [2007/10/18 11:31:54 | 00,098,328 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Windows Live\Messenger\usnsvc.exe -- (usnjsvc)
SRV - [2007/10/14 20:15:52 | 00,663,552 | ---- | M] (Hewlett-Packard Co.) [Disabled | Stopped] -- C:\Program Files\HP\Digital Imaging\bin\HPSLPSVC32.DLL -- (HPSLPSVC)
SRV - [2007/09/05 20:25:04 | 00,204,800 | ---- | M] (IDT, Inc.) [Auto | Stopped] -- C:\WINDOWS\system32\stacsv.exe -- (STacSV)
SRV - [2007/05/17 16:45:33 | 00,271,720 | ---- | M] (Microsoft Corporation) [Disabled | Stopped] -- C:\Program Files\Microsoft LifeCam\MSCamS32.exe -- (MSCamSvc)
SRV - [2007/03/07 14:47:46 | 00,076,848 | ---- | M] () [Disabled | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 16:38:08 | 00,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 17:12:30 | 00,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2005/09/30 18:22:50 | 00,096,341 | ---- | M] (Canon Inc.) [Disabled | Stopped] -- C:\Program Files\Canon\CAL\CALMAIN.exe -- (CCALib8)
SRV - [2005/08/04 03:02:58 | 00,380,928 | ---- | M] (ATI Technologies Inc.) [Auto | Running] -- C:\WINDOWS\system32\ati2evxx.exe -- (Ati HotKey Poller)
SRV - [2005/04/03 23:41:10 | 00,069,632 | ---- | M] (Macrovision Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe -- (IDriverT)
SRV - [2004/11/19 10:26:40 | 00,147,456 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2004/10/15 09:12:38 | 00,131,072 | ---- | M] (SonicWALL, Inc.) [On_Demand | Stopped] -- C:\Program Files\SonicWALL\SonicWALL Global VPN Client\RampartSvc.exe -- (RampartSvc)
SRV - [2003/07/28 11:28:22 | 00,089,136 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Common Files\Microsoft Shared\Source Engine\OSE.EXE -- (ose)
SRV - [1999/12/12 20:01:00 | 00,044,032 | ---- | M] (Creative Technology Ltd) [Auto | Running] -- C:\WINDOWS\system32\CTSVCCDA.EXE -- (Creative Service for CDROM Access)

========== Standard Registry (SafeList) ==========

========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = http://www.google.com/ig/dell?hl=en&cl...&channel=us
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = http://www.google.com/ig/dell?hl=en&cl...&channel=us

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultName = Google
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,SearchMigratedDefaultURL = http://www.google.com/search?q={searchTerm...tf8&oe=utf8
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========

FF - prefs.js..browser.startup.homepage: "http://www.google.com/"
FF - prefs.js..extensions.enabledItems: autofillForms@blueimp.net:0.9.5.2
FF - prefs.js..extensions.enabledItems: {0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}:5.8.809.8522
FF - prefs.js..extensions.enabledItems: {98e34367-8df7-42b4-837b-20b892ff0847}:1.2
FF - prefs.js..extensions.enabledItems: moveplayer@movenetworks.com:1.0.0.071303000006
FF - prefs.js..extensions.enabledItems: {D6D05E6F-D5C1-4e03-8E33-73F92B05E262}:10.2

FF - HKLM\software\mozilla\Firefox\Extensions\\{98e34367-8df7-42b4-837b-20b892ff0847}: C:\Program Files\iWin Games\firefox\ [2008/09/20 19:42:52 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2009/12/27 11:58:20 | 00,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.0.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2009/12/16 19:27:40 | 00,000,000 | ---D | M]

[2008/08/16 08:03:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Extensions
[2009/12/26 15:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions
[2008/12/10 19:48:37 | 00,000,000 | ---D | M] (Google Gadget Plugin) -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\{0FFCC8D1-8198-4b2f-9A96-2B4D4A65ECC9}
[2009/02/08 20:32:10 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\autofillForms@blueimp.net
[2009/06/20 21:13:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Mozilla\Firefox\Profiles\2c25c97z.default\extensions\moveplayer@movenetworks.com
[2009/12/26 15:38:06 | 00,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2009/11/21 17:59:12 | 00,000,000 | ---D | M] (SMART Notebook Extension) -- C:\Program Files\Mozilla Firefox\extensions\{D6D05E6F-D5C1-4e03-8E33-73F92B05E262}
[2009/01/22 18:12:08 | 00,284,248 | ---- | M] (Musicnotes, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npmusicn.dll
[2007/04/16 12:07:12 | 00,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: (98 bytes) - C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (Adobe PDF Reader Link Helper) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (SpywareGuardDLBLOCK.CBrowserHelper) - {4A368E80-174F-4872-96B5-0B27DDD11DB2} - C:\Program Files\SpywareGuard\dlprotect.dll ()
O2 - BHO: (Spybot-S&D IE Protection) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\DLA\DLASHX_W.DLL (Sonic Solutions)
O2 - BHO: (SSVHelper Class) - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_01\bin\ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (Adobe PDF Conversion Toolbar Helper) - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - c:\Program Files\BAE\BAE.dll (Dell Inc.)
O3 - HKLM\..\Toolbar: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O3 - HKCU\..\Toolbar\WebBrowser: (Adobe PDF) - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O4 - HKLM..\Run: [avast!] C:\Program Files\Alwil Software\Avast4\ashDisp.exe (ALWIL Software)
O4 - HKLM..\Run: [CTxfiHlp] C:\WINDOWS\System32\Ctxfihlp.exe (Creative Technology Ltd)
O4 - HKLM..\Run: [iTunesHelper] C:\Program Files\iTunes\iTunesHelper.exe (Apple Inc.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe (BillP Studios)
O4 - HKLM..\Run: [ZoneAlarm Client] C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe (Check Point Software Technologies LTD)
O4 - HKCU..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE (SUPERAntiSpyware.com)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Dan and Linda\Start Menu\Programs\Startup\Dialog Helper.lnk = C:\Program Files\VCOM\PowerDesk\pddlghlp.exe (V Communications, Inc.)
O4 - Startup: C:\Documents and Settings\Dan and Linda\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\Dan and Linda\Start Menu\Programs\Startup\SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Convert link target to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert link target to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selected links to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert selection to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to Adobe PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O8 - Extra context menu item: Convert to existing PDF - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll (Adobe Systems Incorporated)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_01\bin\npjpi160_01.dll (Sun Microsystems, Inc.)
O9 - Extra Button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe (America Online, Inc.)
O9 - Extra Button: HP Smart Select - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll (Hewlett-Packard Co.)
O9 - Extra 'Tools' menuitem : Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll (Safer Networking Limited)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKLM\..Trusted Domains: 15 domain(s) and sub-domain(s) not assigned to a zone.
O15 - HKCU\..Trusted Domains: auerbachconsultants.com ([mail.ny] https in Trusted sites)
O15 - HKCU\..Trusted Domains: cvs.com ([www] * in Trusted sites)
O15 - HKCU\..Trusted Domains: excite.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: k12.nj.us ([stufile.riverdell] https in Trusted sites)
O15 - HKCU\..Trusted Domains: qvc.com ([www] http in Trusted sites)
O15 - HKCU\..Trusted Domains: 434 domain(s) and sub-domain(s) not assigned to a zone.
O16 - DPF: {05CA9FB0-3E3E-4B36-BF41-0E3A5CAA8CD8} http://download.microsoft.com/download/e/7.../OGAControl.cab (Office Genuine Advantage Validation Tool)
O16 - DPF: {1239CC52-59EF-4DFA-8C61-90FFA846DF7E} http://www.musicnote...ad/mnviewer.cab (Musicnotes Viewer)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macromedia.com/pub/shockwa...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {233C1507-6A77-46A4-9443-F871F945D258} http://fpdownload.macromedia.com/pub/shock...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {3DCEC959-378A-4922-AD7E-FD5C925D927F} http://disney.go.com/pirates/online/testAc...OnlineGames.cab (Disney Online Games ActiveX Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://www1.snapfish...fishActivia.cab (Snapfish Activia)
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} http://www.update.microsoft.com/microsoftu...b?1180577985743 (WUWebControl Class)
O16 - DPF: {6715D12F-213F-4C6E-ACE1-8A363F550B96} http://aolsvc.aol.com/onlinegames/free-tri...ash.1.0.0.6.cab (CPlayFirstDoggieDashControl Object)
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} http://www.update.microsoft.com/microsoftu...b?1180577974990 (MUWebControl Class)
O16 - DPF: {77E32299-629F-43C6-AB77-6A1E6D7663F6} http://atv.disney.go...y/OTOYAX29b.cab (Groove Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/update/1.6.0/jinstall-...ows-i586-jc.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.macromedia.com/get/flash...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {9600F64D-755F-11D4-A47F-0001023E6D5A} http://web1.shutterf...ds/Uploader.cab (Shutterfly Picture Upload Plugin)
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} http://acs.pandasoft...free/asinst.cab (ActiveScan Installer Class)
O16 - DPF: {A8F2B9BD-A6A0-486A-9744-18920D898429} http://www.sibelius.com/download/software/...tiveXPlugin.cab (ScorchPlugin Class)
O16 - DPF: {B516CA4E-A5BA-405C-AFCF-A97F08CC7429} http://aolsvc.aol.com/onlinegames/free-tri...esPlayer_v4.cab (GoBit Games Player)
O16 - DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/update/1.6.0/jinstall-...indows-i586.cab (Java Plug-in 1.6.0_01)
O16 - DPF: {CC32D4D8-2A0B-4CEB-B105-C9B968379105} https://disney.go.com/games/downloads/gamem...GameManager.cab (CGameManagerCtrl Object)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload2.macromedia.com/get/shoc...ash/swflash.cab (Shockwave Flash Object)
O16 - DPF: {E473A65C-8087-49A3-AFFD-C5BC4A10669B} http://mvnet.xlontec...2ie06101001.cab (Quantum Streaming IE Player Class)
O16 - DPF: {EA6246B4-F380-443F-8727-9AEA3371146C} http://aolsvc.aol.com/onlinegames/free-tri...sh.1.0.0.47.cab (CPlayFirstWeddingDashControl Object)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 167.206.245.129 167.206.245.130
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\Windows Live\Messenger\msgrapp.8.5.1302.1018.dll (Microsoft Corporation)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - Winlogon\Notify\!SASWinLogon: DllName - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL (SUPERAntiSpyware.com)
O28 - HKLM ShellExecuteHooks: {5AE067D3-9AFB-48E0-853A-EBB7F4A000DA} - C:\Program Files\SUPERAntiSpyware\SASSEH.DLL (SuperAdBlocker.com)
O28 - HKLM ShellExecuteHooks: {81559C35-8464-49F7-BB0E-07A383BEF910} - C:\Program Files\SpywareGuard\spywareguard.dll ()
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 00,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - comfile [open] -- "%1" %*
O35 - exefile [open] -- "%1" %*

========== Files/Folders - Created Within 14 Days ==========

[2009/12/28 13:16:29 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/28 13:11:33 | 04,844,264 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dan and Linda\Desktop\mbam-setup.exe
[2009/12/28 13:11:33 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTM.exe
[2009/12/28 13:11:33 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\TFC.exe
[2009/12/28 11:54:22 | 00,000,000 | -HSD | C] -- C:\RECYCLER
[2009/12/28 10:36:32 | 00,000,000 | RHSD | C] -- C:\cmdcons
[2009/12/28 10:32:34 | 00,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2009/12/28 10:32:34 | 00,161,792 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2009/12/28 10:32:34 | 00,136,704 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2009/12/28 10:30:22 | 00,000,000 | ---D | C] -- C:\Qoobox
[2009/12/28 10:23:22 | 00,000,000 | ---D | C] -- C:\_OTL
[2009/12/27 18:44:06 | 00,513,536 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
[2009/12/27 09:30:22 | 00,000,000 | ---D | C] -- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
[2009/12/27 09:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\SDHelper (Spybot - Search & Destroy)
[2009/12/27 09:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\Misc. Support Library (Spybot - Search & Destroy)
[2009/12/27 09:30:21 | 00,000,000 | ---D | C] -- C:\Program Files\File Scanner Library (Spybot - Search & Destroy)
[2009/04/11 16:32:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\NetworkService\Application Data\Microsoft
[2009/04/11 16:32:19 | 00,000,000 | --SD | M] -- C:\Documents and Settings\LocalService\Application Data\Microsoft
[2009/04/11 16:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Microsoft
[2009/04/11 16:32:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Microsoft
[2008/12/22 22:17:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2008/12/22 21:52:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2007/09/21 05:50:00 | 00,000,000 | ---D | M] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Apple
[2007/05/12 09:07:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Neopets Toolbar
[2007/05/12 09:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Google
[2007/05/12 09:07:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\Google
[2007/02/26 08:23:52 | 00,774,144 | ---- | C] (RealNetworks, Inc.) -- C:\Program Files\RngInterstitial.dll
[2006/12/12 09:47:24 | 00,033,792 | R--- | C] ( ) -- C:\WINDOWS\System32\a3d.dll
[2006/06/24 08:35:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\LocalService\Application Data\McAfee.com Personal Firewall
[24 C:\WINDOWS\Fonts\*.tmp files -> C:\WINDOWS\Fonts\*.tmp -> ]
[1 C:\Documents and Settings\Dan and Linda\My Documents\*.tmp files -> C:\Documents and Settings\Dan and Linda\My Documents\*.tmp -> ]

========== Files - Modified Within 14 Days ==========

[2009/12/29 08:33:20 | 00,528,892 | ---- | M] () -- C:\WINDOWS\System32\PerfStringBackup.INI
[2009/12/29 08:33:20 | 00,445,986 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2009/12/29 08:33:20 | 00,072,808 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2009/12/29 08:29:52 | 00,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2009/12/29 08:29:31 | 00,350,196 | ---- | M] () -- C:\WINDOWS\System32\vsconfig.xml
[2009/12/29 08:28:45 | 00,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2009/12/29 08:28:30 | 00,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2009/12/29 08:27:40 | 14,155,776 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\NTUSER.DAT
[2009/12/29 08:27:40 | 00,064,984 | ---- | M] () -- C:\WINDOWS\System32\DVCState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/12/29 08:27:40 | 00,055,316 | ---- | M] () -- C:\WINDOWS\System32\BMXStateBkp-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/12/29 08:27:40 | 00,055,316 | ---- | M] () -- C:\WINDOWS\System32\BMXState-{00000003-00000000-00000002-00001102-00000005-10031102}.rfx
[2009/12/29 08:27:40 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settingsbkup.sfm
[2009/12/29 08:27:40 | 00,001,080 | ---- | M] () -- C:\WINDOWS\System32\settings.sfm
[2009/12/29 08:27:29 | 00,000,278 | -HS- | M] () -- C:\Documents and Settings\Dan and Linda\ntuser.ini
[2009/12/29 08:26:02 | 00,000,098 | ---- | M] () -- C:\WINDOWS\System32\drivers\etc\Hosts
[2009/12/29 08:20:27 | 00,044,032 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\My Documents\passwords.xls
[2009/12/28 18:11:53 | 00,002,883 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\kaspersky report.html
[2009/12/28 13:12:26 | 00,000,696 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2009/12/28 12:53:44 | 04,844,264 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dan and Linda\Desktop\mbam-setup.exe
[2009/12/28 12:52:26 | 00,410,624 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\TFC.exe
[2009/12/28 12:52:14 | 00,452,096 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTM.exe
[2009/12/28 11:09:12 | 00,000,243 | ---- | M] () -- C:\WINDOWS\system.ini
[2009/12/28 10:36:39 | 00,000,279 | RHS- | M] () -- C:\boot.ini
[2009/12/28 10:11:24 | 03,867,535 | R--- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\ComboFix.exe
[2009/12/27 18:44:07 | 00,513,536 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTL.exe
[2009/12/27 15:45:25 | 00,756,544 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2009/12/27 15:44:33 | 13,107,200 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\NTUSER.bak
[2009/12/27 09:33:41 | 00,000,933 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\Spybot - Search & Destroy.lnk
[2009/12/26 21:16:12 | 02,154,896 | -H-- | M] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\IconCache.db
[2009/12/26 16:35:53 | 00,001,475 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\Windows Explorer.lnk
[2009/12/24 10:30:56 | 00,002,626 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2009/12/23 15:30:23 | 00,002,497 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\Word 2003.lnk
[2009/12/20 11:01:16 | 00,171,520 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2009/12/15 11:24:48 | 00,293,376 | ---- | M] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.exe
[1 C:\Documents and Settings\Dan and Linda\My Documents\*.tmp files -> C:\Documents and Settings\Dan and Linda\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2009/12/28 18:11:53 | 00,002,883 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Desktop\kaspersky report.html
[2009/12/28 10:36:38 | 00,000,209 | ---- | C] () -- C:\Boot.bak
[2009/12/28 10:36:34 | 00,260,272 | ---- | C] () -- C:\cmldr
[2009/12/28 10:32:36 | 00,077,312 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2009/12/28 10:32:34 | 00,261,632 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2009/12/28 10:32:34 | 00,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2009/12/28 10:32:34 | 00,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2009/12/28 10:32:34 | 00,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2009/12/28 10:19:21 | 03,867,535 | R--- | C] () -- C:\Documents and Settings\Dan and Linda\Desktop\ComboFix.exe
[2009/12/27 18:08:46 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.exe
[2009/07/15 14:27:17 | 00,941,784 | ---- | C] () -- C:\WINDOWS\System32\drivers\CAMTHWDM.sys
[2008/12/14 11:51:32 | 00,001,330 | ---- | C] () -- C:\WINDOWS\TLMPRO.INI
[2008/12/14 11:50:12 | 00,000,933 | ---- | C] () -- C:\WINDOWS\SSCE.INI
[2008/12/14 11:46:50 | 00,000,088 | RHS- | C] () -- C:\Documents and Settings\All Users\Application Data\699918FB8A.sys
[2008/12/14 11:46:49 | 00,000,952 | -HS- | C] () -- C:\Documents and Settings\All Users\Application Data\KGyGaAvL.sys
[2008/09/10 21:54:36 | 00,000,347 | ---- | C] () -- C:\WINDOWS\CTWave32.INI
[2008/09/10 21:52:52 | 00,000,029 | ---- | C] () -- C:\WINDOWS\sfbm.INI
[2008/08/29 08:08:31 | 00,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2008/07/11 14:50:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\System32\CtxfiRes.dll
[2008/07/11 14:50:28 | 00,003,072 | ---- | C] () -- C:\WINDOWS\CTXFIRES.DLL
[2008/04/06 17:38:48 | 00,000,028 | ---- | C] () -- C:\WINDOWS\pdf995.ini
[2008/03/14 00:53:22 | 00,110,592 | ---- | C] () -- C:\WINDOWS\System32\JPeg32.dll
[2007/12/22 16:52:47 | 00,015,498 | R--- | C] () -- C:\WINDOWS\VX1000.ini
[2007/08/18 09:31:32 | 00,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/06/10 11:51:16 | 00,000,024 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\73648-88365-27475-00IP7-22847
[2007/05/20 09:00:40 | 00,011,776 | ---- | C] () -- C:\WINDOWS\System32\ZPORT4AS.dll
[2007/05/19 12:39:42 | 00,796,312 | ---- | C] () -- C:\WINDOWS\System32\libeay32_0.9.6l.dll
[2007/05/13 22:49:31 | 00,005,765 | ---- | C] () -- C:\WINDOWS\System32\windev-peers(2).ini
[2007/03/31 15:46:40 | 00,000,082 | ---- | C] () -- C:\WINDOWS\ka.ini
[2007/03/31 15:08:19 | 00,012,288 | ---- | C] () -- C:\WINDOWS\impborl.dll
[2007/03/15 12:47:48 | 00,053,760 | ---- | C] () -- C:\WINDOWS\System32\BuEResNT.dll
[2007/03/05 13:34:28 | 00,676,224 | ---- | C] () -- C:\WINDOWS\System32\OGACheckControl.DLL
[2007/03/04 10:08:59 | 00,000,142 | ---- | C] () -- C:\WINDOWS\wpd99.drv
[2007/03/04 10:08:43 | 00,051,716 | ---- | C] () -- C:\WINDOWS\System32\pdf995mon.dll
[2007/02/22 23:29:56 | 03,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/01/30 18:31:46 | 00,002,850 | ---- | C] () -- C:\WINDOWS\EaseAudioConverter.ini
[2006/12/12 11:24:42 | 00,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2006/12/02 16:53:23 | 00,000,331 | ---- | C] () -- C:\WINDOWS\doom3.ini
[2006/11/11 20:47:30 | 00,000,004 | -H-- | C] () -- C:\WINDOWS\uccspecb.sys
[2006/10/29 17:09:05 | 00,000,000 | ---- | C] () -- C:\WINDOWS\mtstack16.INI
[2006/09/02 08:38:29 | 00,088,576 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\rbap550.dll
[2006/09/02 08:38:29 | 00,073,728 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\RBRegEx550.dll
[2006/09/02 08:38:29 | 00,044,032 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\MBSMainPlugin3542.dll
[2006/09/02 08:38:29 | 00,033,792 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\MBSIconPlugin3542.dll
[2006/09/02 08:38:29 | 00,029,184 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\RBInternetEncodings550.dll
[2006/09/02 08:38:29 | 00,027,648 | -H-- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\MBSRegistrationPlugin3542.dll
[2006/08/06 11:19:43 | 00,010,240 | ---- | C] () -- C:\WINDOWS\System32\vidx16.dll
[2006/07/07 10:19:42 | 00,001,377 | ---- | C] () -- C:\WINDOWS\hegames.ini
[2006/07/07 10:16:53 | 00,001,591 | ---- | C] () -- C:\WINDOWS\disney.ini
[2006/07/07 10:14:35 | 00,000,565 | ---- | C] () -- C:\WINDOWS\Spidey.ini
[2006/07/04 15:01:07 | 00,000,187 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\G-Force Prefs (WindowsMediaPlayer).txt
[2006/06/28 21:16:03 | 00,004,096 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Application Data\dvd.bmk
[2006/06/28 15:24:40 | 00,002,572 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/06/27 20:53:28 | 00,008,496 | ---- | C] () -- C:\WINDOWS\lviewpro.ini
[2006/06/27 20:34:10 | 00,003,766 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/06/27 20:34:10 | 00,000,088 | RHS- | C] () -- C:\WINDOWS\System32\699918FB8A.sys
[2006/06/26 21:15:07 | 00,000,102 | ---- | C] () -- C:\WINDOWS\VSWizard.ini
[2006/06/25 15:28:53 | 00,000,098 | ---- | C] () -- C:\WINDOWS\cdplayer.ini
[2006/06/25 10:04:44 | 00,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/06/25 09:44:16 | 00,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2006/06/25 09:08:54 | 00,171,520 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/24 17:18:32 | 00,002,318 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\hpzinstall.log
[2006/06/24 08:11:12 | 00,000,136 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Local Settings\Application Data\fusioncache.dat
[2006/06/15 19:39:48 | 00,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/06/15 19:33:16 | 00,000,155 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/06/15 18:58:36 | 00,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/04/14 09:37:26 | 00,000,032 | ---- | C] () -- C:\WINDOWS\aceg.ini
[2005/11/22 02:28:04 | 00,050,432 | ---- | C] () -- C:\WINDOWS\System32\claptn.ini
[2005/11/10 07:56:34 | 00,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/11/08 07:43:30 | 00,038,400 | ---- | C] () -- C:\WINDOWS\System32\CTBurst.dll
[2005/09/05 01:10:28 | 00,000,053 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2005/08/16 03:37:24 | 00,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 13:01:54 | 00,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2003/03/21 04:56:10 | 00,000,194 | ---- | C] () -- C:\WINDOWS\System32\kill.ini

========== LOP Check ==========

[2009/01/24 17:56:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2008/08/13 17:51:52 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Aliasworlds
[2007/11/13 20:26:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autodesk
[2008/10/09 16:15:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fitn17
[2008/11/12 19:39:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Free Ride Games
[2009/03/29 19:23:22 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FreeRIP
[2008/10/01 09:58:13 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Fugazo
[2008/07/12 10:30:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\GoBit Games
[2008/02/24 14:47:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Gogii
[2009/04/11 16:33:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Grisoft
[2008/07/21 09:29:28 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\HipSoft
[2008/09/30 11:50:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin
[2008/07/14 20:37:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\iWin Games
[2008/02/24 14:31:20 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\JollyBear
[2007/09/22 07:39:19 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MailFrontier
[2008/08/16 08:08:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2008/06/25 12:25:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\NeoEdge Networks
[2008/09/13 16:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Oberon Games
[2008/12/11 15:58:24 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\pdf995
[2009/03/15 14:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2008/05/23 19:42:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PopCap
[2008/09/20 19:39:36 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2009/11/21 18:25:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SMART Technologies
[2009/02/10 20:18:48 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TaxCut
[2009/06/08 17:01:29 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2008/11/15 09:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Valusoft
[2009/06/15 18:42:17 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2009/07/15 14:28:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WebcamMax
[2007/05/07 20:39:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\WildTangent
[2009/03/19 15:50:05 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2009/10/01 15:29:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/19 12:28:21 | 00,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2009/01/24 17:56:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\acccore
[2006/06/25 10:33:14 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Aim
[2009/08/16 17:41:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Amazon
[2007/11/13 20:26:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Autodesk
[2009/12/20 13:04:54 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Azureus
[2008/09/06 16:14:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\BeachPartyCraze
[2009/03/15 14:31:40 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Boolat Games
[2008/10/05 13:49:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\EleFun Games
[2008/02/24 14:11:37 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Eyeblaster
[2008/08/03 12:00:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Gaijin Ent
[2008/09/30 14:37:43 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Gamelab
[2008/08/14 21:19:56 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Go-Go Gourmet Chef of the Year
[2008/08/24 16:50:01 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Home Sweet Home
[2008/09/14 08:03:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Home Sweet Home 2
[2008/02/24 15:34:53 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Hulabee
[2008/10/22 18:30:34 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Inspiration Software
[2009/03/24 17:39:45 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\iWin
[2008/07/14 20:38:06 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\iWinArcade
[2008/08/22 14:04:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\IWin_Janes_Realty
[2007/03/03 18:14:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Jamdat
[2008/07/17 10:50:59 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Jane s Hotel
[2006/06/26 21:16:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Leadertech
[2007/04/24 20:46:11 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\MagicBall3
[2008/07/21 09:24:55 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Meridian93
[2006/06/27 17:49:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Neopets Toolbar
[2008/09/13 16:43:39 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Oberon Games
[2009/06/15 17:06:26 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\ooVoo Details
[2008/12/11 15:57:50 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\pdf995
[2007/03/02 14:15:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\pixelStorm
[2009/03/15 14:37:25 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\PlayFirst
[2008/12/14 11:51:12 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Progeny
[2008/08/30 15:10:07 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\SBTT
[2009/11/21 18:10:09 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\SMART Technologies Inc
[2006/11/12 21:20:47 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Snapfish
[2008/11/15 09:44:49 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\SulusGames
[2008/12/11 15:57:58 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\TaxCut
[2008/08/15 17:22:42 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Teggo
[2008/11/15 09:37:32 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Valusoft
[2006/06/25 16:30:03 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\VCOM
[2007/01/18 13:20:23 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Viewpoint
[2008/11/15 09:59:15 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\ViquaSoft
[2009/07/15 14:28:04 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\Webcammax
[2006/07/06 15:49:18 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\WildTangent
[2006/07/10 19:48:30 | 00,000,000 | ---D | M] -- C:\Documents and Settings\Dan and Linda\Application Data\WinPatrol

========== Purity Check ==========

========== Alternate Data Streams ==========

@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E80EB80C
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7377F1F0
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:47417312
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:30261F39
@Alternate Data Stream - 99 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C42CD73
@Alternate Data Stream - 98 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4E6B8D68
@Alternate Data Stream - 94 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:89C2A42C
@Alternate Data Stream - 163 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:98F0614F
@Alternate Data Stream - 152 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0D74540D
@Alternate Data Stream - 144 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E6540C35
@Alternate Data Stream - 141 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C5DF7C58
@Alternate Data Stream - 138 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F3F95A98
@Alternate Data Stream - 132 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A33DC717
@Alternate Data Stream - 131 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:175A5CD9
@Alternate Data Stream - 130 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C4870D32
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A65DC98A
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5F280981
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5A6EA835
@Alternate Data Stream - 128 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:03C75FD1
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E106B617
@Alternate Data Stream - 127 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6F99A630
@Alternate Data Stream - 125 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7E22C00F
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E4FCDFD9
@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:354E094D
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F8342E7B
@Alternate Data Stream - 123 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:99B66030
@Alternate Data Stream - 122 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:5402E4B9
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6253983
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7867C00C
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:522EA216
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:1DA424AA
@Alternate Data Stream - 121 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C19FC3F
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:F69BB936
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:D9092478
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:ADD788AD
@Alternate Data Stream - 117 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4B970D7A
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E855BDCF
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:C90C4DBA
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6B520784
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:52067872
@Alternate Data Stream - 116 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2DD00E73
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:672C5D08
@Alternate Data Stream - 115 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:38EDA867
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:619D6FE6
@Alternate Data Stream - 114 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0B7C7BAE
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:7B653AA4
@Alternate Data Stream - 112 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:0C4D34AD
@Alternate Data Stream - 109 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:969C0C96
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:E027C556
@Alternate Data Stream - 107 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:4072646B
@Alternate Data Stream - 104 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:33611CFB
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:32BD974D
@Alternate Data Stream - 102 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:24E8169B
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:A6E981A9
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:877DEA57
@Alternate Data Stream - 101 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:2A2493EF
@Alternate Data Stream - 100 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:538B96B5
< End of report >

#10 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 29 December 2009 - 08:08 AM

hi

Run OTL

Under the Custom Scans/Fixes box at the bottom, paste in the following

:OTL
[2009/12/28 13:16:29 | 00,000,000 | ---D | C] -- C:\_OTM
[2009/12/28 13:11:33 | 04,844,264 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Dan and Linda\Desktop\mbam-setup.exe
[2009/12/28 13:11:33 | 00,452,096 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\OTM.exe
[2009/12/28 13:11:33 | 00,410,624 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Dan and Linda\Desktop\TFC.exe
[2009/12/27 18:08:46 | 00,293,376 | ---- | C] () -- C:\Documents and Settings\Dan and Linda\Desktop\gmer.exe

:Services

:Reg

:Files

:Commands
[purity]
[resethosts]
[emptytemp]
[Reboot]

Then click the Run Fix button at the top
Let the program run unhindered, reboot the PC when it is done

update mbam run a quick scan post that log

also tell me how its running

#11 need-hijack-help

Group: Member
Posts: 14
Joined: 19-May 07

Posted 29 December 2009 - 08:41 AM

hello - things are running MUCH better, I think I am in good shape -I cant thank you enough!! this is a great site that I have had to use a few times in the past. I dont understand how this virus got through, I am running all the recommended programs, avast, supperanit spyware, etc. what can I do to prevent this (other than keeping my daughter off the computer!)? here is the mbam scan log: thanks again!!

Malwarebytes' Anti-Malware 1.42
Database version: 3449
Windows 5.1.2600 Service Pack 2
Internet Explorer 7.0.5730.11

12/29/2009 9:39:47 AM
mbam-log-2009-12-29 (09-39-47).txt

Scan type: Quick Scan
Objects scanned: 126021
Time elapsed: 8 minute(s), 38 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#12 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 29 December 2009 - 08:44 AM

Your logs are clean

Follow these steps to uninstall Combofix and tools used in the removal of malware

Uninstall ComboFix

Remove Combofix now that we're done with it.

Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
Now type in Combofix /Uninstall in the runbox and click OK. (Notice the space between the "x" and "/")
Please follow the prompts to uninstall Combofix.
You will then recieve a message saying Combofix was uninstalled successfully once it's done uninstalling itself.

Download OTC to your desktop and run it
Click Yes to beginning the Cleanup process and remove these components, including this application.
You will be asked to reboot the machine to finish the Cleanup process. Choose Yes.

Please download JavaRa to your desktop and unzip it to its own folder

Run JavaRa.exe, pick the language of your choice and click Select. Then click Remove Older Versions.
Accept any prompts.
Open JavaRa.exe again and select Search For Updates.
Select Update Using Sun Java's Website then click Search and click on the Open Webpage button. Download and install the latest Java Runtime Environment (JRE) version for your computer.

Below I have included a number of recommendations for how to protect your computer against malware infections.

Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.
SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.
SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.
Make Internet Explorer more secure
- Click Start > Run
- Type Inetcpl.cpl & click OK
- Click on the Security tab
- Click Reset all zones to default level
- Make sure the Internet Zone is selected & Click Custom level
- In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
- Next Click OK, then Apply button and then OK to exit the Internet Properties page.
TFC - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.
MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.
Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

If you choose to use Firefox, I highly recommend these add-ons to keep your PC even more secure.
- NoScript - for blocking ads and other potential website attacks
- McAfee SiteAdvisor - this tells you whether the sites you are about to visit are safe or not. A must if you do a lot of Googling
Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
FileHippo Update Checker is an extremely helpful program that will tell you which of your programs need to be updated. Its important to keep programs up to date so that malware doesn't exploit any old security flaws.
Recovery Console - Recent trends appear to indicate that future infections will include attacks to the boot sector of the computer. The installation of the Recovery Console in the computer will be our only defense against this threat. For more information and steps to install the Recovery Console see This Article. Should you need assistance in installing the Recovery Console, please do not hesitate to ask.
Please read my guide on how to prevent malware and about safe computing here

Thank you for your patience, and performing all of the procedures requested.

#13 need-hijack-help

Group: Member
Posts: 14
Joined: 19-May 07

Posted 29 December 2009 - 04:59 PM

Just wanted to say thanks again. Things seem to be working fine, and I have also installed you suggested programs. I appreciate all the help!

#14 Rorschach112

Group: Retired Staff
Posts: 47,710
Joined: 23-March 07

Posted 29 December 2009 - 05:58 PM

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Back to Virus, Spyware, Malware Removal

Share this topic:

Page 1 of 1

Please log in to reply

Google redirect virus - NEED HELP! [Solved] - Geeks to Go Forums