Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Cant remove virus help

Started by TraceeMack , May 14 2010 06:46 AM

  • Please log in to reply

#1
TraceeMack
Posted 14 May 2010 - 06:46 AM

TraceeMack

    Member

  • Member
  • PipPip
  • 10 posts
Ive ran mbam in safemode and while it removed two of the viruses it did not remove them all. I keep getting a pop up on my screen every couple of sec that says "Application cannot be execute. The file wuauclt.exe is infected. Do you want to activate your antivirus software now?" Another pop up saying my computer is being attacked by a internet virus.

help :)
  • 0

Advertisements

#2
kahdah
Posted 14 May 2010 - 06:59 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Hello TraceeMack

Welcome to G2Go. :)
Please do this in Safe Mode
=====================
  • Download OTL to your desktop.
  • Double click the OTL.exe to start the program.
  • When the window appears, underneath Output at the top change it to Minimal Output.
  • Under the Standard Registry box change it to All.
  • Under Custom scan's and fixes section paste in the below in bold


    netsvcs
    %SYSTEMDRIVE%\*.*
    %systemroot%\*. /mp /s
    %systemroot%\system32\*.dll /lockedfiles
    %systemroot%\Tasks\*.job /lockedfiles
    %systemroot%\System32\config\*.sav
    %systemroot%\system32\drivers\*.sys /90

  • Check the boxes beside LOP Check and Purity Check.
  • Click the Run Scan button. Do not change any settings unless otherwise told to do so. The scan wont take long.
  • When the scan completes, it will open two notepad windows. OTL.Txt and Extras.Txt. These are saved in the same location as OTL.
  • Please copy (Edit->Select All, Edit->Copy) the contents of these files, one at a time, and post it with your next reply.
====================
Download the following GMER Rootkit Scanner from Here

  • Download the randomly named EXE file to your Desktop. Remember what its name is since it is randomly named.
  • Double click on the new random named exe file you downloaded and run it. If prompted about the Security Warning and Unknown Publisher go ahead and click on Run
  • It may take a minute to load and become available.
  • If it gives you a warning about rootkit activity and asks if you want to run a full scan...click on NO, then use the following settings for a more complete scan..
  • In the right panel, you will see several boxes that have been checked. Ensure the following are UNCHECKED

  • IAT/EAT
  • Drives/Partition other than Systemdrive (typically only C:\ should be checked)
  • Show All (don't miss this one)

  • Then click the Scan button & wait for it to finish.
  • Once done click on the [Save..] button, and in the File name area, type in "ark.txt" or it will save as a .log file which cannot be uploaded to your post.
  • Save it where you can easily find it, such as your desktop
  • **Caution** Rootkit scans often produce false positives. Do NOT take any action on any "<--- ROOKIT" entries
  • Click OK and quit the GMER program.
  • Note: On Firefox you need to go to Tools/Options/Main then under the Downloads section, click on Always ask me where to save files so that you can choose the name and where to save to, in this case your Desktop.
  • Post that log in your next reply.

  • 0

#3
TraceeMack
Posted 15 May 2010 - 07:06 AM

TraceeMack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
Here is the otl log.
Im running the GMER Rootkit Scanner but it is taking forever :)

OTL logfile created on: 5/14/2010 9:43:40 PM - Run 2
OTL by OldTimer - Version 3.2.4.1 Folder = C:\Documents and Settings\everybody else\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

502.00 Mb Total Physical Memory | 144.00 Mb Available Physical Memory | 29.00% Memory free
1.00 Gb Paging File | 1.00 Gb Available in Paging File | 77.00% Paging File free
Paging file location(s): C:\pagefile.sys 756 1512 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 69.82 Gb Total Space | 42.51 Gb Free Space | 60.89% Space Free | Partition Type: NTFS
D: Drive not present or media not loaded
E: Drive not present or media not loaded
F: Drive not present or media not loaded
G: Drive not present or media not loaded
H: Drive not present or media not loaded
I: Drive not present or media not loaded

Computer Name: SHAMEZSCOMPUTER
Current User Name: everybody else
Logged in as Administrator.

Current Boot Mode: Normal
Scan Mode: Current user
Company Name Whitelist: Off
Skip Microsoft Files: Off
File Age = 30 Days
Output = Minimal

========== Processes (SafeList) ==========

PRC - C:\Documents and Settings\everybody else\My Documents\Downloads\OTL.exe (OldTimer Tools)
PRC - C:\Program Files\Mozilla Firefox\firefox.exe (Mozilla Corporation)
PRC - C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.bin (OpenOffice.org)
PRC - C:\Program Files\OpenOffice.org 3\program\soffice.exe (OpenOffice.org)
PRC - C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
PRC - C:\Program Files\Common Files\AOL\1180136651\ee\aolsoftware.exe (AOL LLC)
PRC - C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
PRC - C:\WINDOWS\explorer.exe (Microsoft Corporation)
PRC - C:\Program Files\Common Files\AOL\1180136651\ee\anotify.exe (AOL LLC)
PRC - C:\WINDOWS\system32\dlcfcoms.exe ( )
PRC - C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
PRC - C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
PRC - C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Modules (SafeList) ==========

MOD - C:\Documents and Settings\everybody else\My Documents\Downloads\OTL.exe (OldTimer Tools)
MOD - C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll (Microsoft Corporation)
MOD - C:\WINDOWS\system32\msscript.ocx (Microsoft Corporation)


========== Win32 Services (SafeList) ==========

SRV - (avast! Web Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Mail Scanner) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (avast! Antivirus) -- C:\Program Files\Alwil Software\Avast5\AvastSvc.exe (ALWIL Software)
SRV - (usnjsvc) -- C:\Program Files\MSN Messenger\usnsvc.exe (Microsoft Corporation)
SRV - (GoogleDesktopManager) -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe (Google)
SRV - (dlcf_device) -- C:\WINDOWS\System32\dlcfcoms.exe ( )
SRV - (AOL ACS) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe (AOL LLC)
SRV - (IAANTMON) Intel® -- C:\Program Files\Intel\Intel Matrix Storage Manager\IAANTmon.exe (Intel Corporation)
SRV - (WANMiniportService) WAN Miniport (ATW) -- C:\WINDOWS\wanmpsvc.exe (America Online, Inc.)


========== Driver Services (SafeList) ==========

DRV - (aswTdi) -- C:\WINDOWS\system32\drivers\aswTdi.sys (ALWIL Software)
DRV - (aswSP) -- C:\WINDOWS\system32\drivers\aswSP.sys (ALWIL Software)
DRV - (aswRdr) -- C:\WINDOWS\system32\drivers\aswRdr.sys (ALWIL Software)
DRV - (aswMon2) -- C:\WINDOWS\system32\drivers\aswmon2.sys (ALWIL Software)
DRV - (aswFsBlk) -- C:\WINDOWS\system32\drivers\aswFsBlk.sys (ALWIL Software)
DRV - (Aavmker4) -- C:\WINDOWS\system32\drivers\aavmker4.sys (ALWIL Software)
DRV - (sscdserd) SAMSUNG Mobile Modem Diagnostic Serial Port (WDM) -- C:\WINDOWS\system32\drivers\sscdserd.sys (MCCI Corporation)
DRV - (sscdmdm) -- C:\WINDOWS\system32\drivers\sscdmdm.sys (MCCI Corporation)
DRV - (sscdmdfl) -- C:\WINDOWS\system32\drivers\sscdmdfl.sys (MCCI Corporation)
DRV - (sscdbus) SAMSUNG USB Composite Device driver (WDM) -- C:\WINDOWS\system32\drivers\sscdbus.sys (MCCI Corporation)
DRV - (symlcbrd) -- C:\WINDOWS\system32\drivers\symlcbrd.sys (Symantec Corporation)
DRV - (ASCTRM) -- C:\WINDOWS\system32\drivers\asctrm.sys (Windows ® 2000 DDK provider)
DRV - (STHDA) -- C:\WINDOWS\system32\drivers\sthda.sys (SigmaTel, Inc.)
DRV - (ialm) -- C:\WINDOWS\system32\drivers\igxpmp32.sys (Intel Corporation)
DRV - (e1express) Intel® -- C:\WINDOWS\system32\drivers\e1e5132.sys (Intel Corporation)
DRV - (iaStor) -- C:\WINDOWS\system32\drivers\iaStor.sys (Intel Corporation)
DRV - (NAL) -- C:\WINDOWS\system32\drivers\iqvw32.sys (Intel Corporation )
DRV - (DSproct) -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys (GTek Technologies Ltd.)
DRV - (AFS2K) -- C:\WINDOWS\system32\drivers\AFS2K.SYS (Oak Technology Inc.)
DRV - (HDAudBus) -- C:\WINDOWS\system32\drivers\Hdaudbus.sys (Windows ® Server 2003 DDK provider)
DRV - (amdagp) -- C:\WINDOWS\system32\DRIVERS\amdagp.sys (Advanced Micro Devices, Inc.)
DRV - (sisagp) -- C:\WINDOWS\system32\DRIVERS\sisagp.sys (Silicon Integrated Systems Corporation)
DRV - (rtl8139) Realtek RTL8139(A/B/C) -- C:\WINDOWS\system32\drivers\RTL8139.sys (Realtek Semiconductor Corporation)
DRV - (nv) -- C:\WINDOWS\system32\drivers\nv4_mini.sys (NVIDIA Corporation)
DRV - (HSFHWBS2) -- C:\WINDOWS\system32\drivers\HSFHWBS2.sys (Conexant Systems, Inc.)
DRV - (winachsf) -- C:\WINDOWS\system32\drivers\HSF_CNXT.sys (Conexant Systems, Inc.)
DRV - (HSF_DP) -- C:\WINDOWS\system32\drivers\HSF_DP.sys (Conexant Systems, Inc.)
DRV - (wanatw) WAN Miniport (ATW) -- C:\WINDOWS\system32\drivers\wanatw4.sys (America Online, Inc.)
DRV - (Sparrow) -- C:\WINDOWS\system32\DRIVERS\sparrow.sys (Adaptec, Inc.)
DRV - (sym_u3) -- C:\WINDOWS\system32\DRIVERS\sym_u3.sys (LSI Logic)
DRV - (sym_hi) -- C:\WINDOWS\system32\DRIVERS\sym_hi.sys (LSI Logic)
DRV - (symc8xx) -- C:\WINDOWS\system32\DRIVERS\symc8xx.sys (LSI Logic)
DRV - (symc810) -- C:\WINDOWS\system32\DRIVERS\symc810.sys (Symbios Logic Inc.)
DRV - (MODEMCSA) -- C:\WINDOWS\system32\drivers\MODEMCSA.sys (Microsoft Corporation)
DRV - (ultra) -- C:\WINDOWS\system32\DRIVERS\ultra.sys (Promise Technology, Inc.)
DRV - (ql12160) -- C:\WINDOWS\system32\DRIVERS\ql12160.sys (QLogic Corporation)
DRV - (ql1080) -- C:\WINDOWS\system32\DRIVERS\ql1080.sys (QLogic Corporation)
DRV - (ql1280) -- C:\WINDOWS\system32\DRIVERS\ql1280.sys (QLogic Corporation)
DRV - (dac2w2k) -- C:\WINDOWS\system32\DRIVERS\dac2w2k.sys (Mylex Corporation)
DRV - (mraid35x) -- C:\WINDOWS\system32\DRIVERS\mraid35x.sys (American Megatrends Inc.)
DRV - (asc) -- C:\WINDOWS\system32\DRIVERS\asc.sys (Advanced System Products, Inc.)
DRV - (asc3550) -- C:\WINDOWS\system32\DRIVERS\asc3550.sys (Advanced System Products, Inc.)
DRV - (AliIde) -- C:\WINDOWS\system32\DRIVERS\aliide.sys (Acer Laboratories Inc.)
DRV - (CmdIde) -- C:\WINDOWS\system32\DRIVERS\cmdide.sys (CMD Technology, Inc.)


========== Standard Registry (All) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = [binary data]
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Extensions Off Page = about:NoAdd-ons
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Security Risk Page = about:SecurityRisk
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,CustomizeSearch = http://ie.search.msn...st/srchcust.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://ie.search.msn...st/srchasst.htm
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=4061219
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = C:\WINDOWS\system32\blank.htm
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.co...html?channel=us
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.aol.com
IE - HKCU\..\URLSearchHook: {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
IE - HKCU\..\URLSearchHook: {CFBFAE00-17A6-11D0-99CB-00C04FD64497} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 1
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyServer" = http=127.0.0.1:5555

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Yahoo! Search"
FF - prefs.js..browser.search.selectedEngine: "Yahoo! Search"
FF - prefs.js..extensions.enabledItems: [email protected]:3.6.6.117
FF - prefs.js..extensions.enabledItems: [email protected]:1.0
FF - prefs.js..extensions.enabledItems: {20a82645-c095-46ed-80e3-08825760534b}:1.1
FF - prefs.js..extensions.enabledItems: [email protected]:7
FF - prefs.js..extensions.enabledItems: {972ce4c6-7e08-4474-a285-3208198ce6fd}:3.6.3
FF - prefs.js..keyword.URL: "http://us.yhs.search...2-tb-web_us&p="

FF - HKLM\software\mozilla\Firefox\Extensions\\{20a82645-c095-46ed-80e3-08825760534b}: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ [2009/09/02 03:00:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff [2009/12/03 15:09:20 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\{3f963a5b-e555-4543-90e2-c3908898db71}: C:\Program Files\AVG\AVG9\Firefox [2010/03/07 18:06:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG9\Toolbar\Firefox\avg@igeared [2010/03/07 18:06:49 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2010/04/22 21:49:41 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.3\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2010/04/03 00:52:18 | 000,000,000 | ---D | M]

[2009/12/13 12:07:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\Mozilla\Extensions
[2009/12/13 12:07:37 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\everybody else\Application Data\Mozilla\Extensions\{ec8030f7-c20a-464f-9b0e-13a3a9e97384}
[2010/05/14 07:39:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\Mozilla\Firefox\Profiles\50d5req3.default\extensions
[2009/12/13 13:47:13 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\everybody else\Application Data\Mozilla\Firefox\Profiles\50d5req3.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2010/03/12 09:14:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\Mozilla\Firefox\Profiles\50d5req3.default\extensions\[email protected]
[2010/05/13 23:04:20 | 000,000,000 | ---D | M] -- C:\Program Files\Mozilla Firefox\extensions
[2010/04/03 00:52:18 | 000,000,000 | ---D | M] (Default) -- C:\Program Files\Mozilla Firefox\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
[2010/04/03 00:52:12 | 000,023,000 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browserdirprovider.dll
[2010/04/03 00:52:12 | 000,138,712 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\brwsrcmp.dll
[2010/04/03 00:52:14 | 000,064,984 | ---- | M] (mozilla.org) -- C:\Program Files\Mozilla Firefox\plugins\npnul32.dll
[2003/07/14 23:56:52 | 000,013,888 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPOFFICE.DLL
[2010/03/24 09:26:03 | 000,001,394 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\amazondotcom.xml
[2010/03/24 09:26:03 | 000,002,193 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\answers.xml
[2010/01/13 11:23:23 | 000,001,353 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\avg_igeared.xml
[2010/03/24 09:26:03 | 000,001,534 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\creativecommons.xml
[2010/03/24 09:26:03 | 000,002,344 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\eBay.xml
[2010/03/24 09:26:03 | 000,002,371 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\google.xml
[2010/03/24 09:26:03 | 000,001,178 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\wikipedia.xml
[2010/03/24 09:26:04 | 000,001,096 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\yahoo.xml

O1 HOSTS File: ([2004/08/10 06:00:00 | 000,000,734 | ---- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O2 - BHO: (Adobe PDF Link Helper) - {18DF081C-E8AD-4283-A596-FA578C2EBDC3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll (Adobe Systems Incorporated)
O2 - BHO: (AVG Safe Search) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG9\avgssie.dll (AVG Technologies CZ, s.r.o.)
O2 - BHO: (no name) - {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - No CLSID value found.
O2 - BHO: (AOL Toolbar Launcher) - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - No CLSID value found.
O2 - BHO: (AVG Security Toolbar BHO) - {A3BC75A2-1F87-4686-AA43-5347D756017C} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O2 - BHO: (Google Toolbar Helper) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.4.4525.1752\swg.dll (Google Inc.)
O2 - BHO: (Google Dictionary Compression sdch) - {C84D72FE-E17D-4195-BB24-76C02E2E7C4E} - C:\Program Files\Google\Google Toolbar\Component\fastsearch_B7C5AC242193BB3E.dll (Google Inc.)
O2 - BHO: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O2 - BHO: (Java™ Plug-In 2 SSV Helper) - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files\Java\jre6\bin\jp2ssv.dll (Sun Microsystems, Inc.)
O2 - BHO: (JQSIEStartDetectorImpl Class) - {E7E6F031-17CE-4C07-BC86-EABFE594F69C} - C:\Program Files\Java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll (Sun Microsystems, Inc.)
O2 - BHO: (SingleInstance Class) - {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\YTSingleInstance.dll (Yahoo! Inc)
O3 - HKLM\..\Toolbar: (Google Toolbar) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKLM\..\Toolbar: (no name) - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No CLSID value found.
O3 - HKLM\..\Toolbar: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKLM\..\Toolbar: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKLM\..\Toolbar: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKLM\..\Toolbar: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\ShellBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Address) - {01E04581-4EEE-11D0-BFE9-00AA005B4383} - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {0E5CBF21-D15F-11D0-8301-00AA005B4383} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O3 - HKCU\..\Toolbar\WebBrowser: (Google Toolbar) - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll (Google Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (AVG Security Toolbar) - {CCC7A320-B3CA-4199-B1A6-9F516DD69829} - C:\Program Files\AVG\AVG9\Toolbar\IEToolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FrostWire Toolbar) - {D4027C7F-154A-4066-A1AD-4243D8127440} - C:\Program Files\Ask.com\GenericAskToolbar.dll (Ask.com)
O3 - HKCU\..\Toolbar\WebBrowser: (AOL Toolbar) - {DE9C389F-3316-41A7-809B-AA305ED9D922} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O3 - HKCU\..\Toolbar\WebBrowser: (Yahoo! Toolbar) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn0\yt.dll (Yahoo! Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (&Links) - {F2CF5485-4E02-4F68-819C-B92DE9277049} - C:\WINDOWS\system32\ieframe.dll (Microsoft Corporation)
O4 - HKLM..\Run: [avast5] C:\Program Files\Alwil Software\Avast5\AvastUI.exe (ALWIL Software)
O4 - HKLM..\Run: [DLCFCATS] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCFtime.DLL ()
O4 - HKLM..\Run: [hotcskls] C:\Documents and Settings\everybody else\Local Settings\Application Data\nddystqnb\ejsahkgtssd.exe ()
O4 - HKCU..\Run: [Aim6] File not found
O4 - HKCU..\Run: [AOL Fast Start] C:\Program Files\AOL 9.1\AOL.EXE (AOL, LLC.)
O4 - HKCU..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe (Microsoft Corporation)
O4 - HKCU..\Run: [Google Update4] C:\WINDOWS\System32\GoogleUpdte.exe File not found
O4 - HKCU..\Run: [hotcskls] C:\Documents and Settings\everybody else\Local Settings\Application Data\nddystqnb\ejsahkgtssd.exe ()
O4 - HKCU..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe (Google Inc.)
O4 - Startup: C:\Documents and Settings\everybody else\Start Menu\Programs\Startup\MEMonitor.lnk = C:\Program Files\Verizon Wireless\V CAST Music Manager\MEMonitor.exe (Smith Micro Software, Inc.)
O4 - Startup: C:\Documents and Settings\everybody else\Start Menu\Programs\Startup\OpenOffice.org 3.1.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: dontdisplaylastusername = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticecaption =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: legalnoticetext =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: shutdownwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: undockwithoutlogon = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: EnableLUA = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispBackgroundPage = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: NoDispScrSavPage = 0
O8 - Extra context menu item: &AOL Toolbar Search - c:\Program Files\AOL\AOL Toolbar 5.0\resources\en-us\local\search.html ()
O8 - Extra context menu item: E&xport to Microsoft Excel - C:\Program Files\Microsoft Office\OFFICE11\EXCEL.EXE (Microsoft Corporation)
O9 - Extra Button: AOL Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - C:\Program Files\AOL\AOL Toolbar 5.0\aoltb.dll (AOL LLC)
O9 - Extra Button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\Program Files\Microsoft Office\OFFICE11\REFIEBAR.DLL (Microsoft Corporation)
O9 - Extra Button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\shdocvw.dll (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\network diagnostic\xpnetdiag.exe (Microsoft Corporation)
O9 - Extra Button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O9 - Extra 'Tools' menuitem : Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000001 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000002 [] - C:\WINDOWS\system32\winrnr.dll (Microsoft Corporation)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000003 [] - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000001 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000002 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000003 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000004 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000005 - C:\WINDOWS\system32\rsvpsp.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000006 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000007 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000008 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000009 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000010 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000011 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000012 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000013 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000014 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000015 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000016 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000017 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000018 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O10 - Protocol_Catalog9\Catalog_Entries\000000000019 - C:\WINDOWS\system32\mswsock.dll (Microsoft Corporation)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {166B1BCA-3F9C-11CF-8075-444553540000} http://download.macr...director/sw.cab (Shockwave ActiveX Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://gsn.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {1D082E71-DF20-4AAF-863B-596428C49874} http://www.worldwinn...0/tpir/tpir.cab (TPIR Control)
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} http://photos.walmar...martActivia.cab (Snapfish Activia)
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} http://lads.myspace....ploader1005.cab (MySpace Uploader Control)
O16 - DPF: {5F8469B4-B055-49DD-83F7-62B522420ECC} http://upload.facebo...otoUploader.cab (Facebook Photo Uploader Control)
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} http://www.shockwave...h2.1.0.0.67.cab (CPlayFirstDinerDash2Control Object)
O16 - DPF: {6B75345B-AA36-438A-BBE6-4078B4C6984D} http://h20270.www2.h...ctDetection.cab (HpProductDetection Class)
O16 - DPF: {80B626D6-BC34-4BCF-B5A1-7149E4FD9CFA} http://zone.msn.com/...O1.cab60096.cab (UnoCtrl Class)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...r/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {A52FBD2B-7AB3-4F6B-90E3-91C772C5D00F} http://www.worldwinn...v57/wof/wof.cab (WoF Control)
O16 - DPF: {A7846ED2-9DE6-4E8A-B116-A8ACEBFA7DB1} http://rms2.invokeso...1452/MILive.cab (Invoke Solutions MILiveParticipantPadHelper Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} http://cdn2.zone.msn...k.cab102118.cab (MSN Games - Installer)
O16 - DPF: {C5326A4D-E9AA-40AD-A09A-E74304D86B47} http://www.worldwinn...h/dinerdash.cab (DinerDash Control)
O16 - DPF: {C93C1C34-CEA9-49B1-9046-040F59E0E0D8} http://www.worldwinn...paint/paint.cab (Paint Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_16)
O16 - DPF: {CF969D51-F764-4FBF-9E90-475248601C8A} http://www.worldwinn.../familyfeud.cab (FamilyFeud Control)
O16 - DPF: {D8AA889B-2C65-47C3-8C16-3DCD4EF76A47} Reg Error: Key error. (Invoke Solutions Participant Control(MR))
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O18 - Protocol\Handler\about {3050F406-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\cdl {3dd53d40-7b8b-11D0-b013-00aa0059ce02} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\cetihpz {CF184AD3-CDCB-4168-A3F7-8E447D129300} - C:\Program Files\HP\hpcoretech\comp\hpuiprot.dll (Hewlett-Packard Company)
O18 - Protocol\Handler\dvd {12D51199-0DB5-46FE-A120-47A3D7D937CC} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\file {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\ftp {79eac9e3-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\gopher {79eac9e4-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http {79eac9e2-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\http\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\http\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https {79eac9e5-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\https\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\https\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ipp - No CLSID value found
O18 - Protocol\Handler\ipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\javascript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\linkscanner {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG9\avgpp.dll (AVG Technologies CZ, s.r.o.)
O18 - Protocol\Handler\livecall {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\local {79eac9e7-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\mailto {3050f3DA-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\mhtml {05300401-BCBC-11d0-85E3-00C04FD85AB4} - C:\WINDOWS\system32\inetcomm.dll (Microsoft Corporation)
O18 - Protocol\Handler\mk {79eac9e6-baf9-11ce-8c82-00aa004ba90b} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp - No CLSID value found
O18 - Protocol\Handler\msdaipp\0x00000001 {E1D2BF42-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msdaipp\oledb {E1D2BF40-A96B-11d1-9C6B-0000F875AC61} - C:\Program Files\Common Files\System\Ole DB\MSDAIPP.DLL (Microsoft Corporation)
O18 - Protocol\Handler\ms-its {9D148291-B9C8-11D0-A4CC-0000F80149F6} - C:\WINDOWS\system32\itss.dll (Microsoft Corporation)
O18 - Protocol\Handler\ms-itss {0A9007C0-4076-11D3-8789-0000F8105754} - C:\Program Files\Common Files\Microsoft Shared\Information Retrieval\MSITSS.DLL (Microsoft Corporation)
O18 - Protocol\Handler\msnim {828030A1-22C1-4009-854F-8E305202313F} - C:\Program Files\MSN Messenger\msgrapp.8.1.0178.00.dll (Microsoft Corporation)
O18 - Protocol\Handler\mso-offdap11 {32505114-5902-49B2-880A-1F7738E5A384} - C:\Program Files\Common Files\Microsoft Shared\Web Components\11\OWC11.DLL (Microsoft Corporation)
O18 - Protocol\Handler\res {3050F3BC-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\sysimage {76E67A63-06E9-11D2-A840-006008059382} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\tv {CBD30858-AF45-11D2-B6D6-00C04FBBDE6E} - C:\WINDOWS\system32\msvidctl.dll (Microsoft Corporation)
O18 - Protocol\Handler\vbscript {3050F3B2-98B5-11CF-BB82-00AA00BDCE0B} - C:\WINDOWS\system32\mshtml.dll (Microsoft Corporation)
O18 - Protocol\Handler\wia {13F3EA8B-91D7-4F0A-AD76-D2853AC8BECE} - C:\WINDOWS\system32\wiascr.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/octet-stream {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-complus {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\application/x-msdownload {1E66F26B-79EE-11D2-8710-00C04F79ED0D} - C:\WINDOWS\System32\mscoree.dll (Microsoft Corporation)
O18 - Protocol\Filter\Class Install Handler {32B533BB-EDAE-11d0-BD5A-00AA00B92AF1} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\deflate {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\gzip {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\lzdhtml {8f6b0360-b80d-11d0-a9b3-006097942311} - C:\WINDOWS\system32\urlmon.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/webviewhtml {733AC4CB-F1A4-11d0-B951-00A0C90312E1} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O18 - Protocol\Filter\text/xml {807553E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE11\MSOXMLMF.DLL (Microsoft Corporation)
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\system32\userinit.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UIHost - (logonui.exe) - C:\WINDOWS\System32\logonui.exe (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (rundll32 shell32) - C:\WINDOWS\System32\shell32.dll (Microsoft Corporation)
O20 - HKLM Winlogon: VMApplet - (Control_RunDLL "sysdm.cpl") - C:\WINDOWS\System32\sysdm.cpl (Microsoft Corporation)
O20 - Winlogon\Notify\avgrsstarter: DllName - avgrsstx.dll - C:\WINDOWS\System32\avgrsstx.dll (AVG Technologies CZ, s.r.o.)
O20 - Winlogon\Notify\crypt32chain: DllName - crypt32.dll - C:\WINDOWS\System32\crypt32.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cryptnet: DllName - cryptnet.dll - C:\WINDOWS\System32\cryptnet.dll (Microsoft Corporation)
O20 - Winlogon\Notify\cscdll: DllName - cscdll.dll - C:\WINDOWS\System32\cscdll.dll (Microsoft Corporation)
O20 - Winlogon\Notify\igfxcui: DllName - igfxdev.dll - C:\WINDOWS\System32\igfxdev.dll (Intel Corporation)
O20 - Winlogon\Notify\ScCertProp: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\Schedule: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\sclgntfy: DllName - sclgntfy.dll - C:\WINDOWS\System32\sclgntfy.dll (Microsoft Corporation)
O20 - Winlogon\Notify\SensLogn: DllName - WlNotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\termsrv: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O20 - Winlogon\Notify\WgaLogon: DllName - WgaLogon.dll - C:\WINDOWS\System32\WgaLogon.dll (Microsoft Corporation)
O20 - Winlogon\Notify\wlballoon: DllName - wlnotify.dll - C:\WINDOWS\System32\wlnotify.dll (Microsoft Corporation)
O21 - SSODL: CDBurn - {fbeb8a05-beee-4442-804e-409d6c4515e9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: PostBootReminder - {7849596a-48ea-486e-8937-a2a3009f31a9} - C:\WINDOWS\system32\shell32.dll (Microsoft Corporation)
O21 - SSODL: SysTray - {35CEC8A3-2BE6-11D2-8773-92E220524153} - C:\WINDOWS\system32\stobject.dll (Microsoft Corporation)
O21 - SSODL: WebCheck - {E6FB5E20-DE35-11CF-9C87-00AA005127ED} - C:\WINDOWS\system32\webcheck.dll (Microsoft Corporation)
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {438755C2-A8BA-11D1-B96B-00A0C90312E1} - Browseui preloader - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O22 - SharedTaskScheduler: {8C7461EF-2B13-11d2-BE35-3078302C2030} - Component Categories cache daemon - C:\WINDOWS\system32\browseui.dll (Microsoft Corporation)
O24 - Desktop Components:0 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\everybody else\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\everybody else\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O29 - HKLM SecurityProviders - (msapsspc.dll) - C:\WINDOWS\System32\msapsspc.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (schannel.dll) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (digest.dll) - C:\WINDOWS\System32\digest.dll (Microsoft Corporation)
O29 - HKLM SecurityProviders - (msnsspc.dll) - C:\WINDOWS\System32\msnsspc.dll (Microsoft Corporation)
O30 - LSA: Authentication Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (kerberos) - C:\WINDOWS\System32\kerberos.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (msv1_0) - C:\WINDOWS\System32\msv1_0.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (schannel) - C:\WINDOWS\System32\schannel.dll (Microsoft Corporation)
O30 - LSA: Security Packages - (wdigest) - C:\WINDOWS\System32\wdigest.dll (Microsoft Corporation)
O31 - SafeBoot: AlternateShell - cmd.exe
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 05:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe -- File not found
O33 - MountPoints2\{46c71fe6-3037-11df-b8ea-00038a000015}\Shell\AutoRun\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{46c71fe6-3037-11df-b8ea-00038a000015}\Shell\slacker\command - "" = E:\slacker.synclauncher.exe -- File not found
O33 - MountPoints2\{5feac4c4-5f30-11dc-b748-00038a000015}\Shell\AutoRun\command - "" = E:\.\MigWiz\migsetup.exe -- File not found
O33 - MountPoints2\{7aadf1e4-ccb4-11dd-b82f-0019d10a07b1}\Shell - "" = AutoRun
O33 - MountPoints2\{7aadf1e4-ccb4-11dd-b82f-0019d10a07b1}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{7aadf1e4-ccb4-11dd-b82f-0019d10a07b1}\Shell\AutoRun\command - "" = E:\LaunchU3.exe -- File not found
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

NetSvcs: 6to4 - File not found
NetSvcs: Ias - C:\WINDOWS\system32\ias [2005/08/16 05:22:48 | 000,000,000 | ---D | M]
NetSvcs: Iprip - File not found
NetSvcs: Irmon - File not found
NetSvcs: NWCWorkstation - File not found
NetSvcs: Nwsapagent - File not found
NetSvcs: WmdmPmSp - File not found

========== Files/Folders - Created Within 30 Days ==========

[2010/05/12 09:09:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\everybody else\Local Settings\Application Data\nddystqnb
[2010/05/07 13:08:57 | 000,000,000 | ---D | C] -- C:\Program Files\Dell Color Printer 725
[2010/05/07 13:08:56 | 000,323,584 | ---- | C] ( ) -- C:\WINDOWS\System32\DLCFhcp.dll
[2006/10/11 18:01:40 | 000,643,072 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpmui.dll
[2006/10/11 17:59:56 | 001,224,704 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfserv.dll
[2006/10/11 17:54:10 | 000,421,888 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomm.dll
[2006/10/11 17:52:34 | 000,585,728 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcflmpm.dll
[2006/10/11 17:51:16 | 000,397,312 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfiesc.dll
[2006/10/11 17:48:58 | 000,094,208 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfpplc.dll
[2006/10/11 17:48:14 | 000,684,032 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfcomc.dll
[2006/10/11 17:47:42 | 000,163,840 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfprox.dll
[2006/10/11 17:41:42 | 000,413,696 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfinpa.dll
[2006/10/11 17:41:04 | 000,991,232 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfusb1.dll
[2006/10/11 17:37:14 | 000,696,320 | ---- | C] ( ) -- C:\WINDOWS\System32\dlcfhbn3.dll
[1 C:\Documents and Settings\everybody else\Desktop\*.tmp files -> C:\Documents and Settings\everybody else\Desktop\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2010/05/14 21:01:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\tasks\Scheduled Update for Ask Toolbar.job
[2010/05/14 10:19:57 | 000,113,462 | ---- | M] () -- C:\VETlog.dmp
[2010/05/14 09:29:33 | 004,718,592 | ---- | M] () -- C:\Documents and Settings\everybody else\ntuser.dat
[2010/05/14 09:28:28 | 000,000,712 | ---- | M] () -- C:\WINDOWS\win.ini
[2010/05/14 09:27:21 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2010/05/14 09:26:39 | 000,000,006 | -H-- | M] () -- C:\WINDOWS\tasks\SA.DAT
[2010/05/14 09:26:36 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2010/05/14 09:26:35 | 526,290,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/05/14 09:18:40 | 000,000,278 | -HS- | M] () -- C:\Documents and Settings\everybody else\ntuser.ini
[2010/05/12 09:19:36 | 000,025,442 | ---- | M] () -- C:\Documents and Settings\everybody else\Desktop\gradgrad.jpg
[2010/05/09 21:18:33 | 000,035,840 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\TraceeM.doc
[2010/05/09 21:09:42 | 000,047,104 | ---- | M] () -- C:\Documents and Settings\everybody else\Desktop\TraceeMcMurryResume.doc
[2010/05/09 20:46:18 | 000,091,743 | ---- | M] () -- C:\Documents and Settings\everybody else\Desktop\matracgrandma.jpg
[2010/05/08 10:05:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2010/05/07 13:11:11 | 000,001,745 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Dell Printer Supplies - Inkjet.lnk
[2010/05/07 13:09:36 | 000,002,957 | ---- | M] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/07 09:47:03 | 000,052,224 | ---- | M] () -- C:\Documents and Settings\everybody else\Desktop\UNIV4995 Proposal form McMurray with notes1.doc
[2010/05/06 23:43:33 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\REASON.doc
[2010/05/06 22:47:42 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\Imagination.doc
[2010/05/06 22:38:44 | 000,028,160 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\FAITH.doc
[2010/05/06 22:35:42 | 000,027,136 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\reflective3.doc
[2010/05/04 19:27:33 | 000,054,156 | -H-- | M] () -- C:\WINDOWS\QTFont.qfn
[2010/04/30 23:49:49 | 000,153,088 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\WeB.ppt
[2010/04/30 23:48:48 | 000,085,363 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\WeB.odp
[2010/04/30 22:42:28 | 000,042,496 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\Culminating Project.doc
[2010/04/29 21:34:56 | 000,001,409 | ---- | M] () -- C:\WINDOWS\QTFont.for
[2010/04/28 22:48:13 | 000,031,718 | ---- | M] () -- C:\Documents and Settings\everybody else\Desktop\4878226_annual_report_300.jpg
[2010/04/28 22:36:16 | 000,045,568 | ---- | M] () -- C:\Documents and Settings\everybody else\My Documents\roughdraft.doc
[2010/04/25 22:20:13 | 000,034,816 | ---- | M] () -- C:\Documents and Settings\everybody else\Desktop\box5.doc
[2010/04/25 14:01:05 | 000,019,039 | ---- | M] () -- C:\Documents and Settings\everybody else\Desktop\x2_12fdc19.jpg
[2010/04/20 20:04:23 | 001,609,728 | ---- | M] () -- C:\WINDOWS\MEDB.mdb
[2010/04/19 21:18:26 | 000,002,516 | -HS- | M] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2010/04/19 21:18:26 | 000,000,088 | RHS- | M] () -- C:\WINDOWS\System32\E002B5A1C9.sys
[1 C:\Documents and Settings\everybody else\Desktop\*.tmp files -> C:\Documents and Settings\everybody else\Desktop\*.tmp -> ]

========== Files Created - No Company Name ==========

[2010/05/14 07:28:07 | 526,290,944 | -HS- | C] () -- C:\hiberfil.sys
[2010/05/12 09:19:32 | 000,025,442 | ---- | C] () -- C:\Documents and Settings\everybody else\Desktop\gradgrad.jpg
[2010/05/09 21:18:33 | 000,035,840 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\TraceeM.doc
[2010/05/09 20:46:17 | 000,091,743 | ---- | C] () -- C:\Documents and Settings\everybody else\Desktop\matracgrandma.jpg
[2010/05/07 13:11:11 | 000,001,745 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Dell Printer Supplies - Inkjet.lnk
[2010/05/07 13:08:56 | 000,274,432 | ---- | C] () -- C:\WINDOWS\System32\DLCFinst.dll
[2010/05/07 13:08:52 | 000,002,957 | ---- | C] () -- C:\WINDOWS\System32\LexFiles.ulf
[2010/05/07 09:47:02 | 000,052,224 | ---- | C] () -- C:\Documents and Settings\everybody else\Desktop\UNIV4995 Proposal form McMurray with notes1.doc
[2010/05/06 22:35:42 | 000,027,136 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\reflective3.doc
[2010/05/06 19:55:43 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\Imagination.doc
[2010/05/05 08:50:13 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\REASON.doc
[2010/05/03 21:52:00 | 000,028,160 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\FAITH.doc
[2010/04/30 23:49:44 | 000,153,088 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\WeB.ppt
[2010/04/30 23:48:46 | 000,085,363 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\WeB.odp
[2010/04/30 22:42:28 | 000,042,496 | ---- | C] () -- C:\Documents and Settings\everybody else\My Documents\Culminating Project.doc
[2010/04/29 21:34:56 | 000,054,156 | -H-- | C] () -- C:\WINDOWS\QTFont.qfn
[2010/04/29 21:34:56 | 000,001,409 | ---- | C] () -- C:\WINDOWS\QTFont.for
[2010/04/28 22:48:06 | 000,031,718 | ---- | C] () -- C:\Documents and Settings\everybody else\Desktop\4878226_annual_report_300.jpg
[2010/04/25 22:20:13 | 000,034,816 | ---- | C] () -- C:\Documents and Settings\everybody else\Desktop\box5.doc
[2010/04/25 14:00:55 | 000,019,039 | ---- | C] () -- C:\Documents and Settings\everybody else\Desktop\x2_12fdc19.jpg
[2007/11/22 15:02:54 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/11/06 21:22:05 | 000,049,152 | ---- | C] () -- C:\WINDOWS\System32\VZWDLManager.dll
[2007/05/04 19:10:03 | 000,002,516 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2007/05/04 19:10:03 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E002B5A1C9.sys
[2007/05/04 19:00:57 | 000,001,888 | ---- | C] () -- C:\WINDOWS\Ca533a.ini
[2007/04/26 15:06:53 | 000,000,387 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/19 12:22:49 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/19 12:06:46 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/19 11:41:25 | 000,348,880 | ---- | C] () -- C:\WINDOWS\System32\igmedkrn.dll
[2006/12/19 11:41:25 | 000,192,512 | ---- | C] () -- C:\WINDOWS\System32\igfxCoIn_v4642.dll
[2006/12/19 11:39:11 | 000,000,392 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/12/07 00:05:58 | 000,106,496 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsr.dll
[2006/12/07 00:05:50 | 000,036,864 | ---- | C] () -- C:\WINDOWS\System32\dlcfcur.dll
[2006/12/07 00:05:16 | 000,131,072 | ---- | C] () -- C:\WINDOWS\System32\dlcfjswr.dll
[2006/12/07 00:01:06 | 000,221,184 | ---- | C] () -- C:\WINDOWS\System32\dlcfinsb.dll
[2006/12/07 00:00:58 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\dlcfcub.dll
[2006/12/07 00:00:46 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\dlcfcu.dll
[2006/12/07 00:00:40 | 000,159,744 | ---- | C] () -- C:\WINDOWS\System32\dlcfins.dll
[2006/12/06 23:59:06 | 000,434,176 | ---- | C] () -- C:\WINDOWS\System32\dlcfutil.dll
[2006/12/02 14:08:20 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2006/11/07 11:30:48 | 000,344,064 | ---- | C] () -- C:\WINDOWS\System32\dlcfcoin.dll
[2006/09/06 05:27:08 | 000,069,632 | ---- | C] () -- C:\WINDOWS\System32\dlcfcfg.dll
[2006/03/06 10:41:02 | 000,073,728 | ---- | C] () -- C:\WINDOWS\System32\AMV_DecDLL.dll
[2005/08/18 06:26:46 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\dlcfvs.dll
[2005/08/16 05:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/05 15:01:54 | 000,239,104 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\System32\drivers\ADFUUD.SYS
[2004/09/16 13:26:40 | 000,012,634 | ---- | C] () -- C:\WINDOWS\ADFUUD.SYS
[2003/01/07 16:05:08 | 000,002,695 | ---- | C] () -- C:\WINDOWS\System32\OUTLPERF.INI

========== LOP Check ==========

[2010/03/02 18:11:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Alwil Software
[2010/05/12 19:14:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2010/03/07 18:06:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\avg9
[2007/04/30 19:58:55 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Broderbund Software
[2005/08/16 21:54:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\DIGStream
[2008/12/21 04:14:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2007/11/22 14:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PlayFirst
[2007/05/28 17:37:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2007/05/01 06:26:17 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/19 12:13:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2008/01/28 19:14:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\acccore
[2010/03/15 06:53:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\FrostWire
[2009/03/17 04:50:27 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\GetRightToGo
[2010/02/15 16:46:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\HorizonWimba
[2010/03/14 15:59:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\LimeWire
[2009/12/03 15:54:56 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\OpenOffice.org
[2007/11/22 14:13:59 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\PlayFirst
[2009/03/24 18:46:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\SmartDraw
[2007/05/01 06:26:18 | 000,000,000 | ---D | M] -- C:\Documents and Settings\everybody else\Application Data\Viewpoint
[2010/05/14 21:01:00 | 000,000,252 | ---- | M] () -- C:\WINDOWS\Tasks\Scheduled Update for Ask Toolbar.job

========== Purity Check ==========



========== Custom Scans ==========


< %SYSTEMDRIVE%\*.* >
[2007/11/04 20:30:56 | 000,000,786 | ---- | M] () -- C:\1280.bat
[2007/11/03 21:03:51 | 000,000,786 | ---- | M] () -- C:\1727.bat
[2007/11/04 17:48:56 | 000,000,786 | ---- | M] () -- C:\1793.bat
[2007/11/03 14:57:00 | 000,000,786 | ---- | M] () -- C:\3024.bat
[2007/11/03 22:12:41 | 000,000,786 | ---- | M] () -- C:\5859.bat
[2007/11/04 16:58:34 | 000,000,786 | ---- | M] () -- C:\6490.bat
[2007/11/04 10:13:39 | 000,000,786 | ---- | M] () -- C:\7028.bat
[2007/11/04 10:38:41 | 000,000,786 | ---- | M] () -- C:\7642.bat
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\AUTOEXEC.BAT
[2010/03/09 13:22:26 | 000,000,209 | RHS- | M] () -- C:\boot.ini
[2005/08/16 05:43:04 | 000,000,000 | ---- | M] () -- C:\CONFIG.SYS
[2006/12/19 11:44:56 | 000,006,860 | RH-- | M] () -- C:\dell.sdr
[2010/04/14 03:19:09 | 000,014,716 | ---- | M] () -- C:\dlcf.log
[2010/05/14 09:26:35 | 526,290,944 | -HS- | M] () -- C:\hiberfil.sys
[2010/03/09 13:18:46 | 000,003,688 | ---- | M] () -- C:\hpcmerr.log
[2007/04/30 19:39:49 | 000,004,128 | ---- | M] () -- C:\INFCACHE.1
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\IO.SYS
[2007/05/29 21:36:32 | 000,000,125 | ---- | M] () -- C:\ioSpecial.ini
[2007/11/10 19:12:07 | 001,876,895 | ---- | M] () -- C:\Movie.amv
[2005/08/16 05:43:04 | 000,000,000 | -H-- | M] () -- C:\MSDOS.SYS
[2004/08/10 06:00:00 | 000,047,564 | RHS- | M] () -- C:\NTDETECT.COM
[2004/08/10 06:00:00 | 000,250,032 | RHS- | M] () -- C:\ntldr
[2010/05/14 09:26:18 | 792,723,456 | -HS- | M] () -- C:\pagefile.sys
[2007/11/22 14:15:27 | 000,050,797 | ---- | M] () -- C:\playground.log
[2010/05/14 09:29:59 | 000,000,405 | ---- | M] () -- C:\rkill.log
[2009/06/10 03:06:47 | 000,000,268 | -H-- | M] () -- C:\sqmdata00.sqm
[2009/08/07 21:56:12 | 000,000,268 | -H-- | M] () -- C:\sqmdata01.sqm
[2009/09/05 13:25:01 | 000,000,268 | -H-- | M] () -- C:\sqmdata02.sqm
[2009/09/10 05:45:06 | 000,000,268 | -H-- | M] () -- C:\sqmdata03.sqm
[2009/09/13 06:46:45 | 000,000,268 | -H-- | M] () -- C:\sqmdata04.sqm
[2009/10/01 10:31:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata05.sqm
[2009/10/04 19:31:25 | 000,000,232 | -H-- | M] () -- C:\sqmdata06.sqm
[2009/10/06 07:59:59 | 000,000,268 | -H-- | M] () -- C:\sqmdata07.sqm
[2009/10/06 09:00:54 | 000,000,268 | -H-- | M] () -- C:\sqmdata08.sqm
[2009/10/06 09:10:53 | 000,000,268 | -H-- | M] () -- C:\sqmdata09.sqm
[2009/10/13 18:45:35 | 000,000,268 | -H-- | M] () -- C:\sqmdata10.sqm
[2009/10/30 14:48:19 | 000,000,268 | -H-- | M] () -- C:\sqmdata11.sqm
[2009/10/30 15:25:34 | 000,000,268 | -H-- | M] () -- C:\sqmdata12.sqm
[2009/10/30 15:51:24 | 000,000,268 | -H-- | M] () -- C:\sqmdata13.sqm
[2009/10/30 16:32:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata14.sqm
[2009/10/30 23:13:17 | 000,000,268 | -H-- | M] () -- C:\sqmdata15.sqm
[2010/01/09 13:15:57 | 000,000,232 | -H-- | M] () -- C:\sqmdata16.sqm
[2009/05/10 17:46:08 | 000,000,268 | -H-- | M] () -- C:\sqmdata17.sqm
[2009/06/01 23:37:26 | 000,000,268 | -H-- | M] () -- C:\sqmdata18.sqm
[2009/06/02 17:24:04 | 000,000,232 | -H-- | M] () -- C:\sqmdata19.sqm
[2009/06/02 17:24:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt00.sqm
[2009/06/10 03:06:47 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt01.sqm
[2009/08/07 21:56:12 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt02.sqm
[2009/09/05 13:25:01 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt03.sqm
[2009/09/10 05:45:06 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt04.sqm
[2009/09/13 06:46:45 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt05.sqm
[2009/10/01 10:31:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt06.sqm
[2009/10/04 19:31:21 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt07.sqm
[2009/10/06 07:59:58 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt08.sqm
[2009/10/06 09:00:54 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt09.sqm
[2009/10/06 09:10:53 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt10.sqm
[2009/10/13 18:45:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt11.sqm
[2009/10/30 14:48:19 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt12.sqm
[2009/10/30 15:25:34 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt13.sqm
[2009/10/30 15:51:24 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt14.sqm
[2009/10/30 16:32:08 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt15.sqm
[2009/10/30 23:13:16 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt16.sqm
[2010/01/09 13:15:57 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt17.sqm
[2009/05/10 17:46:07 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt18.sqm
[2009/06/01 23:37:25 | 000,000,244 | -H-- | M] () -- C:\sqmnoopt19.sqm
[2006/12/19 12:16:19 | 000,000,087 | ---- | M] () -- C:\SystemInfo.ini
[2010/05/14 10:19:57 | 000,113,462 | ---- | M] () -- C:\VETlog.dmp
[2010/05/14 10:19:57 | 023,492,879 | ---- | M] () -- C:\VETlog.txt
[2008/01/25 19:41:42 | 000,000,156 | ---- | M] () -- C:\YServer.txt

< %systemroot%\*. /mp /s >

< %systemroot%\system32\*.dll /lockedfiles >
[2005/07/25 23:39:44 | 001,267,200 | ---- | M] (Microsoft Corporation) Unable to obtain MD5 -- C:\WINDOWS\system32\comsvcs.dll

< %systemroot%\Tasks\*.job /lockedfiles >

< %systemroot%\System32\config\*.sav >
[2005/08/16 05:27:08 | 000,094,208 | ---- | M] () -- C:\WINDOWS\system32\config\default.sav
[2005/08/16 05:27:08 | 000,659,456 | ---- | M] () -- C:\WINDOWS\system32\config\software.sav
[2005/08/16 05:27:08 | 000,876,544 | ---- | M] () -- C:\WINDOWS\system32\config\system.sav

< %systemroot%\system32\drivers\*.sys /90 >
[2010/02/24 07:31:30 | 000,454,016 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\drivers\mrxsmb.sys

========== Alternate Data Streams ==========

@Alternate Data Stream - 124 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:6BD304B9
< End of report >


  • 0

#4
kahdah
Posted 15 May 2010 - 08:38 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
I would prefer to wait on the gmer results questions though are these files that you created:
[2007/11/04 20:30:56 | 000,000,786 | ---- | M] () -- C:\1280.bat
[2007/11/03 21:03:51 | 000,000,786 | ---- | M] () -- C:\1727.bat
[2007/11/04 17:48:56 | 000,000,786 | ---- | M] () -- C:\1793.bat
[2007/11/03 14:57:00 | 000,000,786 | ---- | M] () -- C:\3024.bat
[2007/11/03 22:12:41 | 000,000,786 | ---- | M] () -- C:\5859.bat
[2007/11/04 16:58:34 | 000,000,786 | ---- | M] () -- C:\6490.bat
[2007/11/04 10:13:39 | 000,000,786 | ---- | M] () -- C:\7028.bat
[2007/11/04 10:38:41 | 000,000,786 | ---- | M] () -- C:\7642.bat
  • 0

#5
TraceeMack
Posted 16 May 2010 - 08:16 PM

TraceeMack

    Member

  • Topic Starter
  • Member
  • PipPip
  • 10 posts
I dont believe so. Im still trying to run GMER Rootkit but when I go to save my computer freezes.
  • 0

#6
kahdah
Posted 17 May 2010 - 05:32 AM

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please unceck devices at the right and see if it will do it then.
If it still fails please try it in safe mode:
You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP