Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

(OTL Included) Antimalware Doctor Virus Infection


  • This topic is locked This topic is locked

#1
savedglory

savedglory

    Member

  • Member
  • PipPip
  • 13 posts
Hi guys and thanks in advance for the help! I truly appreciate it.

Last night I was downloading a friend's video from MegaUpload and as it started to download, I got infected with what it says is AntiMalware Doctor an obvious virus that's trying to scan my system and get my credit card information. I've used Malwarebytes, Avast, and RKill, with no success in doing anything. It looks like one of the .exe files the virus/malware is under is called "bagn70dol.exe". I also noticed "Flehia.exe" as well. I've tried using Malwarebytes, RKill, and Avast in safe mode and normal modes, and just don't know what else to do.

Below is the OTL log that I just ran. Again, I really really really appreciate any help you can provide!

***LOG BELOW:

OTL logfile created on: 6/14/2011 1:47:25 PM - Run 1
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and Settings\Tiara\My Documents\Downloads
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 186.68 Mb Available Physical Memory | 18.40% Memory free
2.38 Gb Paging File | 1.38 Gb Available in Paging File | 57.72% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 67.60 Gb Total Space | 21.71 Gb Free Space | 32.12% Space Free | Partition Type: NTFS

Computer Name: SAVEDGLORY | User Name: Tiara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - File not found --
PRC - [2011/06/14 13:43:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tiara\My Documents\Downloads\OTL.exe
PRC - [2011/06/13 21:39:43 | 000,062,464 | ---- | M] ( ) -- C:\Documents and Settings\Tiara\Application Data\s5sf.exe
PRC - [2011/06/13 21:39:37 | 000,238,080 | ---- | M] () -- C:\Documents and Settings\Tiara\Local Settings\Temp\Fjl.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/22 21:22:50 | 000,912,344 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2010/09/13 12:48:14 | 000,097,384 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
PRC - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe
PRC - [2010/02/21 17:09:32 | 000,386,872 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\Java\jre6\bin\jucheck.exe
PRC - [2009/05/27 12:00:24 | 000,753,664 | ---- | M] (Apple Inc.) -- C:\Program Files\AirPort\APAgent.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/19 18:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/08/22 14:32:18 | 000,184,320 | ---- | M] (CyberLink Corp.) -- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/03/24 22:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.) -- C:\WINDOWS\stsystra.exe
PRC - [2004/08/10 04:00:00 | 000,180,224 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\system32\dwwin.exe
PRC - [2004/08/10 04:00:00 | 000,069,632 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\lssas.exe
PRC - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/14 13:43:09 | 000,580,608 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Tiara\My Documents\Downloads\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/06/13 21:40:31 | 000,000,107 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\Tiara\Application Data\Plug.bat -- (Plug Manager)
SRV - [2011/06/13 21:40:10 | 000,000,105 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\Tiara\Application Data\LocalAccountAuthority.bat -- (Local Account Authority Service)
SRV - [2011/06/13 21:39:50 | 000,000,104 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\Tiara\Application Data\MouseDriver.bat -- (MouseDriver)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto | Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe -- (PassThru Service)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com) [Auto | Running] -- C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/02/19 18:58:30 | 000,083,504 | ---- | M] (SingleClick Systems) [Auto | Running] -- C:\Program Files\Dell Network Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint Corporation) [Auto | Running] -- C:\Program Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager Service)
SRV - [2006/12/15 00:34:43 | 000,086,528 | ---- | M] (Google) [On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto | Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL ACS)
SRV - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online, Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe -- (WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win 7 DDK provider) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC, Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/04/17 19:34:56 | 000,012,464 | ---- | M] (Macrovision Europe Ltd) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick Systems) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/15 00:32:29 | 000,010,344 | ---- | M] (Symantec Corporation) [Kernel | Auto | Running] -- C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/12/15 00:26:55 | 000,008,552 | ---- | M] (Windows ® 2000 DDK provider) [Kernel | Auto | Running] -- C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/22 23:34:36 | 000,604,928 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 06:23:08 | 000,044,544 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 22:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek Technologies Ltd.) [Kernel | On_Demand | Running] -- C:\Program Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS -- (APPDRV)
DRV - [2005/07/14 22:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys -- (rimmptsk)
DRV - [2005/07/14 21:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys -- (rismxdp)
DRV - [2005/07/12 23:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys -- (rimsptsk)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc) [Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys -- (omci)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online, Inc.) [Kernel | On_Demand | Running] -- C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061215
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061215

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL = www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl: "http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage: "about:myworld|http://www.flock.com/start/"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{D53F4178-B58D-4E40-89BC-9873E1F02355}: C:\Documents and Settings\Tiara\Local Settings\Application Data\{D53F4178-B58D-4E40-89BC-9873E1F02355} [2011/06/13 17:27:07 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{913DB4E6-E193-4AF8-9FB8-AB7BD3EEF8DC}: C:\Documents and Settings\Adriann\Local Settings\Application Data\{913DB4E6-E193-4AF8-9FB8-AB7BD3EEF8DC} [2011/06/13 19:29:21 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/13 22:32:13 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program Files\Flock\flock\plugins [2011/01/23 14:59:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program Files\Flock\flock\components [2011/01/23 14:59:23 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/06/13 19:25:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/04/22 21:23:05 | 000,000,000 | ---D | M]

[2009/03/26 14:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tiara\Application Data\Mozilla\Extensions
[2009/03/26 14:05:16 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tiara\Application Data\Mozilla\Extensions\[email protected]
[2011/06/14 13:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tiara\Application Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions
[2010/09/17 10:07:45 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Tiara\Application Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/19 14:47:47 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Tiara\Application Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/13 17:27:06 | 000,000,000 | ---D | M] (Yontoo Layers) -- C:\Documents and Settings\Tiara\Application Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions\[email protected]
[2011/06/14 13:35:46 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2007/09/05 21:29:57 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/06/27 20:20:19 | 000,000,000 | ---D | M] (Google Toolbar for Firefox) -- C:\DOCUMENTS AND SETTINGS\TIARA\APPLICATION DATA\FLOCK\BROWSER\PROFILES\KCD42Z1Z.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) -- C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/06/13 04:45:04 | 000,000,919 | RH-- | M]) - C:\WINDOWS\system32\drivers\etc\hosts
O1 - Hosts: 67.205.118.181 www.google.com
O1 - Hosts: 67.205.118.182 search.yahoo.com
O1 - Hosts: 67.205.118.182 www.bing.com
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found.
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll (Dell Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} - C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cleanddm] File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync 3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [oeqvxfh] C:\Documents and Settings\Tiara\Application Data\s5sf.exe ( )
O4 - HKLM..\Run: [PCMService] C:\Program Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - HKLM..\Run: [Vwamixaqabezaxeq] C:\WINDOWS\efixizux.dll ()
O4 - HKCU..\Run: [4ECYTQ9SIC] File not found
O4 - HKCU..\Run: [Afiroxuxuvijuk] File not found
O4 - HKCU..\Run: [bagn70dol.exe] File not found
O4 - HKCU..\Run: [ModemOnHold] File not found
O4 - HKCU..\Run: [W1WIWQ1NPG] File not found
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe (Amazon.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallVisualStyle = C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System: InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra 'Tools' menuitem : ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Tiara\Start Menu\Programs\IMVU\Run IMVU.lnk ()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8} http://www.worldwinn...am/skillgam.cab (SkillGam Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821} http://www.worldwinn...GamesLoader.cab (FunGamesLoader Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} http://cdn.scan.onec...lscbase1140.cab (Windows Live Safety Center Base Module)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5} http://www.worldwinn...v46/sol/sol.cab (Sol Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0} http://www.worldwinn...man/hangman.cab (Hangman Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} http://fpdownload.ma...ent/swflash.cab (Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) - C:\Program Files\Google\Google Desktop Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01} - File not found
O24 - Desktop WallPaper: C:\Documents and Settings\Tiara\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and Settings\Tiara\Application Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command - "" = E:\setup.exe
O33 - MountPoints2\{b7f7f922-9e8a-11db-a33e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f7f922-9e8a-11db-a33e-00038a000015}\Shell\AutoRun - "" = Auto&Play
O33 - MountPoints2\{b7f7f922-9e8a-11db-a33e-00038a000015}\Shell\AutoRun\command - "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/06/14 07:46:10 | 000,000,000 | ---D | C] -- C:\Documents and Settings\LocalService\Application Data\Adobe
[2011/06/13 22:33:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/13 22:33:11 | 000,307,928 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/13 22:33:11 | 000,019,544 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/13 22:33:06 | 000,049,240 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/13 22:33:06 | 000,025,432 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/13 22:33:05 | 000,441,176 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/13 22:33:04 | 000,102,616 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/13 22:33:04 | 000,096,344 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/13 22:33:01 | 000,030,808 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/13 22:32:08 | 000,040,112 | ---- | C] (AVAST Software) -- C:\WINDOWS\avastSS.scr
[2011/06/13 22:32:04 | 000,199,304 | ---- | C] (AVAST Software) -- C:\WINDOWS\System32\aswBoot.exe
[2011/06/13 22:31:03 | 000,000,000 | ---D | C] -- C:\Program Files\AVAST Software
[2011/06/13 22:31:03 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/06/13 21:49:51 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Macromedia
[2011/06/13 21:49:45 | 000,000,000 | ---D | C] -- C:\Documents and Settings\NetworkService\Application Data\Adobe
[2011/06/13 21:40:37 | 000,069,632 | ---- | C] ( ) -- C:\Documents and Settings\Tiara\Application Data\9di3ccnqs.exe
[2011/06/13 21:39:46 | 000,062,464 | ---- | C] ( ) -- C:\Documents and Settings\Tiara\Application Data\s5sf.exe
[2011/06/13 19:53:48 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Macromedia
[2011/06/13 17:27:07 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tiara\Local Settings\Application Data\{D53F4178-B58D-4E40-89BC-9873E1F02355}
[2011/06/13 17:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/13 17:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2011/06/13 17:26:16 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Tiara\Application Data\69AFB03868188CBEDA9905903C1559C3
[2011/05/19 21:15:28 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/05/19 21:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/19 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/19 21:08:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[8 C:\Documents and Settings\Tiara\My Documents\*.tmp files -> C:\Documents and Settings\Tiara\My Documents\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Tiara\Application Data\*.tmp files -> C:\Documents and Settings\Tiara\Application Data\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/14 13:51:47 | 000,000,085 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\mlog
[2011/06/14 13:47:33 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\ylog
[2011/06/14 13:34:20 | 000,000,882 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/14 13:33:54 | 000,443,034 | ---- | M] () -- C:\WINDOWS\System32\perfh009.dat
[2011/06/14 13:33:54 | 000,072,134 | ---- | M] () -- C:\WINDOWS\System32\perfc009.dat
[2011/06/14 13:28:29 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Qmyuvv.job
[2011/06/14 13:28:22 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\pirvn.job
[2011/06/14 13:27:31 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 07:46:49 | 000,001,016 | ---- | M] () -- C:\WINDOWS\lsrslt.ini
[2011/06/13 22:33:04 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/06/13 22:09:01 | 000,000,886 | ---- | M] () -- C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/13 21:41:06 | 000,069,632 | ---- | M] ( ) -- C:\Documents and Settings\Tiara\Application Data\9di3ccnqs.exe
[2011/06/13 21:40:31 | 000,000,107 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\Plug.bat
[2011/06/13 21:40:10 | 000,000,105 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\LocalAccountAuthority.bat
[2011/06/13 21:39:50 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\MouseDriver.bat
[2011/06/13 21:39:43 | 000,062,464 | ---- | M] ( ) -- C:\Documents and Settings\Tiara\Application Data\s5sf.exe
[2011/06/13 17:29:28 | 000,042,166 | ---- | M] () -- C:\Documents and Settings\Tiara\Application Data\wklnhst.dat
[2011/06/13 17:25:10 | 000,136,704 | RHS- | M] () -- C:\WINDOWS\System32\dsseco.dll
[2011/06/13 04:45:04 | 000,000,919 | RH-- | M] () -- C:\WINDOWS\System32\drivers\etc\hosts
[2011/06/02 20:49:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 21:15:28 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[8 C:\Documents and Settings\Tiara\My Documents\*.tmp files -> C:\Documents and Settings\Tiara\My Documents\*.tmp -> ]
[5 C:\WINDOWS\System32\*.tmp files -> C:\WINDOWS\System32\*.tmp -> ]
[2 C:\WINDOWS\*.tmp files -> C:\WINDOWS\*.tmp -> ]
[2 C:\Documents and Settings\Tiara\Application Data\*.tmp files -> C:\Documents and Settings\Tiara\Application Data\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/06/14 07:46:49 | 000,001,016 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
[2011/06/13 22:13:23 | 000,335,872 | ---- | C] () --
[2011/06/13 21:40:36 | 000,000,085 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\mlog
[2011/06/13 21:40:31 | 000,000,107 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\Plug.bat
[2011/06/13 21:40:13 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\ylog
[2011/06/13 21:40:10 | 000,000,105 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\LocalAccountAuthority.bat
[2011/06/13 21:39:50 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\MouseDriver.bat
[2011/06/13 17:25:10 | 000,136,704 | RHS- | C] () -- C:\WINDOWS\System32\dsseco.dll
[2011/06/13 17:25:10 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\pirvn.job
[2011/06/13 17:25:10 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\Qmyuvv.job
[2011/05/19 21:15:28 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2010/10/28 20:58:27 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\Tiara\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/28 18:11:16 | 000,001,940 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/06/01 21:07:20 | 000,051,524 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2008/07/26 23:39:11 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/01 22:34:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/05/02 11:04:19 | 003,596,288 | ---- | C] () -- C:\WINDOWS\System32\qt-dx331.dll
[2007/05/01 19:33:57 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 22:09:08 | 000,001,391 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/30 23:42:58 | 000,087,040 | ---- | C] () -- C:\Documents and Settings\Tiara\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 19:35:36 | 000,002,828 | -HS- | C] () -- C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/29 19:35:36 | 000,000,088 | RHS- | C] () -- C:\WINDOWS\System32\E24C1E6E4D.sys
[2006/12/23 20:31:37 | 000,001,177 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/23 19:47:02 | 000,042,166 | ---- | C] () -- C:\Documents and Settings\Tiara\Application Data\wklnhst.dat
[2006/12/23 19:32:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/21 14:44:57 | 000,000,128 | ---- | C] () -- C:\Documents and Settings\Tiara\Local Settings\Application Data\fusioncache.dat
[2006/12/15 00:44:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/15 00:29:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/15 00:27:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/15 00:25:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/15 00:18:23 | 000,086,016 | ---- | C] () -- C:\WINDOWS\System32\preflib.dll
[2006/12/15 00:18:22 | 000,020,480 | ---- | C] () -- C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/12/15 00:18:21 | 000,757,760 | ---- | C] () -- C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/14 23:52:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/14 23:52:14 | 000,016,480 | ---- | C] () -- C:\WINDOWS\System32\rixdicon.dll
[2006/12/14 23:51:34 | 000,000,390 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2006/05/02 15:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 15:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () -- C:\WINDOWS\System32\dlcfplc.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () -- C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,258,248 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:42 | 000,374,272 | ---- | C] () -- C:\WINDOWS\efixizux.dll
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,443,034 | ---- | C] () -- C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,072,134 | ---- | C] () -- C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,788 | ---- | C] () -- C:\WINDOWS\System32\Dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2009/08/02 15:23:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\acccore
[2010/08/25 18:01:01 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AIM
[2010/12/24 13:24:08 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Amazon
[2011/06/13 22:31:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2007/04/17 19:34:40 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\FunGames
[2008/09/16 07:11:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\ICQ
[2009/08/08 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\PCSettings
[2007/04/11 20:30:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Sandlot Games
[2007/03/17 12:33:07 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\SingleClick Systems
[2011/06/13 17:26:53 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
[2010/09/17 10:04:52 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\TEMP
[2009/08/02 15:23:48 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Viewpoint
[2006/12/15 00:35:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\YAHOO
[2010/04/10 21:15:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/29 20:45:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/14 13:44:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\69AFB03868188CBEDA9905903C1559C3
[2006/12/23 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\acccore
[2010/06/28 20:01:50 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\AnvSoft
[2008/03/09 19:14:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\BitZipper
[2010/04/18 12:27:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\Facebook
[2007/01/11 22:46:38 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\Flock
[2011/04/13 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\HTC
[2008/09/16 07:12:45 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\ICQ
[2007/02/07 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\ICQLite
[2008/11/01 20:15:58 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\IMVU
[2008/11/01 20:17:28 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\IMVUClient
[2010/07/17 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\Spacejock Software
[2007/03/18 20:01:06 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\Template
[2008/04/02 21:28:10 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\Thunderbird
[2007/01/11 19:44:32 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Tiara\Application Data\Viewpoint
[2011/06/14 13:28:22 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\Tasks\pirvn.job
[2011/06/14 13:28:29 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\Tasks\Qmyuvv.job

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All Users\Application Data\TEMP:BEB71B81

< End of report >
  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi there on completion of this run can you let me know what your current problems are

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :OTL
    PRC - [2011/06/13 21:39:43 | 000,062,464 | ---- | M] ( ) -- C:\Documents and Settings\Tiara\Application Data\s5sf.exe
    PRC - [2011/06/13 21:39:37 | 000,238,080 | ---- | M] () -- C:\Documents and Settings\Tiara\Local Settings\Temp\Fjl.exe
    PRC - [2004/08/10 04:00:00 | 000,069,632 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\lssas.exe
    SRV - [2011/06/13 21:40:31 | 000,000,107 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\Tiara\Application Data\Plug.bat -- (Plug Manager)
    SRV - [2011/06/13 21:40:10 | 000,000,105 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\Tiara\Application Data\LocalAccountAuthority.bat -- (Local Account Authority Service)
    SRV - [2011/06/13 21:39:50 | 000,000,104 | -H-- | M] () [Auto | Stopped] -- C:\Documents and Settings\Tiara\Application Data\MouseDriver.bat -- (MouseDriver)
    O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - No CLSID value found
    O3 - HKCU\..\Toolbar\WebBrowser: (no name) - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - No CLSID value found.
    O4 - HKLM..\Run: [oeqvxfh] C:\Documents and Settings\Tiara\Application Data\s5sf.exe ( )
    O4 - HKLM..\Run: [Vwamixaqabezaxeq] C:\WINDOWS\efixizux.dll ()
    O4 - HKCU..\Run: [4ECYTQ9SIC] File not found
    O4 - HKCU..\Run: [Afiroxuxuvijuk] File not found
    O4 - HKCU..\Run: [bagn70dol.exe] File not found
    O4 - HKCU..\Run: [ModemOnHold] File not found
    O4 - HKCU..\Run: [W1WIWQ1NPG] File not found
    O21 - SSODL: SwUpdate - {003541A1-3BC0-1B1C-AAF3-040114001C01} - File not found
    [2011/06/13 21:40:37 | 000,069,632 | ---- | C] ( ) -- C:\Documents and Settings\Tiara\Application Data\9di3ccnqs.exe
    [2011/06/13 21:39:46 | 000,062,464 | ---- | C] ( ) -- C:\Documents and Settings\Tiara\Application Data\s5sf.exe
    [2011/06/13 17:26:53 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Application Data\Tarma Installer
    [2011/06/14 13:51:47 | 000,000,085 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\mlog
    [2011/06/14 13:47:33 | 000,000,004 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\ylog
    [2011/06/14 13:28:29 | 000,000,300 | -HS- | M] () -- C:\WINDOWS\tasks\Qmyuvv.job
    [2011/06/14 13:28:22 | 000,000,304 | -HS- | M] () -- C:\WINDOWS\tasks\pirvn.job
    [2011/06/13 21:41:06 | 000,069,632 | ---- | M] ( ) -- C:\Documents and Settings\Tiara\Application Data\9di3ccnqs.exe
    [2011/06/13 21:40:31 | 000,000,107 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\Plug.bat
    [2011/06/13 21:40:10 | 000,000,105 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\LocalAccountAuthority.bat
    [2011/06/13 21:39:50 | 000,000,104 | -H-- | M] () -- C:\Documents and Settings\Tiara\Application Data\MouseDriver.bat
    [2011/06/13 21:39:43 | 000,062,464 | ---- | M] ( ) -- C:\Documents and Settings\Tiara\Application Data\s5sf.exe
    [2011/06/13 17:25:10 | 000,136,704 | RHS- | M] () -- C:\WINDOWS\System32\dsseco.dll
    [2011/06/14 07:46:49 | 000,001,016 | ---- | C] () -- C:\WINDOWS\lsrslt.ini
    [2011/06/13 21:40:36 | 000,000,085 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\mlog
    [2011/06/13 21:40:31 | 000,000,107 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\Plug.bat
    [2011/06/13 21:40:13 | 000,000,004 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\ylog
    [2011/06/13 21:40:10 | 000,000,105 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\LocalAccountAuthority.bat
    [2011/06/13 21:39:50 | 000,000,104 | -H-- | C] () -- C:\Documents and Settings\Tiara\Application Data\MouseDriver.bat
    [2011/06/13 17:25:10 | 000,136,704 | RHS- | C] () -- C:\WINDOWS\System32\dsseco.dll
    [2011/06/13 17:25:10 | 000,000,304 | -HS- | C] () -- C:\WINDOWS\tasks\pirvn.job
    [2011/06/13 17:25:10 | 000,000,300 | -HS- | C] () -- C:\WINDOWS\tasks\Qmyuvv.job

    :Files
    ipconfig /flushdns /c
    attrib -H c:\*.* /s /d /c

    :Commands
    [purity]
    [resethosts]
    [emptytemp]
    [EMPTYFLASH]
    [CREATERESTOREPOINT]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done
  • Open OTL again and click the Quick Scan button. Post the log it produces in your next reply.

THEN

Download aswMBR.exe ( 567KB ) to your desktop.

Double click the aswMBR.exe to run it

Click the "Scan" button to start scan
Posted Image

On completion of the scan click save log, save it to your desktop and post in your next reply
Posted Image
  • 0

#3
savedglory

savedglory

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thanks!

How long should it take for the first Run Fix step? I clicked "Run Fix" after pasting the text you included, and after my desktop icons and Windows bar disappeared (which I believe is normal since it looked like it was killing active processes?), the Command Prompt black box came up. It hasn't yet gone away. It says:

C:\\WINDOWS\system32\cmd.exe at the top and then:

C:\Documents and Settings\Tiara\Desktop>attrib -H c:\*.* /s /d 1>"C:\Documents and Settings\Tiara\Desktop\cmd.txt"

It's been on that command box with the cursor line blinking for about five minutes. I don't want to touch it in case that's normal, but if it's not, I thought I'd bring it up. Should I just be patient and wait it out or did something go wrong?
  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
That command is checking that none of your files have been set to hidden it should be finished around about now

If it doesn't finish in about 5 more minutes then stop OTL and continue with aswMBR please
  • 0

#5
savedglory

savedglory

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
The command prompt window finally went away but now it's been stuck on the "Creating restore point. DO NOT INTERRUPT..." part for...well, probably since I last checked this forum a few hours ago. :) I tried to click on the OTL window itself to see if it was even working (because my computer is eerily silent) and now it says "(Not Responding)" at the top.

What should I do? I don't know how to stop OTL (there's no stop button) and I don't want to mess it up in the middle of a restore point. Should I try waiting it out longer, or is there anything I should do to end OTL?
  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Right click the task bar and select task manager, then in the applications tab select OTL and press end task. Accept the warnings and it will stop
  • 0

#7
savedglory

savedglory

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Thank you!! I'm not sure if the OTL log will still help since I'm sure if it finished what it needed to, but I did a quick scan anyway:

OTL logfile created on: 6/15/2011 10:11:44 AM - Run 2
OTL by OldTimer - Version 3.2.24.0 Folder = C:\Documents and
Settings\Tiara\Desktop
Windows XP Media Center Edition Service Pack 2 (Version = 5.1.2600) -
Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date
Format: M/d/yyyy

1014.37 Mb Total Physical Memory | 466.98 Mb Available Physical Memory
| 46.04% Memory free
2.38 Gb Paging File | 1.90 Gb Available in Paging File | 79.65% Paging File free
Paging file location(s): C:\pagefile.sys 1524 3048 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% =
C:\Program Files
Drive C: | 67.60 Gb Total Space | 22.94 Gb Free Space | 33.93% Space
Free | Partition Type: NTFS

Computer Name: SAVEDGLORY | User Name: Tiara | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company
Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/06/14 13:43:09 | 000,580,608 | ---- | M] (OldTimer Tools)
-- C:\Documents and Settings\Tiara\Desktop\OTL.exe
PRC - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software)
-- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/04/22 21:22:50 | 000,912,344 | ---- | M] (Mozilla
Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () -- C:\Program
Files\HTC\Internet Pass-Through\PassThruSvr.exe
PRC - [2009/05/27 12:00:24 | 000,753,664 | ---- | M] (Apple Inc.) --
C:\Program Files\AirPort\APAgent.exe
PRC - [2007/06/13 03:23:07 | 001,033,216 | ---- | M] (Microsoft
Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2007/02/19 18:58:30 | 000,083,504 | ---- | M] (SingleClick
Systems) -- C:\Program Files\Dell Network Assistant\hnm_svc.exe
PRC - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint
Corporation) -- C:\Program Files\Viewpoint\Common\ViewpointService.exe
PRC - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) --
C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe
PRC - [2006/08/22 14:32:18 | 000,184,320 | ---- | M] (CyberLink Corp.)
-- C:\Program Files\Dell\MediaDirect\PCMService.exe
PRC - [2006/03/24 22:30:44 | 000,282,624 | ---- | M] (SigmaTel, Inc.)
-- C:\WINDOWS\stsystra.exe
PRC - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online,
Inc.) -- C:\WINDOWS\wanmpsvc.exe


========== Modules (SafeList) ==========

MOD - [2011/06/14 13:43:09 | 000,580,608 | ---- | M] (OldTimer Tools)
-- C:\Documents and Settings\Tiara\Desktop\OTL.exe
MOD - [2011/05/10 05:10:55 | 000,199,792 | ---- | M] (AVAST Software)
-- C:\Program Files\AVAST Software\Avast\snxhk.dll
MOD - [2006/08/25 08:45:55 | 001,054,208 | ---- | M] (Microsoft
Corporation) --
C:\WINDOWS\WinSxS\x86_Microsoft.Windows.Common-Controls_6595b64144ccf1df_6.0.2600.2982_x-ww_ac3f9c03\comctl32.dll


========== Win32 Services (SafeList) ==========

SRV - File not found [Disabled | Stopped] -- -- (HidServ)
SRV - [2011/05/10 05:10:57 | 000,042,184 | ---- | M] (AVAST Software)
[Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
-- (avast! Antivirus)
SRV - [2010/09/16 14:06:22 | 000,080,896 | ---- | M] () [Auto |
Running] -- C:\Program Files\HTC\Internet Pass-Through\PassThruSvr.exe
-- (PassThru Service)
SRV - [2010/09/13 12:48:12 | 000,025,704 | R--- | M] (Amazon.com)
[Auto | Stopped] -- C:\Program Files\Amazon\Amazon Unbox
Video\ADVWindowsClientService.exe -- (ADVService)
SRV - [2007/02/19 18:58:30 | 000,083,504 | ---- | M] (SingleClick
Systems) [Auto | Running] -- C:\Program Files\Dell Network
Assistant\hnm_svc.exe -- (hnmsvc)
SRV - [2007/01/04 14:38:08 | 000,024,652 | ---- | M] (Viewpoint
Corporation) [Auto | Running] -- C:\Program
Files\Viewpoint\Common\ViewpointService.exe -- (Viewpoint Manager
Service)
SRV - [2006/12/15 00:34:43 | 000,086,528 | ---- | M] (Google)
[On_Demand | Stopped] -- C:\Program Files\Google\Google Desktop
Search\GoogleDesktopManager.exe -- (GoogleDesktopManager)
SRV - [2006/10/23 05:50:35 | 000,046,640 | R--- | M] (AOL LLC) [Auto |
Running] -- C:\Program Files\Common Files\AOL\ACS\AOLacsd.exe -- (AOL
ACS)
SRV - [2003/08/27 09:29:46 | 000,065,536 | ---- | M] (America Online,
Inc.) [Auto | Running] -- C:\WINDOWS\wanmpsvc.exe --
(WANMiniportService) WAN Miniport (ATW)


========== Driver Services (SafeList) ==========

DRV - [2011/05/10 05:03:54 | 000,441,176 | ---- | M] (AVAST Software)
[File_System | System | Running] --
C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/05/10 05:03:44 | 000,307,928 | ---- | M] (AVAST Software)
[Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys
-- (aswSP)
DRV - [2011/05/10 05:02:37 | 000,049,240 | ---- | M] (AVAST Software)
[Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys
-- (aswTdi)
DRV - [2011/05/10 05:02:25 | 000,102,616 | ---- | M] (AVAST Software)
[File_System | Auto | Running] --
C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/05/10 04:59:56 | 000,025,432 | ---- | M] (AVAST Software)
[Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys
-- (aswRdr)
DRV - [2011/05/10 04:59:37 | 000,030,808 | ---- | M] (AVAST Software)
[Kernel | System | Running] --
C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/05/10 04:59:35 | 000,019,544 | ---- | M] (AVAST Software)
[File_System | Auto | Running] --
C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2010/06/22 18:01:50 | 000,021,248 | ---- | M] (Windows ® Win
7 DDK provider) [Kernel | On_Demand | Stopped] --
C:\WINDOWS\system32\drivers\htcnprot.sys -- (htcnprot)
DRV - [2009/06/10 00:49:32 | 000,024,576 | ---- | M] (HTC,
Corporation) [Kernel | On_Demand | Stopped] --
C:\WINDOWS\system32\drivers\ANDROIDUSB.sys -- (HTCAND32)
DRV - [2007/04/17 19:34:56 | 000,012,464 | ---- | M] (Macrovision
Europe Ltd) [Kernel | Auto | Running] --
C:\WINDOWS\system32\drivers\CdaD10BA.SYS -- (CdaD10BA)
DRV - [2006/12/18 18:01:20 | 000,012,672 | ---- | M] (SingleClick
Systems) [Kernel | Auto | Running] --
C:\WINDOWS\system32\drivers\packet.sys -- (Packet)
DRV - [2006/12/15 00:32:29 | 000,010,344 | ---- | M] (Symantec
Corporation) [Kernel | Auto | Running] --
C:\WINDOWS\system32\drivers\symlcbrd.sys -- (symlcbrd)
DRV - [2006/12/15 00:26:55 | 000,008,552 | ---- | M] (Windows ® 2000
DDK provider) [Kernel | Auto | Running] --
C:\WINDOWS\System32\drivers\asctrm.sys -- (ASCTRM)
DRV - [2006/11/22 23:34:36 | 000,604,928 | ---- | M] (Broadcom
Corporation) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\BCMWL5.SYS -- (BCM43XX)
DRV - [2006/08/25 06:23:08 | 000,044,544 | ---- | M] (Broadcom
Corporation) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\bcm4sbxp.sys -- (bcm4sbxp)
DRV - [2006/03/24 22:34:30 | 001,156,648 | ---- | M] (SigmaTel, Inc.)
[Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\sthda.sys -- (STHDA)
DRV - [2006/01/10 10:07:58 | 000,004,864 | ---- | M] (GTek
Technologies Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program
Files\Dell Support\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/08/12 16:50:46 | 000,016,128 | ---- | M] (Dell Inc)
[Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\APPDRV.SYS
-- (APPDRV)
DRV - [2005/07/14 22:58:14 | 000,028,544 | ---- | M] (REDC) [Kernel |
On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimmptsk.sys --
(rimmptsk)
DRV - [2005/07/14 21:28:38 | 000,307,968 | ---- | M] (REDC) [Kernel |
On_Demand | Running] -- C:\WINDOWS\system32\drivers\rixdptsk.sys --
(rismxdp)
DRV - [2005/07/12 23:00:30 | 000,051,328 | ---- | M] (REDC) [Kernel |
On_Demand | Running] -- C:\WINDOWS\system32\drivers\rimsptsk.sys --
(rimsptsk)
DRV - [2004/02/13 15:46:00 | 000,017,153 | ---- | M] (Dell Inc)
[Kernel | System | Running] -- C:\WINDOWS\system32\drivers\omci.sys --
(omci)
DRV - [2003/01/10 15:13:04 | 000,033,588 | ---- | M] (America Online,
Inc.) [Kernel | On_Demand | Running] --
C:\WINDOWS\system32\drivers\wanatw4.sys -- (wanatw) WAN Miniport (ATW)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========

IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Page_URL
= www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061215
IE - HKLM\SOFTWARE\Microsoft\Internet
Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.google.com/ie
IE - HKLM\SOFTWARE\Microsoft\Internet Explorer\Search,Start Page =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061215

IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Default_Page_URL =
www.google.com/ig/dell?hl=en&client=dell-usuk-rel&channel=us&ibd=0061215
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Search Page =
http://www.google.com
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page =
http://start.icq.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant
= http://www.google.com/ie
IE - HKCU\..\URLSearchHook: - Reg Error: Key error. File not found
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings:
"ProxyOverride" = 127.0.0.1;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "Google"
FF - prefs.js..browser.search.defaulturl:
"http://www.google.co...-8&oe=UTF-8&q="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.startup.homepage:
"about:myworld|http://www.flock.com/start/"
FF - prefs.js..network.proxy.type: 4

FF - HKLM\software\mozilla\Firefox\extensions\\{D53F4178-B58D-4E40-89BC-9873E1F02355}:
C:\Documents and Settings\Tiara\Local Settings\Application
Data\{D53F4178-B58D-4E40-89BC-9873E1F02355} [2011/06/13 17:27:07 |
000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\{913DB4E6-E193-4AF8-9FB8-AB7BD3EEF8DC}:
C:\Documents and Settings\Adriann\Local Settings\Application
Data\{913DB4E6-E193-4AF8-9FB8-AB7BD3EEF8DC} [2011/06/13 19:29:21 |
000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Firefox\extensions\\[email protected]:
C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/06/13 22:32:13 |
000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Flock\Extensions\\Plugins: C:\Program
Files\Flock\flock\plugins [2011/01/23 14:59:23 | 000,000,000 | ---D |
M]
FF - HKLM\software\mozilla\Flock\Extensions\\Components: C:\Program
Files\Flock\flock\components [2011/01/23 14:59:23 | 000,000,000 | ---D
| M]
FF - HKLM\software\mozilla\Mozilla Firefox
3.6.16\extensions\\Components: C:\Program Files\Mozilla
Firefox\components [2011/06/13 19:25:46 | 000,000,000 | ---D | M]
FF - HKLM\software\mozilla\Mozilla Firefox 3.6.16\extensions\\Plugins:
C:\Program Files\Mozilla Firefox\plugins [2011/04/22 21:23:05 |
000,000,000 | ---D | M]

[2009/03/26 14:05:16 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Tiara\Application Data\Mozilla\Extensions
[2009/03/26 14:05:16 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Tiara\Application
Data\Mozilla\Extensions\[email protected]
[2011/06/14 13:35:46 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Tiara\Application
Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions
[2010/09/17 10:07:45 | 000,000,000 | ---D | M] (Microsoft .NET
Framework Assistant) -- C:\Documents and Settings\Tiara\Application
Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2009/09/19 14:47:47 | 000,000,000 | ---D | M] (No name found) --
C:\Documents and Settings\Tiara\Application
Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions\{E2883E8F-472F-4fb0-9522-AC9BF37916A7}
[2011/06/13 17:27:06 | 000,000,000 | ---D | M] (Yontoo Layers) --
C:\Documents and Settings\Tiara\Application
Data\Mozilla\Firefox\Profiles\hp1m1y0z.default\extensions\[email protected]
[2011/06/14 13:35:46 | 000,000,000 | ---D | M] (No name found) --
C:\Program Files\Mozilla Firefox\extensions
[2007/09/05 21:29:57 | 000,000,000 | ---D | M] (Java Console) --
C:\Program Files\Mozilla
Firefox\extensions\{CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
[2007/06/27 20:20:19 | 000,000,000 | ---D | M] (Google Toolbar for
Firefox) -- C:\DOCUMENTS AND SETTINGS\TIARA\APPLICATION
DATA\FLOCK\BROWSER\PROFILES\KCD42Z1Z.DEFAULT\EXTENSIONS\{3112CA9C-DE6D-4884-A869-9855DE68056C}
[2008/06/17 23:43:04 | 000,086,016 | ---- | M] (Coupons, Inc.) --
C:\Program Files\Mozilla Firefox\plugins\npCouponPrinter.dll
[2007/04/16 10:07:12 | 000,180,293 | ---- | M] () -- C:\Program
Files\Mozilla Firefox\plugins\npViewpoint.dll

O1 HOSTS File: ([2011/06/14 14:39:25 | 000,000,098 | ---- | M]) -
C:\WINDOWS\system32\drivers\etc\Hosts
O1 - Hosts: 127.0.0.1 localhost
O1 - Hosts: ::1 localhost
O2 - BHO: (DriveLetterAccess) - {5CA3D70E-1895-11CF-8E15-001234567890}
- C:\WINDOWS\system32\dla\tfswshx.dll (Sonic Solutions)
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -
C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O2 - BHO: (Google Toolbar Notifier BHO) -
{AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program
Files\Google\GoogleToolbarNotifier\5.6.6209.1142\swg.dll (Google Inc.)
O2 - BHO: (CBrowserHelperObject Object) -
{CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
(Dell Inc.)
O2 - BHO: (Yontoo Layers) - {FD72061E-9FDE-484D-A58A-0BAB4151CAD8} -
C:\Program Files\PageRage\YontooIEClient.dll (Yontoo Technology, Inc.)
O3 - HKLM\..\Toolbar: (avast! WebRep) -
{8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST
Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [AirPort Base Station Agent] C:\Program
Files\AirPort\APAgent.exe (Apple Inc.)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST
Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [cleanddm] File not found
O4 - HKLM..\Run: [HTC Sync Loader] C:\Program Files\HTC\HTC Sync
3.0\htcUPCTLoader.exe ()
O4 - HKLM..\Run: [PCMService] C:\Program
Files\Dell\MediaDirect\PCMService.exe (CyberLink Corp.)
O4 - HKLM..\Run: [SigmatelSysTrayApp] C:\WINDOWS\stsystra.exe (SigmaTel, Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start
Menu\Programs\Startup\Amazon Unbox.lnk = C:\Program
Files\Amazon\Amazon Unbox Video\ADVWindowsClientSystemTray.exe
(Amazon.com)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
InstallVisualStyle =
C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles (Microsoft)
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\System:
InstallTheme = C:\WINDOWS\Resources\Themes\Royale.theme ()
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer:
NoDriveTypeAutoRun = 145
O8 - Extra context menu item: Add to Google Photos Screensa&ver -
C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: ICQ Lite - {B863453A-26C3-4e1f-A54D-A2CD196348E9} -
File not found
O9 - Extra 'Tools' menuitem : ICQ Lite -
{B863453A-26C3-4e1f-A54D-A2CD196348E9} - File not found
O9 - Extra Button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} -
C:\Documents and Settings\Tiara\Start Menu\Programs\IMVU\Run IMVU.lnk
()
O9 - Extra Button: ICQ6 - {E59EB121-F339-4851-A3BA-FE49C35617C2} -
C:\Program Files\ICQ6\ICQ.exe (ICQ, Inc.)
O9 - Extra 'Tools' menuitem : ICQ6 -
{E59EB121-F339-4851-A3BA-FE49C35617C2} - C:\Program Files\ICQ6\ICQ.exe
(ICQ, Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program
Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: aol.com ([objects] * is out of zone range - 5)
O16 - DPF: {18C3FD15-74F6-4280-9C98-3590C966B7B8}
http://www.worldwinn...am/skillgam.cab (SkillGam
Control)
O16 - DPF: {1A1F56AA-3401-46F9-B277-D57F3421F821}
http://www.worldwinn...GamesLoader.cab
(FunGamesLoader Object)
O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166}
http://cdn.scan.onec...lscbase1140.cab
(Windows Live Safety Center Base Module)
O16 - DPF: {8A94C905-FF9D-43B6-8708-F0F22D22B1CB}
http://www.worldwinn...ed/wwlaunch.cab (Wwlaunch
Control)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_17)
O16 - DPF: {9903F4ED-B673-456A-A15F-ED90C7DE9EF5}
http://www.worldwinn...v46/sol/sol.cab (Sol Control)
O16 - DPF: {B06CE1BC-5D9D-4676-BD28-1752DBF394E0}
http://www.worldwinn...man/hangman.cab (Hangman
Control)
O16 - DPF: {CAFEEFAC-0015-0000-0006-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.5.0_06)
O16 - DPF: {CAFEEFAC-0015-0000-0011-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.5.0_11)
O16 - DPF: {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab (Java
Plug-in 1.6.0)
O16 - DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_05)
O16 - DPF: {CAFEEFAC-0016-0000-0017-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_17)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
http://java.sun.com/...indows-i586.cab
(Java Plug-in 1.6.0_17)
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000}
http://fpdownload.ma...ent/swflash.cab
(Shockwave Flash Object)
O16 - DPF: Microsoft XML Parser for Java
file://C:\WINDOWS\Java\classes\xmldso.cab (Reg Error: Key error.)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 10.0.1.1
O20 - AppInit_DLLs: (C:\PROGRA~1\Google\GOOGLE~1\GOEC62~1.DLL) -
C:\Program Files\Google\Google Desktop
Search\GoogleDesktopNetwork3.dll (Google)
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe
(Microsoft Corporation)
O24 - Desktop WallPaper: C:\Documents and Settings\Tiara\Application
Data\Microsoft\Internet Explorer\Internet Explorer Wallpaper.bmp
O24 - Desktop BackupWallPaper: C:\Documents and
Settings\Tiara\Application Data\Microsoft\Internet Explorer\Internet
Explorer Wallpaper.bmp
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2005/08/16 03:43:04 | 000,000,000 | ---- | M] ()
- C:\AUTOEXEC.BAT -- [ NTFS ]
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell - "" = AutoRun
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun
- "" = Auto&Play
O33 - MountPoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}\Shell\AutoRun\command
- "" = E:\setup.exe
O33 - MountPoints2\{b7f7f922-9e8a-11db-a33e-00038a000015}\Shell - "" = AutoRun
O33 - MountPoints2\{b7f7f922-9e8a-11db-a33e-00038a000015}\Shell\AutoRun
- "" = Auto&Play
O33 - MountPoints2\{b7f7f922-9e8a-11db-a33e-00038a000015}\Shell\AutoRun\command
- "" = E:\LaunchU3.exe
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days
==========


[2011/06/14 14:25:24 | 000,000,000 | ---D | C] -- C:\_OTL
[2011/06/14 13:38:21 | 000,580,608 | ---- | C] (OldTimer Tools) --
C:\Documents and Settings\Tiara\Desktop\OTL.exe
[2011/06/14 07:46:10 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\LocalService\Application Data\Adobe
[2011/06/13 22:33:12 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\avast! Free Antivirus
[2011/06/13 22:33:11 | 000,307,928 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aswSP.sys
[2011/06/13 22:33:11 | 000,019,544 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aswFsBlk.sys
[2011/06/13 22:33:06 | 000,049,240 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aswTdi.sys
[2011/06/13 22:33:06 | 000,025,432 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aswRdr.sys
[2011/06/13 22:33:05 | 000,441,176 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aswSnx.sys
[2011/06/13 22:33:04 | 000,102,616 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aswmon2.sys
[2011/06/13 22:33:04 | 000,096,344 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aswmon.sys
[2011/06/13 22:33:01 | 000,030,808 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\drivers\aavmker4.sys
[2011/06/13 22:32:08 | 000,040,112 | ---- | C] (AVAST Software) --
C:\WINDOWS\avastSS.scr
[2011/06/13 22:32:04 | 000,199,304 | ---- | C] (AVAST Software) --
C:\WINDOWS\System32\aswBoot.exe
[2011/06/13 22:31:03 | 000,000,000 | ---D | C] -- C:\Program
Files\AVAST Software
[2011/06/13 22:31:03 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\AVAST Software
[2011/06/13 21:49:51 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\NetworkService\Application Data\Macromedia
[2011/06/13 21:49:45 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\NetworkService\Application Data\Adobe
[2011/06/13 19:53:48 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Application Data\Macromedia
[2011/06/13 17:27:07 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Tiara\Local Settings\Application
Data\{D53F4178-B58D-4E40-89BC-9873E1F02355}
[2011/06/13 17:26:54 | 000,000,000 | ---D | C] -- C:\Program Files\PageRage
[2011/06/13 17:26:16 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\Tiara\Application Data\69AFB03868188CBEDA9905903C1559C3
[2011/05/19 21:15:28 | 000,000,000 | ---D | C] -- C:\Documents and
Settings\All Users\Start Menu\Programs\iTunes
[2011/05/19 21:14:29 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/05/19 21:09:44 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/05/19 21:08:43 | 000,000,000 | -HSD | C] -- C:\Config.Msi
[8 C:\Documents and Settings\Tiara\My Documents\*.tmp files ->
C:\Documents and Settings\Tiara\My Documents\*.tmp -> ]

========== Files - Modified Within 30 Days ==========

[2011/06/15 10:10:23 | 000,443,034 | ---- | M] () --
C:\WINDOWS\System32\perfh009.dat
[2011/06/15 10:10:23 | 000,072,134 | ---- | M] () --
C:\WINDOWS\System32\perfc009.dat
[2011/06/15 10:09:02 | 000,000,886 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskMachineUA.job
[2011/06/15 10:06:08 | 000,000,882 | ---- | M] () --
C:\WINDOWS\tasks\GoogleUpdateTaskMachineCore.job
[2011/06/15 10:05:55 | 000,002,048 | --S- | M] () -- C:\WINDOWS\bootstat.dat
[2011/06/14 14:39:25 | 000,000,098 | ---- | M] () --
C:\WINDOWS\System32\drivers\etc\Hosts
[2011/06/14 13:43:09 | 000,580,608 | ---- | M] (OldTimer Tools) --
C:\Documents and Settings\Tiara\Desktop\OTL.exe
[2011/06/13 22:33:04 | 000,002,625 | ---- | M] () --
C:\WINDOWS\System32\CONFIG.NT
[2011/06/13 17:29:28 | 000,042,166 | ---- | M] () -- C:\Documents and
Settings\Tiara\Application Data\wklnhst.dat
[2011/06/02 20:49:50 | 000,002,206 | ---- | M] () -- C:\WINDOWS\System32\wpa.dbl
[2011/05/19 21:15:28 | 000,001,542 | ---- | M] () -- C:\Documents and
Settings\All Users\Desktop\iTunes.lnk
[8 C:\Documents and Settings\Tiara\My Documents\*.tmp files ->
C:\Documents and Settings\Tiara\My Documents\*.tmp -> ]

========== Files Created - No Company Name ==========

[2011/05/19 21:15:28 | 000,001,542 | ---- | C] () -- C:\Documents and
Settings\All Users\Desktop\iTunes.lnk
[2010/10/28 20:58:27 | 000,001,940 | ---- | C] () -- C:\Documents and
Settings\Tiara\Local Settings\Application
Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2010/10/28 18:11:16 | 000,001,940 | ---- | C] () -- C:\Documents and
Settings\LocalService\Local Settings\Application
Data\{96C87F53-AC72-4604-A9CC-186A49F17F3C}.ini
[2009/06/01 21:07:20 | 000,051,524 | ---- | C] () --
C:\WINDOWS\System32\mlfcache.dat
[2008/07/26 23:39:11 | 000,000,047 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2008/04/01 22:34:03 | 000,006,550 | ---- | C] () -- C:\WINDOWS\jautoexp.dat
[2007/05/02 11:04:19 | 003,596,288 | ---- | C] () --
C:\WINDOWS\System32\qt-dx331.dll
[2007/05/01 19:33:57 | 000,012,288 | ---- | C] () --
C:\WINDOWS\System32\DivXWMPExtType.dll
[2007/03/18 22:09:08 | 000,001,391 | ---- | C] () -- C:\Documents and
Settings\All Users\Application Data\QTSBandwidthCache
[2006/12/30 23:42:58 | 000,087,040 | ---- | C] () -- C:\Documents and
Settings\Tiara\Local Settings\Application
Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2006/12/29 19:35:36 | 000,002,828 | -HS- | C] () --
C:\WINDOWS\System32\KGyGaAvL.sys
[2006/12/29 19:35:36 | 000,000,088 | RHS- | C] () --
C:\WINDOWS\System32\E24C1E6E4D.sys
[2006/12/23 20:31:37 | 000,001,177 | ---- | C] () -- C:\WINDOWS\mozver.dat
[2006/12/23 19:47:02 | 000,042,166 | ---- | C] () -- C:\Documents and
Settings\Tiara\Application Data\wklnhst.dat
[2006/12/23 19:32:00 | 000,000,029 | ---- | C] () -- C:\WINDOWS\atid.ini
[2006/12/21 14:44:57 | 000,000,128 | ---- | C] () -- C:\Documents and
Settings\Tiara\Local Settings\Application Data\fusioncache.dat
[2006/12/15 00:44:56 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2006/12/15 00:29:22 | 000,000,376 | ---- | C] () -- C:\WINDOWS\ODBC.INI
[2006/12/15 00:27:16 | 000,000,138 | ---- | C] () -- C:\WINDOWS\wininit.ini
[2006/12/15 00:25:59 | 000,000,335 | ---- | C] () -- C:\WINDOWS\nsreg.dat
[2006/12/15 00:18:23 | 000,086,016 | ---- | C] () --
C:\WINDOWS\System32\preflib.dll
[2006/12/15 00:18:22 | 000,020,480 | ---- | C] () --
C:\WINDOWS\System32\WLTRYSVC.EXE
[2006/12/15 00:18:21 | 000,757,760 | ---- | C] () --
C:\WINDOWS\System32\bcm1xsup.dll
[2006/12/14 23:52:30 | 000,049,152 | ---- | C] () -- C:\WINDOWS\setpwrcg.exe
[2006/12/14 23:52:14 | 000,016,480 | ---- | C] () --
C:\WINDOWS\System32\rixdicon.dll
[2006/12/14 23:51:34 | 000,000,390 | ---- | C] () --
C:\WINDOWS\System32\OEMINFO.INI
[2006/05/02 15:38:24 | 000,072,444 | ---- | C] () -- C:\WINDOWS\SetBrowser.exe
[2006/05/02 15:38:24 | 000,000,748 | ---- | C] () -- C:\WINDOWS\SetBrowser.ini
[2005/08/31 11:11:14 | 000,000,442 | ---- | C] () --
C:\WINDOWS\System32\dlcfplc.ini
[2005/08/16 03:48:31 | 000,002,048 | --S- | C] () -- C:\WINDOWS\bootstat.dat
[2005/08/16 03:38:45 | 000,021,640 | ---- | C] () --
C:\WINDOWS\System32\emptyregdb.dat
[2005/08/16 03:37:24 | 000,001,793 | ---- | C] () --
C:\WINDOWS\System32\fxsperf.ini
[2005/08/16 03:33:38 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2005/08/16 03:27:59 | 000,258,248 | ---- | C] () --
C:\WINDOWS\System32\FNTCACHE.DAT
[2005/08/16 03:18:35 | 000,004,569 | ---- | C] () --
C:\WINDOWS\System32\secupd.dat
[2005/08/16 03:18:33 | 000,443,034 | ---- | C] () --
C:\WINDOWS\System32\perfh009.dat
[2005/08/16 03:18:33 | 000,272,128 | ---- | C] () --
C:\WINDOWS\System32\perfi009.dat
[2005/08/16 03:18:33 | 000,072,134 | ---- | C] () --
C:\WINDOWS\System32\perfc009.dat
[2005/08/16 03:18:33 | 000,028,626 | ---- | C] () --
C:\WINDOWS\System32\perfd009.dat
[2005/08/16 03:18:32 | 000,004,627 | ---- | C] () --
C:\WINDOWS\System32\oembios.dat
[2005/08/16 03:18:30 | 013,107,200 | ---- | C] () --
C:\WINDOWS\System32\oembios.bin
[2005/08/16 03:18:28 | 000,000,741 | ---- | C] () --
C:\WINDOWS\System32\noise.dat
[2005/08/16 03:18:23 | 000,673,088 | ---- | C] () --
C:\WINDOWS\System32\mlang.dat
[2005/08/16 03:18:23 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\mib.bin
[2005/08/16 03:18:15 | 000,218,003 | ---- | C] () --
C:\WINDOWS\System32\dssec.dat
[2005/08/16 03:18:08 | 000,001,788 | ---- | C] () --
C:\WINDOWS\System32\Dcache.bin
[2005/08/05 13:01:54 | 000,235,008 | ---- | C] () --
C:\WINDOWS\System32\psisdecd.dll
[2005/04/09 16:04:54 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini

========== LOP Check ==========

[2009/08/02 15:23:45 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\acccore
[2010/08/25 18:01:01 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\AIM
[2010/12/24 13:24:08 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Amazon
[2011/06/13 22:31:03 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\AVAST Software
[2007/04/17 19:34:40 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\FunGames
[2008/09/16 07:11:32 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\ICQ
[2009/08/08 14:46:48 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\PCSettings
[2007/04/11 20:30:38 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Sandlot Games
[2007/03/17 12:33:07 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\SingleClick Systems
[2010/09/17 10:04:52 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\TEMP
[2009/08/02 15:23:48 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\Viewpoint
[2006/12/15 00:35:30 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application Data\YAHOO
[2010/04/10 21:15:00 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application
Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/10/29 20:45:15 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\All Users\Application
Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2011/06/14 14:21:26 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\69AFB03868188CBEDA9905903C1559C3
[2006/12/23 19:34:00 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\acccore
[2010/06/28 20:01:50 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\AnvSoft
[2008/03/09 19:14:41 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\BitZipper
[2010/04/18 12:27:28 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\Facebook
[2007/01/11 22:46:38 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\Flock
[2011/04/13 20:01:25 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\HTC
[2008/09/16 07:12:45 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\ICQ
[2007/02/07 21:32:29 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\ICQLite
[2008/11/01 20:15:58 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\IMVU
[2008/11/01 20:17:28 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\IMVUClient
[2010/07/17 22:09:24 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\Spacejock Software
[2007/03/18 20:01:06 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\Template
[2008/04/02 21:28:10 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\Thunderbird
[2007/01/11 19:44:32 | 000,000,000 | ---D | M] -- C:\Documents and
Settings\Tiara\Application Data\Viewpoint

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 134 bytes -> C:\Documents and Settings\All
Users\Application Data\TEMP:BEB71B81

< End of report >

And then here's the aswMBR log:

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-15 10:39:06
-----------------------------
10:39:06.372 OS Version: Windows 5.1.2600 Service Pack 2
10:39:06.372 Number of processors: 2 586 0xE08
10:39:06.388 ComputerName: SAVEDGLORY UserName: Tiara
10:39:09.903 AVAST engine 6.0.1125 defs: 11061500
10:39:09.919 Initialize success
10:39:17.841 Disk 0 (boot) \Device\Harddisk0\DR0 ->
\Device\Ide\IdeDeviceP0T0L0-3
10:39:17.966 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size:
76319MB BusType: 3
10:39:18.107 Device \Driver\atapi -> DriverStartIo 8653e31b
10:39:20.153 Disk 0 MBR read successfully
10:39:20.216 Disk 0 MBR scan
10:39:20.544 Disk 0 [email protected] [Rtk]
10:39:20.716 Disk 0 [email protected] code has been found
10:39:20.982 Disk 0 MBR hidden
10:39:21.232 Disk 0 MBR [TDL4] **ROOTKIT**
10:39:21.403 Disk 0 trace - called modules:
10:39:21.716 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll
>>UNKNOWN [0x8653e4d0]<<
10:39:21.903 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x8651dab8]
10:39:22.138 3 CLASSPNP.SYS[f75fe05b] -> nt!IofCallDriver ->
\Device\0000006f[0x865a30b8]
10:39:22.372 5 ACPI.sys[f7494620] -> nt!IofCallDriver -> [0x86565940]
10:39:22.685 \Driver\atapi[0x86561270] -> IRP_MJ_CREATE -> 0x8653e4d0
10:39:22.747 AVAST engine scan C:\WINDOWS\system32
10:42:22.122 Scan finished successfully
10:44:53.872 Disk 0 MBR has been saved successfully to
"C:\Documents and Settings\Tiara\Desktop\MBR.dat"
10:44:53.872 The log file has been saved successfully to
"C:\Documents and Settings\Tiara\Desktop\aswMBR.txt"
  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Yep OTL did its stuff

Re-Run aswMBR

Click Scan

On completion of the scan

Click the Fix Button
Posted Image


Save the log as before and post in your next reply

Then let me know what the current problems are
  • 0

#9
savedglory

savedglory

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
When the scan completed and I tried to "fix", my computer froze and I had to force it to turn off. I restarted and scanned again then tried "fix" but now it's giving me this error message:

"WARNING !!!!
Writeing a new master boot record to your system partition could damage your partition tables and cause your partitions to become inaccessible.
This application writes standard Windows MBR code.

Are you sure you want to fix the MBR ?"



Just in case it helps, here's what the second scan offered:

aswMBR version 0.9.6.399 Copyright© 2011 AVAST Software
Run date: 2011-06-15 13:12:06
-----------------------------
13:12:06.203 OS Version: Windows 5.1.2600 Service Pack 2
13:12:06.203 Number of processors: 2 586 0xE08
13:12:06.203 ComputerName: SAVEDGLORY UserName: Tiara
13:12:07.390 AVAST engine 6.0.1125 defs: 11061500
13:12:07.390 Initialize success
13:12:12.921 Disk 0 (boot) \Device\Harddisk0\DR0 ->
\Device\Ide\IdeDeviceP0T0L0-3
13:12:12.921 Disk 0 Vendor: Hitachi_HTS541680J9SA00 SB2OC74P Size:
76319MB BusType: 3
13:12:14.968 Disk 0 MBR read successfully
13:12:14.968 Disk 0 MBR scan
13:12:14.968 Disk 0 unknown MBR code
13:12:16.984 Disk 0 scanning sectors +156296385
13:12:17.015 Disk 0 scanning C:\WINDOWS\system32\drivers
13:12:50.524 Service scanning
13:12:52.930 Disk 0 trace - called modules:
13:12:52.961 ntkrnlpa.exe CLASSPNP.SYS disk.sys ACPI.sys hal.dll
atapi.sys pciide.sys
13:12:52.961 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0x86512ab8]
13:12:52.961 3 CLASSPNP.SYS[f75fe05b] -> nt!IofCallDriver ->
\Device\00000070[0x865c60b8]
13:12:52.961 5 ACPI.sys[f7494620] -> nt!IofCallDriver ->
\Device\Ide\IdeDeviceP0T0L0-3[0x8658b940]
13:12:52.961 AVAST engine scan C:\WINDOWS\system32
13:14:44.423 Scan finished successfully
13:17:18.532 Disk 0 MBR has been saved successfully to
"C:\Documents and Settings\Tiara\Desktop\MBR.dat"
13:17:18.532 The log file has been saved successfully to
"C:\Documents and Settings\Tiara\Desktop\aswMBR.txt"
13:17:35.716 The log file has been saved successfully to
"C:\Documents and Settings\Tiara\Desktop\aswMBR2.txt"
  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

10:39:20.216 Disk 0 MBR scan
10:39:20.544 Disk 0 [email protected] [Rtk]
10:39:20.716 Disk 0 [email protected] code has been found
10:39:20.982 Disk 0 MBR hidden
10:39:21.232 Disk 0 MBR [TDL4] **ROOTKIT**

Before

13:12:14.968 Disk 0 MBR read successfully
13:12:14.968 Disk 0 MBR scan
13:12:14.968 Disk 0 unknown MBR code
13:12:16.984 Disk 0 scanning sectors +156296385

And after

The MBR bootkit is no more :) On completion of this can you let me know what problems remain

Posted Image Please download Malwarebytes' Anti-Malware from Here.

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:

If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.
  • 0

Advertisements


#11
savedglory

savedglory

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Woooo!!! *fingers crossed* I will let you know if anything is still wrong in a few, but if I already have Malwarebytes downloaded, can I just use that version? Or should I try to download it again via the link you provided?
  • 0

#12
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
No just use your current copy - but do an update first , then a quick scan and psot the log

What are your current problems
  • 0

#13
savedglory

savedglory

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Wooooo thank you! So far, so good! No more crazy malware popups and I haven't noticed anything fishy. My computer seems to be running smoothly - no more freezing or sluggishness. Here's the log:


Malwarebytes' Anti-Malware 1.46
www.malwarebytes.org

Database version: 4052

Windows 5.1.2600 Service Pack 2
Internet Explorer 8.0.6001.18702

6/15/2011 2:56:09 PM
mbam-log-2011-06-15 (14-56-09).txt

Scan type: Quick scan
Objects scanned: 141024
Time elapsed: 12 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\rotscxecynenwx
(Rootkit.TDSS) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Uninstall\Antimalware
Doctor (Rogue.AntimalwareDoctor) -> Quarantined and deleted
successfully.
HKEY_CURRENT_USER\Software\Antimalware Doctor Inc
(Rogue.AntimalwareDoctor) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#14
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Subject to no further problems :yes:

I will remove my tools now and give some recommendations, but, I would like you to run for 24 hours or so and come back if you have any problems. I would recommend that you update to SP3 though

Now the best part of the day ----- Your log now appears clean :)

A good workman always cleans up after himself so..The following will implement some cleanup procedures as well as reset System Restore points:

Run OTL
  • Under the Custom Scans/Fixes box at the bottom, paste in the following

    :Commands
    [resethosts]
    [purity]
    [emptytemp]
    [EMPTYFLASH]
    [CLEARALLRESTOREPOINTS]
    [Reboot]

  • Then click the Run Fix button at the top
  • Let the program run unhindered, reboot the PC when it is done


Run OTL and hit the cleanup button. It will remove all the programmes we have used plus itself. With aswMBR just delete the file from your desktop

We will now confirm that your hidden files are set to that, as some of the tools I use will change that
  • Click Start.
  • Open My Computer.
  • Select the Tools menu and click Folder Options.
  • Select the View Tab.
  • Under the Hidden files and folders heading select Do not show hidden files and folders.
  • Click Yes to confirm.
  • Click OK.

SPRING CLEAN

Download and run Puran Disc Defragmenter
For the first run I would recommend a boot defrag and disk check

Posted Image


Now that you are clean, to help protect your computer in the future I recommend that you get the following free programmes:

Posted Image Malwarebytes. Update and run weekly to keep your system clean

Download and install FileHippo update checker and run it monthly it will show you which programmes on your system need updating and give a download link

It is critical to have both a firewall and anti virus to protect your system and to keep them updated.

To keep your operating system up to date visit

To learn more about how to protect yourself while on the internet read our little guide How did I get infected in the first place ?
Keep safe :unsure:
  • 0

#15
savedglory

savedglory

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
You are a lifesaver!!!!!!!!!!!!!! :) :unsure: :yes: :) Thank you so so very much!!

A few questions:

1. I couldn't check that my files were set to hidden, because Under "View", I only see:

Files and Folders
* automatically search for network folders and printers
* Display file size information in folder tips
* Display simple folder view in Explorer's Folders list
* Display the contents of system folders
* Display the full path in the address bar
* Display the full path in the title bar
* Do not cache thumbnails
* Hide extensions for known file types
* Hide protected operating system files (Recommended)
* Launch folder windows in separate process

Managing pairs of Web pages and folders:
* Show and manage the pair as a single file
* Show both parts and manage them individually
Show both parts but manage as a single file
* Remember each folder's view settings
* Restore previous folder windows at logon
* Show control Panel in My Computer
* Show encrypted or compressed NTFS files in color
* Show pop-up description for folder and desktop items
* Use simple file sharing (Recommended)


There was no "Hidden files and folders heading" where I could select "Do not show hidden files and folders". Is this necessary? Or can I do something else instead?


2. I have the Free version of Malwarebytes, but do you recommend purchasing the paid option? I've had a few friends recommend it to me.


3. What antivirus programs do you recommend? I had a free trial of Norton and AVG, but both have since run out. Are there good free versions? I don't mind paying, but my experience with antivirus programs have always been clunky and annoying. I'd love something that's easy to set up and easy to set reminders for, since I'm terrible with remembering.

Thank you again!
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP