Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Please help with XP anti-virus 2011

Started by mary58 , Apr 13 2011 11:23 PM

  • This topic is locked This topic is locked

#31
BlackOxide
Posted 28 April 2011 - 02:23 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Thanks for the logs. Seems like the Rootkit is not present which is interesting. Can you run the following OTL fix for me please, then let me know whether you can update MBAM now. If not, what is the error that is appearing?


Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
FF - HKLM\software\mozilla\Firefox\extensions\\{EB132DB0-A4CA-11DF-9732-0E29E0D72085}: C:\Program Files\Object\internetengine [2011/04/23 19:01:43 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{e641e573-5f45-49f4-a2b6-986c6a89d4ad}: C:\Program Files\Object\searchtoolbar [2011/04/23 19:01:43 | 000,000,000 | ---D | M]
[2011/04/23 19:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\Object

:Services

:Reg

:Files
ipconfig /flushdns /c

:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done.
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

  • 0

Advertisements

#32
mary58
Posted 28 April 2011 - 02:53 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I still can't update MBAM, it runs through and shows 100% downloaded and then this error screen pops up

PROGRAM_ERROR_UPDATING (5,0,Create File) access is denied

Here is the OTL log.

OTL logfile created on: 4/28/2011 1:45:49 PM - Run 2
OTL by OldTimer - Version 3.2.22.3 Folder = C:\Documents and Settings\Mom\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 6.0.2900.2180)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1,022.00 Mb Total Physical Memory | 110.00 Mb Available Physical Memory | 11.00% Memory free
2.00 Gb Paging File | 1.00 Gb Available in Paging File | 57.00% Paging File free
Paging file location(s): C:\pagefile.sys 1536 3072 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 144.00 Gb Total Space | 25.73 Gb Free Space | 17.87% Space Free | Partition Type: NTFS
Drive I: | 554.19 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS
Drive K: | 120.35 Mb Total Space | 0.00 Mb Free Space | 0.00% Space Free | Partition Type: CDFS

Computer Name: MARYP | User Name: Mom | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/04/27 16:27:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
PRC - [2011/03/18 10:53:06 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/01/25 18:42:10 | 000,083,440 | ---- | M] (Google) -- C:\Documents and Settings\Mom\Local Settings\Application Data\Google\Google Talk Plugin\googletalkplugin.exe
PRC - [2010/11/30 14:20:36 | 000,997,408 | ---- | M] (Microsoft Corporation) -- C:\Program Files\Microsoft Security Client\msseces.exe
PRC - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe
PRC - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe
PRC - [2010/04/22 21:17:06 | 000,160,328 | ---- | M] (Siber Systems) -- C:\Program Files\Siber Systems\AI RoboForm\robotaskbaricon.exe
PRC - [2010/04/16 11:25:18 | 000,818,288 | ---- | M] (The Weather Channel Interactive, Inc.) -- C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe
PRC - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe
PRC - [2009/10/23 12:31:44 | 000,326,144 | ---- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe
PRC - [2009/08/16 08:35:36 | 000,167,936 | ---- | M] () -- C:\Program Files\Upromise\UpromiseTray.exe
PRC - [2009/05/21 10:55:32 | 000,206,064 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtcmd.exe
PRC - [2008/09/30 18:46:18 | 007,418,368 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.bin
PRC - [2008/09/30 18:46:12 | 007,424,000 | ---- | M] (OpenOffice.org) -- C:\Program Files\OpenOffice.org 3\program\soffice.exe
PRC - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe
PRC - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
PRC - [2007/10/31 16:11:34 | 000,015,696 | ---- | M] (Rosetta Stone Ltd.) -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
PRC - [2007/10/09 17:21:06 | 000,169,328 | ---- | M] (Maxtor Corporation) -- C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe
PRC - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/05/02 09:37:34 | 000,098,304 | ---- | M] (Mozilla Foundation) -- C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2004/06/29 09:23:32 | 000,135,168 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe
PRC - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe


========== Modules (SafeList) ==========

MOD - [2011/04/27 16:27:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - [2010/11/11 13:26:40 | 000,011,736 | ---- | M] (Microsoft Corporation) [Auto | Running] -- c:\Program Files\Microsoft Security Client\Antimalware\MsMpEng.exe -- (MsMpSvc)
SRV - [2010/08/23 20:21:40 | 000,013,672 | ---- | M] (Intuit Inc.) [Auto | Running] -- C:\Program Files\Common Files\Intuit\Update Service\IntuitUpdateService.exe -- (IntuitUpdateService)
SRV - [2009/10/23 12:31:44 | 000,401,920 | ---- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderService.exe -- (Amazon Download Agent)
SRV - [2008/09/02 13:45:40 | 000,658,432 | ---- | M] (Macrovision Europe Ltd.) [On_Demand | Stopped] -- C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe -- (FLEXnet Licensing Service)
SRV - [2008/08/13 18:32:40 | 000,201,968 | ---- | M] (SupportSoft, Inc.) [Auto | Running] -- C:\Program Files\Dell Support Center\bin\sprtsvc.exe -- (sprtsvc_dellsupportcenter) SupportSoft Sprocket Service (dellsupportcenter)
SRV - [2007/10/31 16:11:34 | 000,354,648 | ---- | M] (Rosetta Stone Ltd.) [Auto | Running] -- C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe -- (RosettaStoneLtdController)
SRV - [2007/10/09 17:21:02 | 000,124,280 | ---- | M] (Seagate Technology LLC) [Auto | Running] -- C:\Program Files\Seagate\Basics\Service\SyncServicesBasics.exe -- (Basics Service)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2005/10/06 18:12:30 | 000,855,552 | ---- | M] (Microsoft Corporation) [On_Demand | Stopped] -- C:\Program Files\Windows Media Connect 2\wmccds.exe -- (WMConnectCDS)
SRV - [2004/06/29 09:22:56 | 000,073,852 | ---- | M] (Intel Corporation) [Auto | Running] -- C:\Program Files\Intel\Intel Application Accelerator\IAANTmon.exe -- (IAANTMon)


========== Driver Services (SafeList) ==========

DRV - [2011/04/28 13:33:50 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8703D172-8626-4C75-B37B-B0B346C5007C}\MpKslbe87ec86.sys -- (MpKslbe87ec86)
DRV - [2011/04/28 10:40:15 | 000,028,752 | ---- | M] (Microsoft Corporation) [Kernel | System | Running] -- c:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8703D172-8626-4C75-B37B-B0B346C5007C}\MpKsl06e4d43c.sys -- (MpKsl06e4d43c)
DRV - [2011/04/19 15:39:51 | 000,052,352 | ---- | M] () [Kernel | Boot | Running] -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS -- (VolSnap)
DRV - [2010/12/20 18:09:00 | 000,038,224 | ---- | M] (Malwarebytes Corporation) [Kernel | Disabled | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mbamswissarmy.sys -- (MBAMSwissArmy)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/06/28 16:43:39 | 000,046,592 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\irbus.sys -- (IrBus)
DRV - [2005/05/31 10:30:57 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2004/09/17 07:02:54 | 000,732,928 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\senfilt.sys -- (senfilt)
DRV - [2004/08/25 11:28:46 | 000,787,456 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\ati2mtag.sys -- (ati2mtag)
DRV - [2004/07/27 19:43:00 | 000,485,888 | ---- | M] (ATI Technologies Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\atinewp2.sys -- (atinewp2)
DRV - [2004/06/15 20:52:40 | 000,061,157 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC53.sys -- (IntelC53)
DRV - [2004/05/29 15:41:54 | 000,186,112 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\b57xp32.sys -- (b57w2k)
DRV - [2004/03/05 20:15:34 | 000,647,929 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC52.sys -- (IntelC52)
DRV - [2004/03/05 20:14:42 | 001,233,525 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\IntelC51.sys -- (IntelC51)
DRV - [2004/03/05 20:13:38 | 000,037,048 | ---- | M] (Intel Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\mohfilt.sys -- (mohfilt)
DRV - [2002/11/08 11:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Main,Local Page = %SystemRoot%\system32\blank.htm

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.crosswalk.com/
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\..\URLSearchHook: {96b985b7-3cf9-456a-9db6-791710e60f5f} - C:\Program Files\MyPoints Toolbar 2.0\Helper.dll ()
IE - HKCU\..\URLSearchHook: {EF99BD32-C1FB-11D2-892F-0090271D4F88} - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0

========== FireFox ==========


FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2009/12/04 20:40:02 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/04/03 14:28:48 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 4.0\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/04 10:22:51 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Components: C:\Program Files\Mozilla Thunderbird\components [2009/11/22 20:16:00 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Thunderbird 2.0.0.22\extensions\\Plugins: C:\Program Files\Mozilla Thunderbird\plugins

[2008/06/19 20:44:01 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Extensions
[2011/04/27 13:18:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions
[2009/04/13 14:26:47 | 000,000,000 | ---D | M] (Coupon Manager) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{0C7E3F01-99E9-4095-9BDC-F84724960B57}
[2010/05/21 15:03:30 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/04/03 14:33:40 | 000,000,000 | ---D | M] (Swag Bucks Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{8bdea9d6-6f62-45eb-8ee9-8a81af0d2f94}
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (TranslatorBar 3.2 Community Toolbar) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\{c55f5517-246e-4426-b745-ee25b08eb8b4}
[2010/03/01 20:40:32 | 000,000,000 | ---D | M] ("Better GReader") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2008/06/30 10:11:34 | 000,000,000 | ---D | M] (FLYLADY) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Consumer Input") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\ConsumerInput@Compete
[2010/03/06 11:09:39 | 000,000,000 | ---D | M] (DeTiny URL Expander) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/03 14:52:00 | 000,000,000 | ---D | M] (Conduit Engine) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/23 14:31:41 | 000,000,000 | ---D | M] (Babylon) -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/03/22 10:06:48 | 000,000,000 | ---D | M] ("Tree Style Tab") -- C:\Documents and Settings\Mom\Application Data\Mozilla\Firefox\Profiles\icuhnbwz.default\extensions\[email protected]
[2011/04/26 19:13:58 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2010/08/01 18:26:51 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/03/18 10:53:24 | 000,142,296 | ---- | M] (Mozilla Foundation) -- C:\Program Files\Mozilla Firefox\components\browsercomps.dll
[2010/04/18 20:08:34 | 000,393,216 | ---- | M] (Invenda Corporation) -- C:\Program Files\Mozilla Firefox\plugins\NPcol400.dll
[2009/11/19 15:16:28 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2011/02/02 21:40:24 | 000,472,808 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll
[2009/11/19 15:16:29 | 000,091,552 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npMozCouponPrinter.dll
[2010/01/01 01:00:00 | 000,002,252 | ---- | M] () -- C:\Program Files\Mozilla Firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/04/17 13:46:42 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (no name) - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (AcroIEHlprObj Class) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll (Adobe Systems Incorporated)
O2 - BHO: (CescrtHlpr Object) - {2EECD738-5844-4a99-B4B6-146BF802613B} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\bh\BabylonToolbar.dll (Babylon BHO)
O2 - BHO: (no name) - {3EBBD0F6-1F1F-48A0-89DC-C7505D56E92A} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\SYSTEM32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (Freecause Toolbar BHO) - {614BDA1F-9BEF-4CD1-BDE4-FA4804929B4A} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O2 - BHO: (no name) - {724d43a9-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.1.1309.3572\swg.dll (Google Inc.)
O2 - BHO: (DCA BHO) - {B49699FC-1665-4414-A1CB-C4A2A4A13EEC} - C:\Program Files\Upromise\dca-bho.dll (Compete, Inc.)
O2 - BHO: (Upromise TurboSaver) - {EDC0F17F-F4B7-47e4-B73E-887FAEB376FA} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (Upromise TurboSaver) - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O3 - HKLM\..\Toolbar: (&RoboForm) - {724d43a0-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKLM\..\Toolbar: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKLM\..\Toolbar: (Babylon Toolbar) - {98889811-442D-49dd-99D7-DC866BE87DBC} - C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarTlbr.dll (Babylon Ltd.)
O3 - HKLM\..\Toolbar: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O3 - HKLM\..\Toolbar: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O3 - HKLM\..\Toolbar: (GetDailyCoupon.com Toolbar) - {F8E689F4-E66C-41be-8497-AD9556FBE439} - C:\Program Files\SBar\ToolBand.dll (GetDailyCoupon.com)
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - No CLSID value found.
O3 - HKCU\..\Toolbar\ShellBrowser: (no name) - {A057A204-BACC-4D26-CEC4-75A487FD6484} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {0B53EAC3-8D69-4B9E-9B19-A37C9A5676A7} - No CLSID value found.
O3 - HKCU\..\Toolbar\WebBrowser: (&RoboForm) - {724D43A0-0D85-11D4-9908-00400523E39A} - C:\Program Files\Siber Systems\AI RoboForm\roboform.dll (Siber Systems Inc.)
O3 - HKCU\..\Toolbar\WebBrowser: (MyPoints Point Finder) - {89A2510A-B4B6-4683-BEC9-1B96700BC7F1} - C:\Program Files\MyPoints Toolbar 2.0\Toolbar.dll ()
O3 - HKCU\..\Toolbar\WebBrowser: (FLYLADY BenefitBar) - {E19E589B-749F-4641-9ED3-032DEB7A8D92} - C:\Program Files\BenefitBarIE\benefitbar.dll ()
O4 - HKLM..\Run: [AmazonGSDownloaderTray] C:\Program Files\Amazon\Amazon Games & Software Downloader\AmazonGSDownloaderTray.exe (Amazon.com)
O4 - HKLM..\Run: [BabylonToolbar] C:\Program Files\BabylonToolbar\BabylonToolbar\1.4.19.5\BabylonToolbarsrv.exe (Babylon Ltd.)
O4 - HKLM..\Run: [basicsmssmenu] C:\Program Files\Seagate\Basics\Basics Status\MaxMenuMgrBasics.exe (Maxtor Corporation)
O4 - HKLM..\Run: [dellsupportcenter] C:\Program Files\Dell Support Center\bin\sprtcmd.exe (SupportSoft, Inc.)
O4 - HKLM..\Run: [IAAnotif] C:\Program Files\Intel\Intel Application Accelerator\IAAnotif.exe (Intel Corporation)
O4 - HKLM..\Run: [MSC] c:\Program Files\Microsoft Security Client\msseces.exe (Microsoft Corporation)
O4 - HKCU..\Run: [DW6] C:\Program Files\The Weather Channel FW\Desktop\DesktopWeather.exe (The Weather Channel Interactive, Inc.)
O4 - HKCU..\Run: [RoboForm] C:\Program Files\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe (Siber Systems)
O4 - HKCU..\Run: [Upromise Tray] C:\Program Files\Upromise\UpromiseTray.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe (Adobe Systems Incorporated)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\dlbcserv.lnk = C:\Program Files\Dell Photo Printer 720\dlbcserv.exe ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\HP Image Zone Fast Start.lnk = C:\Program Files\HP\Digital Imaging\bin\hpqthb08.exe (Hewlett-Packard Co.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Media Card Companion Monitor.lnk = C:\Program Files\ArcSoft\Media Card Companion\MCC Monitor.exe (Arcsoft, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Fast Start.lnk = C:\MSOffice95\Office\FASTBOOT.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office Find Fast Indexer.lnk = C:\MSOffice95\Office\FINDFAST.EXE ()
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Snapfish PictureMover.lnk = C:\Program Files\Snapfish PictureMover\PictureMover.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\OpenOffice.org 3.0.lnk = C:\Program Files\OpenOffice.org 3\program\quickstart.exe ()
O4 - Startup: C:\Documents and Settings\Mom\Start Menu\Programs\Startup\Premium Awana VerseMinder.lnk = C:\Program Files\VerseMinder\awanapremium\xulrunner\xulrunner.exe (Mozilla Foundation)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Customize Menu - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComCustomizeIEMenu.html ()
O8 - Extra context menu item: Fill Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O8 - Extra context menu item: RoboForm Toolbar - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O8 - Extra context menu item: Save Forms - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra 'Tools' menuitem : Upromise TurboSaver - {06E58E5E-F8CB-4049-991E-A41C03BD419E} - C:\Program Files\Upromise\upromisetoolbar.dll (Upromise, Inc.)
O9 - Extra Button: Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra 'Tools' menuitem : Fill Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F46} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComFillForms.html ()
O9 - Extra Button: Save - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra 'Tools' menuitem : Save Forms - {320AF880-6646-11D3-ABEE-C5DBF3571F49} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComSavePass.html ()
O9 - Extra Button: RoboForm - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O9 - Extra 'Tools' menuitem : RoboForm Toolbar - {724d43aa-0d85-11d4-9908-00400523e39a} - C:\Program Files\Siber Systems\AI RoboForm\RoboFormComShowToolbar.html ()
O15 - HKLM\..Trusted Domains: musicmatch.com ([online] https in Trusted sites)
O15 - HKCU\..Trusted Domains: intuit.com ([ttlc] https in Trusted sites)
O15 - HKCU\..Trusted Domains: turbotax.com ([]https in Trusted sites)
O16 - DPF: {5E92F538-B50B-46C5-9C5F-C6EECED3F6C6} http://www.infospace...pointsSetup.exe (Reg Error: Key error.)
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} http://download.eset...lineScanner.cab (OnlineScanner Control)
O16 - DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} http://fpdownload.ma...t/ultrashim.cab (Reg Error: Key error.)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: {EB387D2F-E27B-4D36-979E-847D1036C65D} http://h30043.www3.h.../qdiagh.cab?326 (QDiagHUpdateObj Class)
O16 - DPF: PackageCab http://www.imgag.com...tall/AxCtp2.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 192.168.1.1
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O24 - Desktop Components:0 () - http://www.salt.org....s/smweblogo.gif
O24 - Desktop Components:1 (My Current Home Page) - About:Home
O24 - Desktop WallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Mom\Local Settings\Application Data\Microsoft\Wallpaper1.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2006/10/14 17:42:10 | 000,000,658 | ---- | M] () - C:\autoAlbum.log -- [ NTFS ]
O32 - AutoRun File - [2004/08/19 14:07:14 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O32 - AutoRun File - [2010/11/03 17:47:53 | 000,000,113 | R--- | M] () - I:\autorun.inf -- [ CDFS ]
O32 - AutoRun File - [2004/02/17 23:01:46 | 000,000,059 | R--- | M] () - K:\Autorun.inf -- [ CDFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O35 - HKCU\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/04/28 13:31:09 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/04/27 16:27:05 | 000,580,608 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/27 12:52:11 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2011/04/27 12:51:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\SpywareBlaster
[2011/04/27 12:51:22 | 000,000,000 | ---D | C] -- C:\Program Files\SpywareBlaster
[2011/04/24 12:53:34 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\BabylonToolbar
[2011/04/23 19:01:40 | 000,000,000 | ---D | C] -- C:\Program Files\SBar
[2011/04/23 14:31:35 | 000,000,000 | ---D | C] -- C:\Program Files\BabylonToolbar
[2011/04/23 14:31:34 | 000,000,000 | ---D | C] -- C:\Program Files\Babylon
[2011/04/17 15:47:41 | 000,000,000 | ---D | C] -- C:\Program Files\ESET
[2011/04/17 15:01:31 | 000,000,000 | -HSD | C] -- C:\RECYCLER
[2011/04/17 13:36:04 | 000,000,000 | RHSD | C] -- C:\cmdcons
[2011/04/16 22:53:20 | 000,000,000 | ---D | C] -- C:\WINDOWS\System32\Adobe
[2011/04/16 22:49:37 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\AdobeUM
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Identities
[2011/04/16 15:35:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Identities
[2011/04/15 22:20:00 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Local Settings\Application Data\Adobe
[2011/04/15 17:54:26 | 000,000,000 | ---D | C] -- C:\WINDOWS\ERDNT
[2011/04/15 16:31:04 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Mom\Application Data\Malwarebytes
[2011/04/15 15:48:13 | 000,038,224 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/04/15 15:48:13 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/04/15 15:48:12 | 000,000,000 | -H-D | C] -- C:\Documents and Settings\All Users\Application Data\Malwarebytes
[2011/04/15 15:48:07 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/04/13 09:30:06 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Sun
[2011/04/13 09:29:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Local Settings\Application Data\Adobe
[2011/04/12 15:53:19 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Macromedia
[2011/04/12 15:52:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/04/12 15:35:27 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/04/12 15:34:59 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[1979/12/31 22:00:00 | 000,151,552 | ---- | C] ( ) -- C:\WINDOWS\System32\ATIDEMGR.dll

========== Files - Modified Within 30 Days ==========

[2011/04/28 13:48:01 | 000,000,880 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/04/28 13:47:00 | 000,000,970 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005UA.job
[2011/04/28 13:38:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\tasks\MP Scheduled Scan.job
[2011/04/28 13:34:15 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/04/28 13:34:00 | 000,000,868 | ---- | M] () -- C:\WINDOWS\tasks\Google Software Updater.job
[2011/04/28 13:33:46 | 000,000,876 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/04/28 13:33:41 | 000,000,370 | ---- | M] () -- C:\WINDOWS\tasks\AlarmXP Pro.job
[2011/04/28 13:33:39 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/04/28 13:33:35 | 1071,812,608 | -HS- | M] () -- C:\hiberfil.sys
[2011/04/28 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\tasks\SHUTDOWN.job
[2011/04/28 10:47:01 | 000,000,918 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskUserS-1-5-21-1532243995-3657090055-2956115912-1005Core.job
[2011/04/27 16:27:20 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Mom\Desktop\OTL.exe
[2011/04/27 12:52:01 | 000,000,690 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\SpywareBlaster.lnk
[2011/04/27 12:41:38 | 000,000,688 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to mbam.lnk
[2011/04/27 10:57:20 | 000,513,768 | ---- | M] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2011/04/25 15:29:58 | 000,000,622 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to CCleaner.lnk
[2011/04/19 15:39:51 | 000,052,352 | ---- | M] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2011/04/17 17:52:43 | 000,044,074 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2011/04/17 15:15:37 | 000,000,699 | ---- | M] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:46:42 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/04/17 13:36:08 | 000,000,325 | RHS- | M] () -- C:\BOOT.INI
[2011/04/15 22:07:09 | 000,001,324 | ---- | M] () -- C:\WINDOWS\System32\d3d9caps.dat
[2011/04/15 20:51:48 | 000,001,424 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | M] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 15:48:14 | 000,000,784 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\tasks\CCleaner.job
[2011/04/03 14:28:52 | 000,000,742 | ---- | M] () -- C:\Documents and Settings\Mom\Application Data\Microsoft\Internet Explorer\Quick Launch\Mozilla Firefox.lnk
[2011/04/03 14:28:52 | 000,000,724 | -H-- | M] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk

========== Files Created - No Company Name ==========

[2011/04/27 12:52:01 | 000,000,690 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\SpywareBlaster.lnk
[2011/04/27 12:41:37 | 000,000,688 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to mbam.lnk
[2011/04/25 15:29:58 | 000,000,622 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to CCleaner.lnk
[2011/04/17 15:04:11 | 000,000,699 | ---- | C] () -- C:\Documents and Settings\Mom\Desktop\Shortcut to YNAB 3.lnk
[2011/04/17 13:36:08 | 000,000,209 | ---- | C] () -- C:\Boot.bak
[2011/04/17 13:36:04 | 000,260,272 | RHS- | C] () -- C:\cmldr
[2011/04/15 20:51:47 | 000,001,424 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205145.reg
[2011/04/15 20:51:17 | 000,000,082 | ---- | C] () -- C:\Documents and Settings\Mom\My Documents\cc_20110415_205112.reg
[2011/04/15 15:48:14 | 000,000,784 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\korwbrkr.lex
[2011/04/12 17:02:12 | 001,158,818 | ---- | C] () -- C:\WINDOWS\System32\dllcache\korwbrkr.lex
[2011/04/12 17:02:12 | 000,002,060 | ---- | C] () -- C:\WINDOWS\System32\noise.jpn
[2011/04/12 17:02:12 | 000,001,486 | ---- | C] () -- C:\WINDOWS\System32\noise.kor
[2011/04/12 17:01:39 | 000,211,938 | ---- | C] () -- C:\WINDOWS\System32\lcphrase.tbl
[2011/04/12 17:01:39 | 000,146,126 | ---- | C] () -- C:\WINDOWS\System32\array30.tab
[2011/04/12 17:01:39 | 000,110,566 | ---- | C] () -- C:\WINDOWS\System32\arphr.tbl
[2011/04/12 17:01:39 | 000,018,600 | ---- | C] () -- C:\WINDOWS\System32\arrayhw.tab
[2011/04/12 17:01:39 | 000,016,312 | ---- | C] () -- C:\WINDOWS\System32\arptr.tbl
[2011/04/12 17:01:38 | 000,043,242 | ---- | C] () -- C:\WINDOWS\System32\phoncode.tbl
[2011/04/12 17:01:38 | 000,024,114 | ---- | C] () -- C:\WINDOWS\System32\lcptr.tbl
[2011/04/12 17:01:38 | 000,004,071 | ---- | C] () -- C:\WINDOWS\System32\phon.tbl
[2011/04/12 17:01:38 | 000,002,714 | ---- | C] () -- C:\WINDOWS\System32\phonptr.tbl
[2011/04/12 17:01:38 | 000,000,700 | ---- | C] () -- C:\WINDOWS\System32\dayiptr.tbl
[2011/04/12 17:01:38 | 000,000,520 | ---- | C] () -- C:\WINDOWS\System32\dayiphr.tbl
[2011/04/12 17:01:36 | 000,116,285 | ---- | C] () -- C:\WINDOWS\System32\msdayi.tbl
[2011/04/12 17:01:35 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\acode.tbl
[2011/04/12 17:01:33 | 000,044,370 | ---- | C] () -- C:\WINDOWS\System32\a234.tbl
[2011/04/12 17:01:31 | 000,001,460 | ---- | C] () -- C:\WINDOWS\System32\a15.tbl
[2011/04/12 17:01:14 | 001,223,500 | ---- | C] () -- C:\WINDOWS\System32\WINZM.MB
[2011/04/12 17:01:13 | 001,783,864 | ---- | C] () -- C:\WINDOWS\System32\WINPY.MB
[2011/04/12 17:01:13 | 001,564,868 | ---- | C] () -- C:\WINDOWS\System32\WINSP.MB
[2011/04/12 17:01:06 | 000,134,339 | ---- | C] () -- C:\WINDOWS\System32\dllcache\imekr.lex
[2011/04/12 17:01:06 | 000,108,827 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hanja.lex
[2011/04/12 17:00:39 | 013,463,552 | ---- | C] () -- C:\WINDOWS\System32\dllcache\hwxjpn.dll
[2011/04/03 14:28:52 | 000,000,724 | -H-- | C] () -- C:\Documents and Settings\All Users\Desktop\Mozilla Firefox.lnk
[2011/04/03 14:28:51 | 000,000,730 | -H-- | C] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Mozilla Firefox.lnk
[2011/03/16 01:39:06 | 000,370,560 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/11/06 20:26:02 | 000,000,274 | ---- | C] () -- C:\WINDOWS\pcps.ini
[2009/12/04 21:49:40 | 000,023,121 | ---- | C] () -- C:\WINDOWS\hpqins15.dat.temp
[2009/12/04 20:35:33 | 000,022,739 | ---- | C] () -- C:\WINDOWS\hpqins15.dat
[2009/12/02 22:27:20 | 000,196,094 | ---- | C] () -- C:\WINDOWS\hpoins41.dat
[2009/12/02 22:27:19 | 000,001,253 | ---- | C] () -- C:\WINDOWS\hpomdl41.dat
[2009/09/19 17:19:34 | 000,000,019 | ---- | C] () -- C:\WINDOWS\SoundConverter.INI
[2009/09/17 20:54:44 | 000,000,002 | ---- | C] () -- C:\WINDOWS\msoffice.ini
[2008/11/20 11:51:01 | 000,000,421 | ---- | C] () -- C:\WINDOWS\dellstat.ini
[2008/05/17 15:58:21 | 000,001,160 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2008/02/24 21:24:47 | 000,000,021 | ---- | C] () -- C:\WINDOWS\atid.ini
[2007/11/27 11:23:15 | 000,000,316 | ---- | C] () -- C:\WINDOWS\SIERRA.INI
[2007/10/19 09:55:46 | 000,000,000 | ---- | C] () -- C:\WINDOWS\PROTOCOL.INI
[2007/09/06 16:21:04 | 000,000,287 | ---- | C] () -- C:\WINDOWS\EReg072.dat
[2007/01/21 13:53:31 | 000,000,067 | ---- | C] () -- C:\WINDOWS\A5W.INI
[2007/01/19 18:38:04 | 000,000,028 | ---- | C] () -- C:\WINDOWS\EzyTuner.INI
[2006/12/25 14:44:47 | 000,004,121 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2006/09/06 15:54:11 | 000,000,231 | ---- | C] () -- C:\WINDOWS\POWERPNT.INI
[2006/09/06 15:53:40 | 000,000,032 | ---- | C] () -- C:\WINDOWS\GRAPH5.INI
[2006/08/24 12:11:26 | 000,000,098 | ---- | C] () -- C:\WINDOWS\TYPEINST.INI
[2006/08/23 12:19:19 | 000,000,016 | ---- | C] () -- C:\WINDOWS\popcinfo.dat
[2006/06/24 21:09:59 | 000,005,632 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/06/18 14:41:21 | 000,021,791 | ---- | C] () -- C:\WINDOWS\System32\smtpctrs.ini
[2006/06/18 14:41:21 | 000,001,037 | ---- | C] () -- C:\WINDOWS\System32\ntfsdrct.ini
[2006/06/15 20:46:23 | 001,255,424 | ---- | C] () -- C:\WINDOWS\System32\V4RB.dll
[2006/06/15 20:46:23 | 000,061,952 | ---- | C] () -- C:\WINDOWS\System32\rbap350.dll
[2006/06/10 19:49:01 | 000,100,724 | ---- | C] () -- C:\WINDOWS\cpeins04.dat
[2006/06/10 19:49:01 | 000,017,176 | ---- | C] () -- C:\WINDOWS\hpomdl04.dat.temp
[2006/06/10 10:47:35 | 000,000,206 | ---- | C] () -- C:\WINDOWS\HPGdiPlus.ini
[2006/04/06 20:15:30 | 000,000,000 | ---- | C] () -- C:\WINDOWS\hpqEmlSz.INI
[2006/01/09 11:56:08 | 000,001,316 | ---- | C] () -- C:\WINDOWS\System32\d3d8caps.dat
[2005/07/11 16:46:25 | 000,000,215 | ---- | C] () -- C:\WINDOWS\Quicken.ini
[2005/06/14 19:19:44 | 000,000,056 | ---- | C] () -- C:\WINDOWS\PSDXPORT.INI
[2005/06/14 12:10:57 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2005/06/11 18:48:58 | 000,001,324 | ---- | C] () -- C:\WINDOWS\System32\d3d9caps.dat
[2005/06/07 19:38:10 | 000,044,074 | ---- | C] () -- C:\Documents and Settings\Mom\Application Data\wklnhst.dat
[2005/06/07 16:56:49 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/06/06 17:09:27 | 000,001,095 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2005/06/06 17:08:36 | 000,001,237 | ---- | C] () -- C:\WINDOWS\ipconfig.dat
[2005/06/06 16:39:00 | 000,000,126 | ---- | C] () -- C:\Documents and Settings\Mom\Local Settings\Application Data\fusioncache.dat
[2005/05/31 10:41:20 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2005/05/31 10:33:46 | 000,000,180 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2005/05/31 10:30:15 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2005/05/31 10:29:06 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2005/05/31 10:13:52 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2005/05/31 10:12:54 | 000,442,892 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2005/05/31 10:12:54 | 000,072,158 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2005/05/31 09:55:04 | 000,000,367 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2005/04/09 09:49:48 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2005/02/23 12:05:34 | 000,049,152 | ---- | C] () -- C:\WINDOWS\SETPWRCG.EXE
[2004/08/19 14:22:58 | 000,000,882 | ---- | C] () -- C:\WINDOWS\ORUN32.INI
[2004/08/19 14:13:18 | 000,513,768 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2004/08/19 14:06:50 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2004/08/19 14:03:06 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2004/08/19 11:25:28 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.BIN
[2004/08/19 11:25:28 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\OEMBIOS.DAT
[2004/08/10 03:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2004/08/10 03:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2004/08/10 03:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2004/08/10 03:00:00 | 000,052,352 | ---- | C] () -- C:\WINDOWS\System32\drivers\VOLSNAP.SYS
[2004/08/10 03:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2004/08/10 03:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2004/08/10 03:00:00 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\SECUPD.DAT
[2004/08/10 03:00:00 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2004/08/10 03:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[2003/07/31 15:16:46 | 000,000,017 | -H-- | C] () -- C:\WINDOWS\System32\drivers\DVEMODEM.DAT
[1999/12/02 11:01:20 | 000,229,376 | ---- | C] () -- C:\WINDOWS\System32\ISP2000.dll
[1996/08/20 21:37:20 | 000,015,840 | ---- | C] () -- C:\WINDOWS\System32\Machnm1.exe
[1996/03/20 00:00:00 | 000,107,008 | ---- | C] () -- C:\WINDOWS\System32\TTEMB32.DLL
[1996/03/20 00:00:00 | 000,068,096 | ---- | C] () -- C:\WINDOWS\System32\MSROUTE.DLL
[1996/03/20 00:00:00 | 000,053,760 | ---- | C] () -- C:\WINDOWS\System32\OPENENU.DLL
[1996/03/20 00:00:00 | 000,006,352 | ---- | C] () -- C:\WINDOWS\System32\VISXUTIL.DLL
[1996/03/20 00:00:00 | 000,000,586 | ---- | C] () -- C:\WINDOWS\MSTXTCNV.INI
[1979/12/31 22:00:00 | 000,389,120 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.exe
[1979/12/31 22:00:00 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\ati2evxx.dll

========== LOP Check ==========

[2010/08/27 10:44:50 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2005/05/31 10:25:53 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\BVRP Software
[2008/12/06 12:14:59 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Graboid Inc
[2006/08/24 12:03:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Individual Software
[2009/08/02 20:29:49 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Launcher
[2006/05/29 14:02:25 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\MGCSoft
[2008/02/29 17:19:00 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2010/09/14 21:04:01 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Photodex
[2010/04/22 21:18:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RoboForm
[2011/04/17 15:01:05 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Rosetta Stone
[2007/11/14 16:19:47 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\RosettaStoneLtdServices
[2008/11/28 16:28:56 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Seagate
[2008/01/04 20:18:45 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\SupportSoft
[2011/04/27 12:52:11 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2006/04/18 15:48:10 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TGHomeSoft
[2007/03/22 15:45:04 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\TurboTax 2006
[2009/06/16 17:28:24 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2007/11/06 20:31:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\A9 Toolbar
[2008/01/06 15:16:16 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\acccore
[2005/06/19 19:06:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Aim
[2009/12/06 16:02:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Amazon
[2011/04/24 12:53:34 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\BabylonToolbar
[2010/07/01 15:34:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\com.youneedabudget.YNAB3.Live.9C763150EFAB05FD2A2B78705C7A54E2FCDDE07D.1
[2009/12/02 11:36:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\E-centives
[2009/11/20 21:50:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\FCTB000060497
[2007/10/15 21:07:49 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\GARMIN
[2005/06/06 18:35:02 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Leadertech
[2008/10/03 21:32:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\LEGO Company
[2010/04/14 16:19:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Memorize Truth
[2006/05/29 13:59:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MGCSoft
[2006/06/18 09:42:21 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\MSNInstaller
[2007/03/06 14:07:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Musicmatch
[2010/09/14 21:04:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Netscape
[2008/11/11 21:15:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OpenOffice.org
[2008/02/01 16:06:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\OverDrive
[2005/07/12 12:51:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Palo Alto Software Inc
[2008/02/25 10:35:51 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\QQ Games Plugin
[2011/02/26 14:41:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Search Settings
[2008/06/08 21:02:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Snapfish
[2009/08/02 20:07:19 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Thunderbird
[2010/03/14 21:19:44 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\upromise
[2007/12/07 10:51:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\Viewpoint
[2008/07/11 15:34:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\WordWeb
[2009/06/04 20:31:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Mom\Application Data\XNote Stopwatch
[2011/04/28 13:33:41 | 000,000,370 | ---- | M] () -- C:\WINDOWS\Tasks\AlarmXP Pro.job
[2011/04/10 11:00:02 | 000,000,272 | ---- | M] () -- C:\WINDOWS\Tasks\CCleaner.job
[2011/04/28 13:38:50 | 000,000,424 | -H-- | M] () -- C:\WINDOWS\Tasks\MP Scheduled Scan.job
[2010/11/19 22:20:01 | 000,000,280 | ---- | M] () -- C:\WINDOWS\Tasks\pixillionShakeIcon.job
[2011/04/28 13:30:00 | 000,000,274 | ---- | M] () -- C:\WINDOWS\Tasks\SHUTDOWN.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 304 bytes -> C:\Documents and Settings\Mom\My Documents\Spectrum Plus Label Sheet2.png:SummaryInformation

< End of report >
  • 0

#33
BlackOxide
Posted 29 April 2011 - 11:25 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Could you try uninstalling MBAM, then reinstall it by downloading the file from here. Once it has been reinstalled, check to see if it can now update properly.

Just for your information, the 6 infections that MBAM removed previously are Adware items, whereby they can display popup advertisements randomly, so it shouldn't be much to worry about.

You do have quite a few toolbars in both IE and Firefox. If there are some that you either did not install or don't use anymore I would Disable them, as it will improve load times in your browser. From the OTL log I can see these are currently installed:

Coupon Manager
Swag Bucks Community Toolbar
TranslatorBar 3.2 Community Toolbar
Better GReader
FLYLADY Benefitbar
Consumer Input
DeTiny URL Expander
Babylon
Tree Style Tab
Coupons, Inc.
Freecause Toolbar


To Disable/Uninstall toolbars in Firefox:
Click the Firefox button at the top left, then click Addons
Click an addon then choose to Remove it or just temporarily Disable it


In Internet Explorer:
Click Tools, then Manage Addons
Click an addon, then click Disable



Could you run a Quick Scan with your Security Essentials please. Let me know if any items are found :)
  • 0

#34
mary58
Posted 29 April 2011 - 12:51 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I re-installed MBAM and was able to get the updates.

I ran both MBAM and Security Essentials, and both showed clean.

I cannot update Security Essentials, though I was able to a few days ago.

I still cannot run Windows Updates, even from the website.

I did get rid of some of the toolbars.

I really, really appreciate your help. Thankyou.
  • 0

#35
BlackOxide
Posted 29 April 2011 - 01:26 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
No problem, you're welcome, thanks for your patience, I'm sure we'll get it sorted soon.

When you try and update Windows do you get an error code, they usually begin with 0x. If so, could you let me know what the full error code is please.
  • 0

#36
mary58
Posted 29 April 2011 - 02:33 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
The error code is 0x80070424
  • 0

#37
BlackOxide
Posted 29 April 2011 - 02:54 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Looks like this could be a problem with the BITS service not running, which is required by Windows Update. Can you try the following for me to see if Windows Update starts working. If you get an error trying to start one of the services, just let me know which one came up with an error.


  • Click Start, click Run, type services.msc, and then click OK.
  • Double-click Background Intelligent Transfer Service.
  • If the Startup status shows "Stopped," click Start, and then click OK.
  • Double-click Automatic Updates.
  • If the Startup status shows "Stopped," click Start, and then click OK.
  • Double-click Workstation.
  • If the Startup status shows "Stopped," click Start, and then click OK.
  • Close the Services dialog box and then try to install updates again.

  • 0

#38
mary58
Posted 29 April 2011 - 03:37 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
Still getting the same error code.
  • 0

#39
BlackOxide
Posted 30 April 2011 - 07:19 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Okey Dokey, lets now try the following...


  • Click Start, click Run, type the following command in the Open box, and then click OK.
  • regsvr32 Qmgr.dll /s
  • Click Start, click Run, type the following command in the Open box, and then click OK.
  • regsvr32 Qmgrprxy.dll /s
  • Click Start, click Run, type the following command in the Open box, and then click OK.
  • regsvr32 wuaueng.dll /s
  • Now reboot the PC, then try updating Windows again. If it still doesn't work, can you verify that the Background Intelligent Transfer Service is "running", by going into the services.msc window like before.

  • 0

#40
mary58
Posted 01 May 2011 - 05:13 PM

mary58

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 105 posts
I was able to download ALL the Windows Updates. My computer runs much better without all the Malware. And I am now able to start in Safe Mode, which I was not able to do before.
  • 0

Advertisements

#41
BlackOxide
Posted 02 May 2011 - 09:30 AM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Excellent. It looks like you should be fine now. You can go ahead and click the Clenaup button in OTL again, which will remove itself and it's quarantine folder. If any other malware items or problems appear in the near future, just let me know, but your logs now look good to me :)
  • 0

#42
BlackOxide
Posted 09 May 2011 - 03:01 PM

BlackOxide

    Trusted Helper

  • Malware Removal
  • 1,976 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP