Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Help....b4 this gets worse!

Started by tammy111 , Sep 08 2011 09:31 PM

  • Please log in to reply

#1
tammy111
Posted 08 September 2011 - 09:31 PM

tammy111

    Member

  • Member
  • PipPip
  • 95 posts
Well, my kid got on my puter and searched for pictures for a homework assignment. Now, when I google something, the results come up as usual, but when i click on a result link, it goes to a Yahoo results page with similar search results. If i click on one of the Yahoo results, i get 404 or some random page.

I downloaded the OTL and here are the results. Thank you guys for your help. You saved me once before too!!


OTL logfile created on: 9/8/2011 10:07:15 PM - Run 4
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.58 Gb Available Physical Memory | 63.13% Memory free
3.10 Gb Paging File | 2.45 Gb Available in Paging File | 79.09% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 12.49 Gb Free Space | 16.78% Space Free | Partition Type: NTFS

Computer Name: BEDROOM | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user | Quick Scan
Company Name Whitelist: On | Skip Microsoft Files: On | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 22:06:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2011/09/07 16:56:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2009/08/07 14:32:26 | 000,358,232 | ---- | M] (Creative Home) -- C:\Program Files\Creative Home\Hallmark Card Studio 2010 Deluxe\Planner\PLNRnote.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/08 14:54:53 | 001,556,992 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090802\algo.dll
MOD - [2011/09/08 13:52:11 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090802\aswRep.dll
MOD - [2011/09/07 16:56:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/25 15:42:54 | 006,053,536 | ---- | M] () -- C:\WINDOWS\SYSTEM32\Macromed\Flash\NPSWF32.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2006/02/02 03:12:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LXPRMON.DLL
MOD - [2002/07/04 09:38:00 | 000,053,248 | ---- | M] () -- C:\Program Files\ArcSoft\Software Suite\PhotoImpression 5\Share\PIHook.dll


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/30 18:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/01/30 18:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid409.sys -- (Dot4 HPH09)
DRV - [2003/01/30 18:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2003/01/30 18:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/05/28 22:07:36 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/19 20:25:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 16:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/08/22 20:23:31 | 000,000,000 | ---D | M]

[2009/08/22 20:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2011/07/01 21:17:27 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions
[2010/04/27 12:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/06/22 21:26:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
[2011/05/19 10:03:05 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
[2011/05/19 10:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SGR9VMUH.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SGR9VMUH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/05/19 10:02:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/09/07 16:56:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/05/19 10:02:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/26 12:33:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/05/17 09:25:23 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk = C:\WINDOWS\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Acresso Software Inc.)
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk = File not found
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: amphire.net ([commerce] http in Trusted sites)
O15 - HKCU\..Trusted Domains: csplans.com ([teamsterups] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: paypal.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: usps.gov ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.5.10 209.55.5.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43C7A042-A8C9-4227-82B9-834C0473BEC0}: DhcpNameServer = 209.55.5.10 209.55.5.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop Components:0 () -
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = comfile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/08 22:06:09 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/08/23 22:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\ggg
[2011/08/22 20:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/22 20:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/22 20:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/22 20:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/22 20:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/20 23:12:29 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
[2010/01/20 23:12:28 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSVCR80.dll

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,065,348 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.wpd
[2011/09/08 22:06:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/09/07 16:56:08 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
[2011/09/07 16:55:35 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/09/07 03:18:28 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/07 03:18:24 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/05 19:06:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/08/27 11:58:24 | 000,216,539 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\todd florey experian.pdf
[2011/08/24 03:00:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/22 20:42:46 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/22 20:42:46 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/22 20:39:12 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/22 20:23:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/19 20:25:49 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT
[2011/08/10 19:22:10 | 000,187,253 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\08-10-11.pdf
[2011/08/10 03:10:44 | 000,441,552 | ---- | M] () -- C:\WINDOWS\System32\PERFH009.DAT
[2011/08/10 03:10:43 | 000,071,488 | ---- | M] () -- C:\WINDOWS\System32\PERFC009.DAT

========== Files Created - No Company Name ==========

[2011/08/27 11:58:24 | 000,216,539 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\todd florey experian.pdf
[2011/08/22 20:39:12 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/22 20:23:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/10 19:22:10 | 000,187,253 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\08-10-11.pdf
[2010/08/03 03:15:51 | 000,188,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/10 14:11:16 | 000,068,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2010/04/14 10:10:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/04/14 10:10:35 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/04/14 10:10:33 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2009/04/21 19:04:31 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2009/04/21 19:04:31 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2008/09/13 09:37:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/09/13 09:37:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/23 20:48:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\$_hpcst$.hpc
[2007/12/04 22:18:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/11/03 22:09:55 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/10/05 21:35:00 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\MumboJumbo.ini
[2007/10/05 21:35:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Todd\Application Data\ud_soundmanager.ini
[2007/06/20 15:46:41 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2007/05/13 22:40:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/26 22:20:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/12/02 16:33:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Todd.ini
[2006/05/01 15:01:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/25 22:24:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\hw.ini
[2005/08/28 19:49:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2005/08/28 19:49:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2005/08/28 19:47:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2005/07/20 18:52:09 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/26 19:47:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\bbuninst.exe
[2005/02/22 23:29:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/10 21:20:13 | 000,001,096 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2004/10/21 10:34:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 13:15:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/18 16:52:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/07/18 16:46:27 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/07/18 16:45:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2004/06/13 11:32:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\fusioncache.dat
[2004/04/17 10:47:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JPR.{PB
[2004/04/17 10:47:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JCM.{PB
[2004/04/14 20:11:24 | 000,001,922 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/09 12:48:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/09 12:42:26 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/09 12:38:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/09 12:36:54 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/03/09 12:36:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/03/09 12:36:42 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/03/09 12:36:42 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/03/09 12:36:42 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/03/09 12:36:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/03/09 12:36:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/03/09 12:36:10 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/03/09 12:35:13 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/03/09 12:32:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/09 12:17:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/09 12:14:52 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/09 12:14:52 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/09 12:01:22 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/30 18:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 18:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2002/09/03 10:05:08 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== LOP Check ==========

[2011/05/19 10:20:04 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Autorun Eater
[2011/05/16 23:18:14 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVAST Software
[2011/05/16 22:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar
[2011/01/12 13:36:20 | 000,000,000 | -H-D | M] -- C:\Documents and Settings\All Users\Application Data\Common Files
[2008/01/26 17:42:15 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Eastman Kodak Company
[2011/05/19 10:17:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\InstallMate
[2008/01/26 17:41:42 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\kds_kodak
[2011/04/14 18:11:37 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MFAData
[2004/05/21 20:27:33 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\MSN Messenger 6.2.0133
[2008/02/03 00:05:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\Musicnotes
[2009/03/11 21:59:39 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{00D89592-F643-4D8D-8F0F-AFAE0F14D4C3}
[2010/04/15 00:28:46 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{429CAD59-35B1-4DBC-BB6D-1DB246563521}
[2009/09/24 08:22:41 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
[2009/04/23 17:56:20 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\{8CD7F5AF-ECFA-4793-BF40-D8F42DBFF906}
[2011/06/06 23:52:30 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Audacity
[2011/01/12 13:45:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\AVG10
[2004/08/09 13:17:22 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\EPSON
[2004/04/14 20:09:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Leadertech
[2006/11/12 21:32:25 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\Snapfish
[2011/01/26 16:32:24 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\uTorrent
[2011/05/19 10:18:03 | 000,000,000 | ---D | M] -- C:\Documents and Settings\Todd\Application Data\WinPatrol

========== Purity Check ==========



========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.doc:SummaryInformation

< End of report >
  • 0

Advertisements

#2
RKinner
Posted 09 September 2011 - 10:29 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Download and save the AVG removal tool
http://download.avg....6_2011_1184.exe
Run the AVG removal tool

Clear the Java Cache by following the instructions on
http://www.java.com/...lugin_cache.xml


Click on the Avast ball. Then click on Additional Protections then on AutoSandbox then on Settings then uncheck Enable AutoSandbox. OK


Copy the text in the code box by highlighting and Ctrl + c 


:processes
killallprocesses

:OTL
FF - prefs.js..browser.search.defaultenginename: "AVG Secure Search"
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:59:19 | 000,000,000 | ---D | M]
[2011/05/19 10:03:06 | 000,000,000 | ---D | M] (Java Console) -- C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
[2011/05/19 10:02:46 | 000,000,000 | ---D | M] (Java Quick Starter) -- C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF
[2011/05/19 10:02:46 | 000,423,656 | ---- | M] (Sun Microsystems, Inc.) -- C:\Program Files\mozilla firefox\plugins\npdeployJava1.dll
[2011/06/22 21:26:31 | 000,000,000 | ---D | M] (Yahoo! Toolbar) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}
O2 - BHO: (&Yahoo! Toolbar Helper) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - File not found
O2 - BHO: (no name) - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - No CLSID value found.
O4 - Startup: C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk = File not found
O9 - Extra 'Tools' menuitem : Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - File not found
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O16 - DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} http://java.sun.com/...indows-i586.cab (Java Plug-in 1.6.0_21)
O24 - Desktop Components:0 () - 
[2010/04/14 10:10:43 | 000,000,036 | ---- | C] () -- C:\WINDOWS\rasqervy.dll
[2010/04/14 10:10:35 | 000,000,005 | ---- | C] () -- C:\WINDOWS\sdfixwcs.dll
[2010/04/14 10:10:33 | 000,000,008 | ---- | C] () -- C:\WINDOWS\sdfinacs.dll
[2011/05/16 22:04:29 | 000,000,000 | ---D | M] -- C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar


:files
xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C
xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C
xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C
xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C
    
:Commands
[RESETHOSTS]
[purity]
[Reboot]
then run OTL and Under the Custom Scans/Fixes box at the bottom, paste (ctrl +v) the text. Verify that you got it all and Then click the Run Fix button at the top
Let the program run unhindered, OTL will reboot the PC when it is done. Save the log and copy and paste it to a reply.

Malwarebytes' Anti-Malware
:!: If you have a previous version of MalwareBytes', remove it via Add or Remove Programs and download a fresh copy. :!:

http://www.malwarebytes.org/mbam.php

SAVE Malwarebytes' Anti-Malware to your desktop.

* Double-click mbam-setup.exe and follow the prompts to install the program.
* At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform quick scan, then click Scan.
* When the scan is complete, click OK, then Show Results to view the results.

* Be sure that everything is checked, and click Remove Selected.

* When completed, a log will open in Notepad. Please save it to a convenient location.
* The log can also be found here:
C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
* Post that log back here.



ComboFix
:!: If you have a previous version of Combofix.exe, delete it and download a fresh copy. :!:

:!: It must be saved to your desktop, do not run it from your browser or from the Downloads folder:!:

:!: Disable your Antivirus software when downloading or running Combofix. Right click on the Avast Ball and select Avast! Shields Control and Disable Until Computer is Restarted

Download and Save this file -- to your Desktop -- from either of these two sources:
http://download.blee...Bs/ComboFix.exe
http://subs.geekstogo.com/ComboFix.exe

Doubleclick on ComboFix to start the program.



* :!: Important: Have no other programs running. Your Task Bar should be clear of any program entries including your Browser.


* A window may open with a series of Disclaimers. Accept the Disclaimers to start the fix. Allow it to install the Recovery Console then Continue. When the scan completes Notepad will open with with your results log open. Do a File, Exit and answer 'Yes' to save changes.


A caution - Do not run Combofix more than once. Do not touch your mouse/keyboard until the scan has completed, as this may cause the process to stall or your computer to lock. The scan will temporarily disable your desktop, and if interrupted may leave your desktop disabled. If this occurs, please reboot to restore the desktop. Even when ComboFix appears to be doing nothing, look at your Drive light. If it is flashing, Combofix is still at work.
A file will be created at => C:\Combofix.txt. I'll need to see that in your reply.

Download TDSSKiller:
http://support.kaspe.../tdsskiller.exe
Save it to your desktop then run it.
Double click on TDSSKiller.exe
If TDSSKiller alerts you that the system needs to reboot, please consent.
When done, a log file should be created on your C: drive named "TDSSKiller.txt" please copy and paste the contents in your next reply.


Download aswMBR.exe ( 511KB ) to your desktop.
Double click the aswMBR.exe to run it
change the a-v scan to None.
uncheck trace disk IO calls
Click the "Scan" button to start scan
On completion of the scan (Note if the Fix button is enabled (not the FixMBR button) and tell me) click save log, save it to your desktop and post in your next reply

Run OTL (Vista or Win 7 => right click and Run As Administrator)

select the All option in the Extra Registry group then Run Scan.

You should get two logs. Please copy and paste both of them.

Are you still getting redirected?

Ron
  • 0

#3
tammy111
Posted 09 September 2011 - 10:53 PM

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
wow...ok here is the log from OTL
========== PROCESSES ==========
All processes killed
========== OTL ==========
Prefs.js: "AVG Secure Search" removed from browser.search.defaultenginename
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared not found.
File HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ not found.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-TW folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\zh-CN folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\sv-SE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ko-KR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\ja-JP folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\it-IT folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\fr-FR folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\es-ES folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\en-US folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale\de-DE folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\locale folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content\ffjcext folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome\content folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\chrome folder moved successfully.
C:\Program Files\Mozilla Firefox\extensions\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA} folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome\content folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF\chrome folder moved successfully.
C:\PROGRAM FILES\JAVA\JRE6\LIB\DEPLOY\JQS\FF folder moved successfully.
C:\Program Files\Mozilla Firefox\plugins\npdeployJava1.dll moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\META-INF folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults\preferences folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\defaults folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\components folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1}\chrome folder moved successfully.
C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{635abd67-4fe9-1b23-4f01-e679fa7484c1} folder moved successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4efb-9B51-7695ECA05670}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{3CA2F312-6F6E-4B53-A66E-4E65E497C8C0}\ not found.
C:\Documents and Settings\Todd\Start Menu\Programs\Startup\GoBox.lnk moved successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extensions\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{08B0E5C0-4FCB-11CF-AAA5-00401C608501}\ deleted successfully.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_CURRENT_USER\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ deleted successfully.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {8AD9C840-044E-11D1-B3E9-00805F499D93}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{8AD9C840-044E-11D1-B3E9-00805F499D93}\ not found.
Starting removal of ActiveX control {CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-0016-0000-0021-ABCDEFFEDCBA}\ not found.
Starting removal of ActiveX control {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Code Store Database\Distribution Units\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Active Setup\Installed Components\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_LOCAL_MACHINE\SOFTWARE\Classes\CLSID\{CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA}\ not found.
Registry key HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Desktop\Components\0\ deleted successfully.
File not found.
C:\WINDOWS\rasqervy.dll moved successfully.
C:\WINDOWS\sdfixwcs.dll moved successfully.
C:\WINDOWS\sdfinacs.dll moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar\cache folder moved successfully.
C:\Documents and Settings\All Users\Application Data\AVG Security Toolbar folder moved successfully.
========== FILES ==========
< xcopy %Temp%\smtmp\1 "%AllUsersProfile%\Start Menu" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Todd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Todd\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\2 "%UserProfile%\Application Data\Microsoft\Internet Explorer\Quick Launch" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Todd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Todd\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\3 "%AppData%\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Todd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Todd\Desktop\cmd.txt deleted successfully.
< xcopy %Temp%\smtmp\4 "%AllUsersProfile%\Desktop" /H /I /S /Y /C >
0 File(s) copied
C:\Documents and Settings\Todd\Desktop\cmd.bat deleted successfully.
C:\Documents and Settings\Todd\Desktop\cmd.txt deleted successfully.
========== COMMANDS ==========
C:\WINDOWS\System32\drivers\etc\Hosts moved successfully.
HOSTS file reset successfully

OTL by OldTimer - Version 3.2.27.0 log created on 09092011_220159

Files\Folders moved on Reboot...

Registry entries deleted on Reboot...
  • 0

#4
tammy111
Posted 10 September 2011 - 09:34 AM

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
malwarebytes results...

Malwarebytes' Anti-Malware 1.51.1.1800
www.malwarebytes.org

Database version: 7688

Windows 5.1.2600 Service Pack 3
Internet Explorer 8.0.6001.18702

9/10/2011 01:00:27 AM
mbam-log-2011-09-10 (01-00-27).txt

Scan type: Quick scan
Objects scanned: 239108
Time elapsed: 59 minute(s), 1 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
  • 0

#5
tammy111
Posted 10 September 2011 - 10:58 AM

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
combofix results

ComboFix 11-09-10.02 - Todd 09/10/2011 10:47:22.4.1 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2559.1962 [GMT -5:00]
Running from: c:\documents and settings\Todd\Desktop\ComboFix.exe
AV: avast! Antivirus *Disabled/Updated* {7591DB91-41F0-48A3-B128-1A293FD8233D}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Brooke\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Brooke\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Drew\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Drew\Local Settings\Application Data\ApplicationHistory\DA_PASlog.exe.266217b1.ini
c:\documents and settings\Drew\Local Settings\Application Data\ApplicationHistory\InCF.exe.69eee60.ini
c:\documents and settings\Drew\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Drew\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini
c:\documents and settings\Drew\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.77164975.ini
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\AllertEula.exe.561b80e6.ini
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\DFolder.exe.368dcbb5.ini
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\ExpEval21.exe.8f3e9125.ini
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini.inuse
c:\documents and settings\Other\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.77164975.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\AlertView.exe.8de2ebce.ini.inuse
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\AllertEula.exe.561b80e6.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\ClientApplicationFrameWork.exe.3ead1c54.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\DA_PASlog.exe.266217b1.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\DellUpdateMsg.exe.4ceef5a4.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\DFolder.exe.368dcbb5.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\DNGen.exe.8bb9a8a9.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\DNgen.exe.ead52a2b.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\DReg1.exe.c7cc3366.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\DS_PASlog.exe.5c97331f.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\ExpEval21.exe.8f3e9125.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\GUI.exe.1cffab20.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\MBKInstaller.exe.7de71b57.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\MightyLoaderMain.exe.a56581f.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\MSIE.tmp.9e2b295d.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\N2Edit.exe.34317bc2.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\N2Edit.exe.cfc06504.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\N2Edit.exe.eb4c3bb0.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\NGen.exe.2c05686e.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\prstp.exe.3ac677f2.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\rng.exe.ac4aa698.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\SL17.tmp.72dd0761.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\SN2004 Web Key Server.exe.ec9f3c0b.ini.inuse
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\SN2004.exe.21518118.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\SN2004.exe.df4db196.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\ssIS.exe.4a0d72e5.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\ssIS.exe.d00358d.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\startDSLog.exe.39525976.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\update21GUI.exe.7a16bd78.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.2003a4b2.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.558269b5.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.70cb5133.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.77164975.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.84bf43f2.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.8b012eb8.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.99bd332e.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.ba34fb79.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.f711c2b7.ini
c:\documents and settings\Todd\Local Settings\Application Data\ApplicationHistory\WMITarget.exe.fe78d26e.ini
c:\documents and settings\Tyler\Local Settings\Application Data\ApplicationHistory
c:\documents and settings\Tyler\Local Settings\Application Data\ApplicationHistory\NotifyAlert.exe.83a8f8c0.ini.inuse
c:\documents and settings\Tyler\Local Settings\Application Data\ApplicationHistory\TransferAgent.exe.91f03f4d.ini
c:\windows\TSOC.LOG
.
.
((((((((((((((((((((((((( Files Created from 2011-08-10 to 2011-09-10 )))))))))))))))))))))))))))))))
.
.
2011-09-10 15:41 . 2011-09-10 15:42 -------- dc----w- C:\32788R22FWJFW
2011-09-10 04:59 . 2011-07-07 00:52 41272 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2011-09-10 04:59 . 2011-07-07 00:52 22712 ----a-w- c:\windows\system32\drivers\mbam.sys
2011-09-10 04:59 . 2011-09-10 04:59 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2011-08-23 01:37 . 2011-08-23 01:37 -------- d-----w- c:\program files\iPod
2011-08-23 01:37 . 2011-08-23 01:38 -------- d-----w- c:\program files\iTunes
2011-08-23 01:32 . 2011-08-23 01:32 -------- d-----w- c:\program files\Bonjour
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-09-03 10:17 . 2008-09-13 14:37 599040 ----a-w- c:\windows\system32\crypt32.dll
2011-07-15 13:29 . 2008-09-13 14:36 456320 ----a-w- c:\windows\system32\drivers\mrxsmb.sys
2011-07-12 16:20 . 2011-07-12 16:20 83816 ----a-w- c:\windows\system32\dns-sd.exe
2011-07-12 16:20 . 2011-07-12 16:20 73064 ----a-w- c:\windows\system32\dnssd.dll
2011-07-08 14:02 . 2008-09-13 14:36 10496 ----a-w- c:\windows\system32\drivers\ndistapi.sys
2011-07-05 23:37 . 2011-07-05 23:37 94208 ----a-w- c:\windows\system32\QuickTimeVR.qtx
2011-07-05 23:37 . 2011-07-05 23:37 69632 ----a-w- c:\windows\system32\QuickTime.qts
2011-07-04 11:43 . 2011-05-17 04:18 40112 ----a-w- c:\windows\avastSS.scr
2011-07-04 11:43 . 2011-05-17 04:18 199304 ----a-w- c:\windows\system32\aswBoot.exe
2011-07-04 11:36 . 2011-05-17 04:18 441176 ----a-w- c:\windows\system32\drivers\aswSnx.sys
2011-07-04 11:36 . 2011-05-17 04:18 309848 ----a-w- c:\windows\system32\drivers\aswSP.sys
2011-07-04 11:35 . 2011-05-17 04:18 43608 ----a-w- c:\windows\system32\drivers\aswTdi.sys
2011-07-04 11:35 . 2011-05-17 04:18 102616 ----a-w- c:\windows\system32\drivers\aswmon2.sys
2011-07-04 11:35 . 2011-05-17 04:18 96344 ----a-w- c:\windows\system32\drivers\aswmon.sys
2011-07-04 11:32 . 2011-05-17 04:18 25432 ----a-w- c:\windows\system32\drivers\aswRdr.sys
2011-07-04 11:32 . 2011-05-17 04:18 30808 ----a-w- c:\windows\system32\drivers\aavmker4.sys
2011-07-04 11:32 . 2011-05-17 04:18 19544 ----a-w- c:\windows\system32\drivers\aswFsBlk.sys
2011-06-24 14:10 . 2008-09-13 14:36 139656 ----a-w- c:\windows\system32\drivers\rdpwd.sys
2011-06-23 18:36 . 2004-08-24 01:32 916480 ----a-w- c:\windows\system32\wininet.dll
2011-06-23 18:36 . 2002-08-29 11:00 43520 ----a-w- c:\windows\system32\licmgr10.dll
2011-06-23 18:36 . 2002-08-29 11:00 1469440 ----a-w- c:\windows\system32\inetcpl.cpl
2011-06-23 12:05 . 2008-09-13 14:38 385024 ----a-w- c:\windows\system32\html.iec
2011-06-20 17:44 . 2008-09-13 14:36 293376 ----a-w- c:\windows\system32\winsrv.dll
2009-01-13 20:45 . 2010-01-21 04:12 81920 ----a-w- c:\program files\Common Files\WIZ1x0SR_105SR_CFG.exe
2006-12-01 11:54 . 2010-01-21 04:12 626688 -c--a-w- c:\program files\Common Files\MSVCR80.dll
2011-09-07 21:56 . 2011-06-26 17:33 134104 ----a-w- c:\program files\mozilla firefox\components\browsercomps.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\00avast]
@="{472083B0-C522-11CF-8763-00608CC02F24}"
[HKEY_CLASSES_ROOT\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}]
2011-07-04 11:43 122512 ----a-w- c:\program files\AVAST Software\Avast\ashShell.dll
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-10-11 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvCplDaemon"="c:\windows\System32\NvCpl.dll" [2003-10-30 4800512]
"dla"="c:\windows\system32\dla\tfswctrl.exe" [2003-08-06 114741]
"PCMService"="c:\program files\Dell\Media Experience\PCMService.exe" [2003-08-27 204800]
"UpdReg"="c:\windows\UpdReg.EXE" [2000-05-11 90112]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2004-03-09 151597]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\AppleSyncNotifier.exe" [2011-04-20 58656]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2011-06-08 37296]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2011-03-30 937920]
"avast"="c:\program files\AVAST Software\Avast\avastUI.exe" [2011-07-04 3493720]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"Autorun Eater"="c:\program files\Autorun Eater\oldmcdonald.exe" [2010-05-06 516216]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2011-07-05 421888]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2011-08-19 421736]
"WinPatrol"="c:\program files\BillP Studios\WinPatrol\winpatrol.exe" [2011-05-15 325512]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"Malwarebytes' Anti-Malware"="c:\program files\Malwarebytes' Anti-Malware\mbamgui.exe" [2011-07-07 449584]
.
c:\documents and settings\Todd\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - c:\program files\Microsoft Office\Office12\ONENOTEM.EXE [2009-2-26 97680]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
Event Planner Reminder 2010.lnk - c:\windows\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe [2010-6-10 341328]
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]
@=""
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=c:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^HotSync Manager.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\HotSync Manager.lnk
backup=c:\windows\pss\HotSync Manager.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=c:\windows\pss\Kodak EasyShare software.lnkCommon Startup
.
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=c:\windows\pss\KODAK Software Updater.lnkCommon Startup
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UserFaultCheck]
c:\windows\system32\dumprep 0 -u [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\diagent]
2002-04-03 07:01 135264 -c--a-w- c:\program files\Creative\SBLive\Diagnostics\diagent.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPDJ Taskbar Utility]
2003-01-30 23:55 196608 -c--a-w- c:\windows\SYSTEM32\SPOOL\DRIVERS\W32X86\3\hpztsb04.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\HPHmon03]
2003-01-30 23:55 311296 -c--a-w- c:\windows\SYSTEM32\hphmon03.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
2011-08-19 06:07 421736 ----a-w- c:\program files\iTunes\iTunesHelper.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lxccmon.exe]
2005-02-21 11:21 192512 -c--a-w- c:\program files\Lexmark 3300 Series\lxccmon.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
2008-04-14 00:12 1695232 ----a-w- c:\program files\Messenger\msmsgs.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
2001-07-09 15:50 155648 -c--a-w- c:\windows\SYSTEM32\NeroCheck.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 01:42 32768 -c--a-w- c:\program files\CyberLink\PowerDVD\PDVDServ.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\UpdateManager]
2003-08-19 06:01 110592 -c--a-w- c:\program files\Common Files\Sonic\Update Manager\sgtray.exe
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
"FirewallOverride"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
"DisableNotifications"= 1 (0x1)
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Dell Computer\\Dell Picture Studio v2.0\\launch.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\uTorrent\\uTorrent.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\counter-strike source\\hl2.exe"=
"c:\\Program Files\\Steam\\SteamApps\\tbinnerarity\\half-life 2 deathmatch\\hl2.exe"=
"c:\\Program Files\\Adobe Media Player\\Adobe Media Player.exe"=
"c:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Google\\Google Earth\\client\\googleearth.exe"=
"c:\\Program Files\\Common Files\\Apple\\Apple Application Support\\WebKit2WebProcess.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
.
R2 WinDefend;Windows Defender;c:\program files\Windows Defender\MsMpEng.exe [2006-11-04 13592]
S1 aswSnx;aswSnx; [x]
S1 aswSP;aswSP; [x]
S2 aswFsBlk;aswFsBlk; [x]
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
HPZ12 REG_MULTI_SZ Pml Driver HPZ12 Net Driver HPZ12
hpdevmgmt REG_MULTI_SZ hpqcxs08
.
Contents of the 'Scheduled Tasks' folder
.
2011-09-06 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2011-06-01 22:57]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.google.com/
uInternet Settings,ProxyOverride = <local>;*.local
uSearchAssistant = hxxp://www.google.com/ie
uSearchURL,(Default) = hxxp://search.yahoo.com/search?fr=mcafee&p=%s
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
Trusted Zone: amphire.net\commerce
Trusted Zone: csplans.com\teamsterups
Trusted Zone: ebay.com
Trusted Zone: paypal.com
Trusted Zone: usps.gov
TCP: DhcpNameServer = 209.55.5.10 209.55.5.11
Handler: avgsecuritytoolbar - {F2DDE6B2-9684-4A55-86D4-E255E237B77C} -
FF - ProfilePath - c:\documents and settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\
FF - prefs.js: browser.search.defaulturl - hxxp://search.yahoo.com/search?ei=UTF-8&fr=ytff-&p=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.search.selectedengine - Google
FF - prefs.js: browser.startup.homepage - www.google.com
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-09-10 11:11
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
.
C:\## aswSnx private storage
.
scan completed successfully
hidden files: 1
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows NT\CurrentVersion\Windows\AutorunsDisabled]
"Appinit_Dlls"="refobaju.dll,c:\\windows\\system32\\vebimayo.dll,refobaju.dll,c:\\windows\\system32\\kiduruka.dll,c:\\windows\\system32\\goyetude.dll"
.
Completion time: 2011-09-10 11:20:11
ComboFix-quarantined-files.txt 2011-09-10 16:19
ComboFix2.txt 2011-05-18 18:48
.
Pre-Run: 15,562,727,424 bytes free
Post-Run: 15,769,841,664 bytes free
.
- - End Of File - - A994C7B9B11B206CCF175C005AB768E8
  • 0

#6
tammy111
Posted 10 September 2011 - 11:04 AM

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
tsskiller finished and says no infections...i dont see a report either
  • 0

#7
tammy111
Posted 10 September 2011 - 11:11 AM

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
mbr results....the fix button was not enabled

aswMBR version 0.9.8.986 Copyright© 2011 AVAST Software
Run date: 2011-09-10 12:09:22
-----------------------------
12:09:22.500 OS Version: Windows 5.1.2600 Service Pack 3
12:09:22.500 Number of processors: 1 586 0x209
12:09:22.500 ComputerName: BEDROOM UserName: Todd
12:09:23.000 Initialize success
12:09:23.078 AVAST engine defs: 11091001
12:09:50.281 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\Ide\IdeDeviceP0T0L0-3
12:09:50.281 Disk 0 Vendor: Maxtor_6Y080L0 YAR41BW0 Size: 76293MB BusType: 3
12:09:52.296 Disk 0 MBR read successfully
12:09:52.296 Disk 0 MBR scan
12:09:52.296 Disk 0 Windows XP default MBR code
12:09:52.296 Disk 0 scanning sectors +156232125
12:09:52.406 Disk 0 scanning C:\WINDOWS\system32\drivers
12:10:05.609 Service scanning
12:10:06.671 Modules scanning
12:10:27.218 Scan finished successfully
12:15:04.343 Disk 0 MBR has been saved successfully to "C:\Documents and Settings\Todd\Desktop\MBR.dat"
12:15:04.359 The log file has been saved successfully to "C:\Documents and Settings\Todd\Desktop\aswMBR.txt"
  • 0

#8
tammy111
Posted 10 September 2011 - 11:21 AM

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
ran otl here are the reports

OTL logfile created on: 9/10/2011 12:17:07 PM - Run 5
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 73.75% Memory free
3.10 Gb Paging File | 2.71 Gb Available in Paging File | 87.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 14.71 Gb Free Space | 19.76% Space Free | Partition Type: NTFS

Computer Name: BEDROOM | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Processes (SafeList) ==========

PRC - [2011/09/08 22:06:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
PRC - [2011/09/07 16:56:47 | 000,924,632 | ---- | M] (Mozilla Corporation) -- C:\Program Files\Mozilla Firefox\firefox.exe
PRC - [2011/07/04 06:43:54 | 003,493,720 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastUI.exe
PRC - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe
PRC - [2011/05/15 14:53:20 | 000,325,512 | ---- | M] (BillP Studios) -- C:\Program Files\BillP Studios\WinPatrol\WinPatrol.exe
PRC - [2010/05/06 19:09:06 | 000,415,638 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\billy.exe
PRC - [2010/05/06 18:59:36 | 000,516,216 | ---- | M] (Old McDonald's Farm) -- C:\Program Files\Autorun Eater\oldmcdonald.exe
PRC - [2008/04/13 19:12:19 | 001,033,728 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\explorer.exe
PRC - [2004/03/09 12:37:15 | 000,151,597 | ---- | M] (RealNetworks, Inc.) -- C:\Program Files\Common Files\Real\Update_OB\realsched.exe


========== Modules (No Company Name) ==========

MOD - [2011/09/10 05:50:55 | 001,560,576 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091001\algo.dll
MOD - [2011/09/10 05:16:54 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11091001\aswRep.dll
MOD - [2011/09/09 15:02:30 | 001,560,064 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090901\algo.dll
MOD - [2011/09/09 12:20:53 | 000,208,544 | ---- | M] () -- C:\Program Files\AVAST Software\Avast\defs\11090901\aswRep.dll
MOD - [2011/09/07 16:56:45 | 001,846,232 | ---- | M] () -- C:\Program Files\Mozilla Firefox\mozjs.dll
MOD - [2011/06/24 22:56:36 | 000,087,328 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
MOD - [2011/06/24 22:56:14 | 001,241,888 | ---- | M] () -- C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
MOD - [2011/04/14 20:01:33 | 000,548,854 | ---- | M] () -- C:\Program Files\BillP Studios\WinPatrol\sqlite3.dll
MOD - [2006/02/02 03:12:22 | 000,040,960 | ---- | M] () -- C:\WINDOWS\SYSTEM32\LXPRMON.DLL


========== Win32 Services (SafeList) ==========

SRV - [2011/07/04 06:43:51 | 000,042,184 | ---- | M] (AVAST Software) [Auto | Running] -- C:\Program Files\AVAST Software\Avast\AvastSvc.exe -- (avast! Antivirus)
SRV - [2007/03/07 15:47:46 | 000,076,848 | ---- | M] () [On_Demand | Stopped] -- C:\Program Files\DellSupport\brkrsvc.exe -- (DSBrokerService)
SRV - [2006/11/03 19:19:58 | 000,013,592 | ---- | M] (Microsoft Corporation) [Auto | Stopped] -- C:\Program Files\Windows Defender\MsMpEng.exe -- (WinDefend)
SRV - [2005/02/25 11:42:46 | 000,466,944 | ---- | M] (Lexmark International, Inc.) [On_Demand | Stopped] -- C:\WINDOWS\System32\lxcccoms.exe -- (lxcc_device)
SRV - [2003/03/03 14:33:40 | 000,143,360 | ---- | M] (Intel® Corporation) [On_Demand | Stopped] -- C:\Program Files\Intel\NCS\Sync\NetSvc.exe -- (NetSvc)
SRV - [2003/01/30 18:55:44 | 000,077,824 | ---- | M] (HP) [On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\hphipm09.exe -- (Pml Driver)


========== Driver Services (SafeList) ==========

DRV - File not found [Kernel | On_Demand | Running] -- -- (catchme)
DRV - [2011/07/04 06:36:43 | 000,441,176 | ---- | M] (AVAST Software) [File_System | System | Running] -- C:\WINDOWS\System32\drivers\aswSnx.sys -- (aswSnx)
DRV - [2011/07/04 06:36:32 | 000,309,848 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswSP.sys -- (aswSP)
DRV - [2011/07/04 06:35:23 | 000,043,608 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswTdi.sys -- (aswTdi)
DRV - [2011/07/04 06:35:12 | 000,102,616 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswmon2.sys -- (aswMon2)
DRV - [2011/07/04 06:32:32 | 000,025,432 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aswRdr.sys -- (aswRdr)
DRV - [2011/07/04 06:32:13 | 000,030,808 | ---- | M] (AVAST Software) [Kernel | System | Running] -- C:\WINDOWS\System32\drivers\aavmker4.sys -- (Aavmker4)
DRV - [2011/07/04 06:32:12 | 000,019,544 | ---- | M] (AVAST Software) [File_System | Auto | Running] -- C:\WINDOWS\System32\drivers\aswFsBlk.sys -- (aswFsBlk)
DRV - [2008/04/13 13:45:29 | 000,010,624 | ---- | M] (Microsoft Corporation) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\gameenum.sys -- (gameenum)
DRV - [2007/02/25 12:10:48 | 000,005,376 | --S- | M] (Gteko Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\dsunidrv.sys -- (dsunidrv)
DRV - [2006/10/05 16:07:28 | 000,004,736 | ---- | M] (Gteko Ltd.) [Kernel | On_Demand | Stopped] -- C:\Program Files\DellSupport\GTAction\triggers\DSproct.sys -- (DSproct)
DRV - [2005/11/24 20:51:38 | 000,245,248 | ---- | M] (Ralink Technology, Corp.) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\rt73.sys -- (RT73)
DRV - [2005/02/01 19:18:38 | 000,017,992 | ---- | M] (Broadcom Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\bcm42rly.sys -- (BCM42RLY)
DRV - [2004/08/04 00:29:49 | 000,019,455 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wvchntxx.sys -- (iAimFP4)
DRV - [2004/08/04 00:29:47 | 000,012,063 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wsiintxx.sys -- (iAimFP3)
DRV - [2004/08/04 00:29:45 | 000,023,615 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wch7xxnt.sys -- (iAimTV4)
DRV - [2004/08/04 00:29:43 | 000,033,599 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv04nt.sys -- (iAimTV3)
DRV - [2004/08/04 00:29:42 | 000,019,551 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv02nt.sys -- (iAimTV1)
DRV - [2004/08/04 00:29:41 | 000,029,311 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\watv01nt.sys -- (iAimTV0)
DRV - [2004/08/04 00:29:37 | 000,012,415 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv01nt.sys -- (iAimFP0)
DRV - [2004/08/04 00:29:37 | 000,012,127 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv02nt.sys -- (iAimFP1)
DRV - [2004/08/04 00:29:37 | 000,011,775 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\wadv05nt.sys -- (iAimFP2)
DRV - [2004/08/04 00:29:36 | 000,161,020 | ---- | M] (Intel® Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\i81xnt5.sys -- (i81x)
DRV - [2003/08/14 11:58:12 | 001,296,384 | ---- | M] (Creative Technology Ltd.) [Kernel | On_Demand | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\P16X.sys -- (P16X) Creative SB Live! Series (WDM)
DRV - [2003/01/30 18:55:44 | 000,050,800 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphid409.sys -- (Dot4 HPH09)
DRV - [2003/01/30 18:55:44 | 000,050,211 | ---- | M] (Hewlett-Packard) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphs2k09.sys -- (Dot4Storage HPH09) Storage Class Driver for IEEE-1284.4 (HPH09)
DRV - [2003/01/30 18:55:44 | 000,016,112 | ---- | M] (HP) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\hphipr09.sys -- (Dot4Print HPH09)
DRV - [2002/11/08 14:45:06 | 000,017,217 | ---- | M] (Dell Computer Corporation) [Kernel | System | Running] -- C:\WINDOWS\SYSTEM32\DRIVERS\omci.sys -- (omci)
DRV - [2001/08/17 13:11:06 | 000,066,591 | ---- | M] (3Com Corporation) [Kernel | On_Demand | Stopped] -- C:\WINDOWS\SYSTEM32\DRIVERS\EL90XBC5.SYS -- (EL90XBC)
DRV - [1999/12/17 02:00:00 | 000,006,752 | ---- | M] (Creative Technology Ltd.) [Kernel | Auto | Running] -- C:\WINDOWS\SYSTEM32\PFMODNT.SYS -- (PfModNT)


========== Standard Registry (SafeList) ==========


========== Internet Explorer ==========


IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Main,Start Page = http://www.google.com/
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,Default_Search_URL = http://www.google.com/ie
IE - HKCU\SOFTWARE\Microsoft\Internet Explorer\Search,SearchAssistant = http://www.google.com/ie
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyEnable" = 0
IE - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings: "ProxyOverride" = <local>;*.local

========== FireFox ==========

FF - prefs.js..browser.search.defaultenginename: ""
FF - prefs.js..browser.search.defaulturl: "http://search.yahoo....-8&fr=ytff-&p="
FF - prefs.js..browser.search.selectedEngine: "Google"
FF - prefs.js..browser.search.selectedengine: "Google"
FF - prefs.js..browser.startup.homepage: "www.google.com"

FF - HKLM\Software\MozillaPlugins\@adobe.com/FlashPlayer: C:\WINDOWS\system32\Macromed\Flash\NPSWF32.dll ()
FF - HKLM\Software\MozillaPlugins\@adobe.com/ShockwavePlayer: C:\WINDOWS\system32\Adobe\Director\np32dsw.dll (Adobe Systems, Inc.)
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=: File not found
FF - HKLM\Software\MozillaPlugins\@Apple.com/iTunes,version=1.0: C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll ()
FF - HKLM\Software\MozillaPlugins\@Google.com/GoogleEarthPlugin: C:\Program Files\Google\Google Earth\plugin\npgeplugin.dll (Google)
FF - HKLM\Software\MozillaPlugins\@google.com/npPicasa3,version=3.0.0: C:\Program Files\Google\Picasa3\npPicasa3.dll (Google, Inc.)
FF - HKLM\Software\MozillaPlugins\@java.com/JavaPlugin: C:\Program Files\Java\jre6\bin\new_plugin\npjp2.dll (Sun Microsystems, Inc.)
FF - HKLM\Software\MozillaPlugins\@mcafee.com/MVT: C:\Program Files\McAfee\Supportability\MVT\NPMVTPlugin.dll (McAfee, Inc.)
FF - HKLM\Software\MozillaPlugins\@messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.3: C:\Program Files\Yahoo!\Shared\npYState.dll (Yahoo! Inc.)
FF - HKLM\Software\MozillaPlugins\@Microsoft.com/NpCtrl,version=1.0: c:\Program Files\Microsoft Silverlight\4.0.60531.0\npctrl.dll ( Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@microsoft.com/VirtualEarth3D,version=4.0: C:\Program Files\Virtual Earth 3D\ [2009/05/28 22:07:36 | 000,000,000 | ---D | M]
FF - HKLM\Software\MozillaPlugins\@microsoft.com/WPF,version=3.5: c:\WINDOWS\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\NPWPF.dll (Microsoft Corporation)
FF - HKLM\Software\MozillaPlugins\@real.com/nppl3260;version=6.0.10.835: C:\Program Files\Real\RealOne Player\Netscape6\nppl3260.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/nprjplug;version=1.0.2.1136: C:\Program Files\Real\RealOne Player\Netscape6\nprjplug.dll (RealNetworks)
FF - HKLM\Software\MozillaPlugins\@real.com/nprpjplug;version=6.0.11.847: C:\Program Files\Real\RealOne Player\Netscape6\nprpjplug.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@real.com/RhapsodyPlayerEngine,version=1.1: C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll (RealNetworks, Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9: C:\Program Files\Google\Update\1.3.21.53\npGoogleUpdate3.dll (Google Inc.)
FF - HKLM\Software\MozillaPlugins\Adobe Reader: C:\Program Files\Adobe\Reader 9.0\Reader\AIR\nppdf32.dll (Adobe Systems Inc.)

FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\avg@igeared: C:\Program Files\AVG\AVG10\Toolbar\Firefox\avg@igeared
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\{1E73965B-8B48-48be-9C8D-68B920ABC1C4}: C:\Program Files\AVG\AVG10\Firefox4\ [2011/05/11 09:59:19 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\Java\jre6\lib\deploy\jqs\ff
FF - HKEY_LOCAL_MACHINE\software\mozilla\Firefox\Extensions\\[email protected]: C:\Program Files\AVAST Software\Avast\WebRep\FF [2011/08/19 20:25:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Components: C:\Program Files\Mozilla Firefox\components [2011/09/07 16:56:48 | 000,000,000 | ---D | M]
FF - HKEY_LOCAL_MACHINE\software\mozilla\Mozilla Firefox 6.0.2\extensions\\Plugins: C:\Program Files\Mozilla Firefox\plugins [2011/09/09 22:02:02 | 000,000,000 | ---D | M]

[2009/08/22 20:41:59 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Extensions
[2011/09/09 22:02:03 | 000,000,000 | ---D | M] (No name found) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions
[2010/04/27 12:35:54 | 000,000,000 | ---D | M] (Microsoft .NET Framework Assistant) -- C:\Documents and Settings\Todd\Application Data\Mozilla\Firefox\Profiles\sgr9vmuh.default\extensions\{20a82645-c095-46ed-80e3-08825760534b}
[2011/09/09 22:02:02 | 000,000,000 | ---D | M] (No name found) -- C:\Program Files\Mozilla Firefox\extensions
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SGR9VMUH.DEFAULT\EXTENSIONS\{66E978CD-981F-47DF-AC42-E3CF417C1467}.XPI
() (No name found) -- C:\DOCUMENTS AND SETTINGS\TODD\APPLICATION DATA\MOZILLA\FIREFOX\PROFILES\SGR9VMUH.DEFAULT\EXTENSIONS\{D10D0BF8-F5B5-C8B4-A8B2-2B9879E08C5D}.XPI
[2011/09/07 16:56:48 | 000,134,104 | ---- | M] (Mozilla Foundation) -- C:\Program Files\mozilla firefox\components\browsercomps.dll
[2011/06/26 12:33:18 | 000,002,252 | ---- | M] () -- C:\Program Files\mozilla firefox\searchplugins\bing.xml

O1 HOSTS File: ([2011/09/10 11:11:18 | 000,000,027 | ---- | M]) - C:\WINDOWS\SYSTEM32\DRIVERS\ETC\hosts
O1 - Hosts: 127.0.0.1 localhost
O2 - BHO: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O3 - HKLM\..\Toolbar: (avast! WebRep) - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll (AVAST Software)
O4 - HKLM..\Run: [Autorun Eater] C:\Program Files\Autorun Eater\oldmcdonald.exe (Old McDonald's Farm)
O4 - HKLM..\Run: [avast] C:\Program Files\AVAST Software\Avast\avastUI.exe (AVAST Software)
O4 - HKLM..\Run: [NvCplDaemon] C:\WINDOWS\System32\NvCpl.dll (NVIDIA Corporation)
O4 - HKLM..\Run: [TkBellExe] C:\Program Files\Common Files\Real\Update_OB\realsched.exe (RealNetworks, Inc.)
O4 - HKLM..\Run: [UpdReg] C:\WINDOWS\Updreg.EXE (Creative Technology Ltd.)
O4 - HKLM..\Run: [WinPatrol] C:\Program Files\BillP Studios\WinPatrol\winpatrol.exe (BillP Studios)
O4 - HKCU..\Run: [Yahoo! Pager] C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe (Yahoo! Inc.)
O4 - HKLM..\RunOnce: [Malwarebytes' Anti-Malware] C:\Program Files\Malwarebytes' Anti-Malware\mbamgui.exe (Malwarebytes Corporation)
O4 - Startup: C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk = C:\WINDOWS\Installer\{601BE80D-247B-4084-94C7-7A54369DB7A2}\Shortcut_EventPlan_E2FBA8F7F7FD4C5EAA7D652BB0CAAA9D.exe (Acresso Software Inc.)
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Main present
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: =
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: HonorAutoRunSetting = 1
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoCDBurning = 0
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O6 - HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O7 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveTypeAutoRun = 323
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoBandCustomize = 0
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDriveAutoRun = 67108863
O7 - HKCU\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\Explorer: NoDrives = 0
O8 - Extra context menu item: Add to Google Photos Screensa&ver - C:\WINDOWS\System32\GPhotos.scr (Google Inc.)
O9 - Extra Button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll (Yahoo! Inc.)
O10 - NameSpace_Catalog5\Catalog_Entries\000000000004 [] - C:\Program Files\Bonjour\mdnsNSP.dll (Apple Inc.)
O15 - HKCU\..Trusted Domains: ([]msn in My Computer)
O15 - HKCU\..Trusted Domains: amphire.net ([commerce] http in Trusted sites)
O15 - HKCU\..Trusted Domains: csplans.com ([teamsterups] https in Trusted sites)
O15 - HKCU\..Trusted Domains: ebay.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: paypal.com ([]* in Trusted sites)
O15 - HKCU\..Trusted Domains: usps.gov ([]* in Trusted sites)
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} http://go.microsoft....k/?linkid=39204 (Windows Genuine Advantage Validation Tool)
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: DhcpNameServer = 209.55.5.10 209.55.5.11
O17 - HKLM\System\CCS\Services\Tcpip\Parameters\Interfaces\{43C7A042-A8C9-4227-82B9-834C0473BEC0}: DhcpNameServer = 209.55.5.10 209.55.5.11
O18 - Protocol\Handler\avgsecuritytoolbar {F2DDE6B2-9684-4A55-86D4-E255E237B77C} - File not found
O20 - HKLM Winlogon: Shell - (Explorer.exe) - C:\WINDOWS\explorer.exe (Microsoft Corporation)
O20 - HKLM Winlogon: UserInit - (C:\WINDOWS\system32\userinit.exe) - C:\WINDOWS\SYSTEM32\userinit.exe (Microsoft Corporation)
O24 - Desktop WallPaper: C:\WINDOWS\DELL.BMP
O24 - Desktop BackupWallPaper: C:\WINDOWS\DELL.BMP
O28 - HKLM ShellExecuteHooks: {091EB208-39DD-417D-A5DD-7E2C2D8FB9CB} - C:\Program Files\Windows Defender\MpShHook.dll (Microsoft Corporation)
O32 - HKLM CDRom: AutoRun - 1
O32 - AutoRun File - [2002/09/03 09:59:58 | 000,000,000 | ---- | M] () - C:\AUTOEXEC.BAT -- [ NTFS ]
O34 - HKLM BootExecute: (autocheck autochk *) - File not found
O35 - HKLM\..comfile [open] -- "%1" %*
O35 - HKLM\..exefile [open] -- "%1" %*
O37 - HKLM\...com [@ = ComFile] -- "%1" %*
O37 - HKLM\...exe [@ = exefile] -- "%1" %*

========== Files/Folders - Created Within 30 Days ==========

[2011/09/10 12:08:59 | 001,916,416 | ---- | C] (AVAST Software) -- C:\Documents and Settings\Todd\Desktop\aswMBR.exe
[2011/09/10 12:02:51 | 001,402,672 | ---- | C] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Todd\Desktop\tdsskiller.exe
[2011/09/10 10:42:34 | 000,518,144 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWREG.exe
[2011/09/10 10:42:34 | 000,406,528 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWSC.exe
[2011/09/10 10:42:34 | 000,212,480 | ---- | C] (SteelWerX) -- C:\WINDOWS\SWXCACLS.exe
[2011/09/10 10:42:34 | 000,060,416 | ---- | C] (NirSoft) -- C:\WINDOWS\NIRCMD.exe
[2011/09/10 10:42:09 | 000,000,000 | ---D | C] -- C:\ComboFix
[2011/09/10 10:41:24 | 000,000,000 | ---D | C] -- C:\32788R22FWJFW
[2011/09/10 10:40:38 | 000,000,000 | ---D | C] -- C:\Qoobox
[2011/09/10 10:38:48 | 004,201,474 | R--- | C] (Swearware) -- C:\Documents and Settings\Todd\Desktop\ComboFix.exe
[2011/09/09 23:59:38 | 000,041,272 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbamswissarmy.sys
[2011/09/09 23:59:38 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\Malwarebytes' Anti-Malware
[2011/09/09 23:59:31 | 000,022,712 | ---- | C] (Malwarebytes Corporation) -- C:\WINDOWS\System32\drivers\mbam.sys
[2011/09/09 23:59:30 | 000,000,000 | ---D | C] -- C:\Program Files\Malwarebytes' Anti-Malware
[2011/09/09 23:58:20 | 009,466,208 | ---- | C] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/09 21:42:34 | 001,090,912 | ---- | C] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Todd\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/09/08 22:06:09 | 000,581,120 | ---- | C] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/08/23 22:00:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\Todd\Desktop\ggg
[2011/08/22 20:39:12 | 000,000,000 | ---D | C] -- C:\Documents and Settings\All Users\Start Menu\Programs\iTunes
[2011/08/22 20:37:47 | 000,000,000 | ---D | C] -- C:\Program Files\iPod
[2011/08/22 20:37:40 | 000,000,000 | ---D | C] -- C:\Program Files\iTunes
[2011/08/22 20:32:16 | 000,000,000 | ---D | C] -- C:\Program Files\Bonjour
[2011/08/22 20:22:40 | 000,000,000 | ---D | C] -- C:\Program Files\QuickTime
[2010/01/20 23:12:29 | 000,081,920 | ---- | C] (WIZnet Corp.) -- C:\Program Files\Common Files\WIZ1x0SR_105SR_CFG.exe
[2010/01/20 23:12:28 | 000,626,688 | ---- | C] (Microsoft Corporation) -- C:\Program Files\Common Files\MSVCR80.dll

========== Files - Modified Within 30 Days ==========

[2049/12/31 16:00:00 | 000,065,348 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.wpd
[2011/09/10 12:15:04 | 000,000,512 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\MBR.dat
[2011/09/10 12:09:09 | 001,916,416 | ---- | M] (AVAST Software) -- C:\Documents and Settings\Todd\Desktop\aswMBR.exe
[2011/09/10 12:02:53 | 001,402,672 | ---- | M] (Kaspersky Lab ZAO) -- C:\Documents and Settings\Todd\Desktop\tdsskiller.exe
[2011/09/10 11:11:18 | 000,000,027 | ---- | M] () -- C:\WINDOWS\System32\drivers\ETC\hosts
[2011/09/10 10:39:03 | 004,201,474 | R--- | M] (Swearware) -- C:\Documents and Settings\Todd\Desktop\ComboFix.exe
[2011/09/09 23:59:38 | 000,000,784 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/09/09 23:58:40 | 009,466,208 | ---- | M] (Malwarebytes Corporation ) -- C:\Documents and Settings\Todd\Desktop\mbam-setup-1.51.1.1800.exe
[2011/09/09 22:29:47 | 000,002,527 | ---- | M] () -- C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Event Planner Reminder 2010.lnk
[2011/09/09 22:29:15 | 000,001,170 | ---- | M] () -- C:\WINDOWS\System32\WPA.DBL
[2011/09/09 22:10:41 | 000,002,048 | --S- | M] () -- C:\WINDOWS\BOOTSTAT.DAT
[2011/09/09 22:10:37 | 2683,375,616 | -HS- | M] () -- C:\hiberfil.sys
[2011/09/09 21:42:36 | 001,090,912 | ---- | M] (AVG Technologies CZ, s.r.o.) -- C:\Documents and Settings\Todd\Desktop\avg_remover_stf_x86_2011_1184.exe
[2011/09/08 22:06:12 | 000,581,120 | ---- | M] (OldTimer Tools) -- C:\Documents and Settings\Todd\Desktop\OTL.exe
[2011/09/05 19:06:03 | 000,000,284 | ---- | M] () -- C:\WINDOWS\tasks\AppleSoftwareUpdate.job
[2011/09/03 05:17:37 | 000,599,040 | ---- | M] (Microsoft Corporation) -- C:\WINDOWS\System32\dllcache\crypt32.dll
[2011/08/27 11:58:24 | 000,216,539 | ---- | M] () -- C:\Documents and Settings\Todd\Desktop\todd florey experian.pdf
[2011/08/24 03:00:30 | 000,001,374 | ---- | M] () -- C:\WINDOWS\imsins.BAK
[2011/08/22 20:42:46 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\Safari.lnk
[2011/08/22 20:42:46 | 000,001,854 | ---- | M] () -- C:\Documents and Settings\Todd\Application Data\Microsoft\Internet Explorer\Quick Launch\Apple Safari.lnk
[2011/08/22 20:39:12 | 000,001,542 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/22 20:23:11 | 000,001,604 | ---- | M] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2011/08/19 20:25:49 | 000,002,625 | ---- | M] () -- C:\WINDOWS\System32\CONFIG.NT

========== Files Created - No Company Name ==========

[2011/09/10 12:15:04 | 000,000,512 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\MBR.dat
[2011/09/10 10:42:34 | 000,256,000 | ---- | C] () -- C:\WINDOWS\PEV.exe
[2011/09/10 10:42:34 | 000,208,896 | ---- | C] () -- C:\WINDOWS\MBR.exe
[2011/09/10 10:42:34 | 000,098,816 | ---- | C] () -- C:\WINDOWS\sed.exe
[2011/09/10 10:42:34 | 000,080,412 | ---- | C] () -- C:\WINDOWS\grep.exe
[2011/09/10 10:42:34 | 000,068,096 | ---- | C] () -- C:\WINDOWS\zip.exe
[2011/09/09 23:59:38 | 000,000,784 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\Malwarebytes' Anti-Malware.lnk
[2011/08/27 11:58:24 | 000,216,539 | ---- | C] () -- C:\Documents and Settings\Todd\Desktop\todd florey experian.pdf
[2011/08/22 20:39:12 | 000,001,542 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\iTunes.lnk
[2011/08/22 20:23:11 | 000,001,604 | ---- | C] () -- C:\Documents and Settings\All Users\Desktop\QuickTime Player.lnk
[2010/08/03 03:15:51 | 000,188,408 | ---- | C] () -- C:\Documents and Settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
[2010/06/10 14:11:16 | 000,068,660 | -H-- | C] () -- C:\WINDOWS\System32\mlfcache.dat
[2009/04/21 19:04:31 | 000,122,771 | ---- | C] () -- C:\WINDOWS\hpoins14.dat
[2009/04/21 19:04:31 | 000,001,996 | ---- | C] () -- C:\WINDOWS\hpomdl14.dat
[2008/09/13 09:37:35 | 000,001,804 | ---- | C] () -- C:\WINDOWS\System32\dcache.bin
[2008/09/13 09:37:08 | 000,363,520 | ---- | C] () -- C:\WINDOWS\System32\psisdecd.dll
[2008/01/23 20:48:19 | 000,002,528 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\$_hpcst$.hpc
[2007/12/04 22:18:43 | 000,094,208 | ---- | C] () -- C:\WINDOWS\System32\GTW32N50.dll
[2007/11/03 22:09:55 | 000,000,031 | -H-- | C] () -- C:\WINDOWS\uccspecc.sys
[2007/10/05 21:35:00 | 000,000,009 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\MumboJumbo.ini
[2007/10/05 21:35:00 | 000,000,000 | -H-- | C] () -- C:\Documents and Settings\Todd\Application Data\ud_soundmanager.ini
[2007/06/20 15:46:41 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini.backup
[2007/05/13 22:40:02 | 000,001,751 | ---- | C] () -- C:\Documents and Settings\All Users\Application Data\QTSBandwidthCache
[2007/01/26 22:20:03 | 000,000,000 | ---- | C] () -- C:\WINDOWS\Textart.INI
[2006/12/02 16:33:52 | 000,000,023 | ---- | C] () -- C:\WINDOWS\kodakpcd.Todd.ini
[2006/05/01 15:01:19 | 000,000,754 | ---- | C] () -- C:\WINDOWS\WORDPAD.INI
[2005/12/25 22:24:55 | 000,000,063 | ---- | C] () -- C:\WINDOWS\hw.ini
[2005/08/28 19:49:48 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\LXPRMON.DLL
[2005/08/28 19:49:48 | 000,032,768 | ---- | C] () -- C:\WINDOWS\System32\LXPMONUI.DLL
[2005/08/28 19:47:45 | 000,040,960 | ---- | C] () -- C:\WINDOWS\System32\lxccvs.dll
[2005/07/20 18:52:09 | 000,038,400 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
[2005/06/26 19:47:30 | 000,143,360 | ---- | C] () -- C:\WINDOWS\bbuninst.exe
[2005/02/22 23:29:49 | 000,000,116 | ---- | C] () -- C:\WINDOWS\NeroDigital.ini
[2004/11/10 21:20:13 | 000,001,096 | ---- | C] () -- C:\WINDOWS\checkip.dat
[2004/10/21 10:34:19 | 000,004,569 | ---- | C] () -- C:\WINDOWS\System32\secupd.dat
[2004/08/09 13:15:58 | 000,000,029 | ---- | C] () -- C:\WINDOWS\DEBUGSM.INI
[2004/07/18 16:52:14 | 000,000,021 | ---- | C] () -- C:\WINDOWS\PI_setup.ini
[2004/07/18 16:46:27 | 000,000,182 | ---- | C] () -- C:\WINDOWS\System32\EBPPORT4.DAT
[2004/07/18 16:45:45 | 000,000,111 | ---- | C] () -- C:\WINDOWS\EPSON Stylus CX5400.ini
[2004/06/13 11:32:05 | 000,000,127 | ---- | C] () -- C:\Documents and Settings\Todd\Local Settings\Application Data\fusioncache.dat
[2004/04/17 10:47:11 | 000,061,678 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JPR.{PB
[2004/04/17 10:47:11 | 000,012,358 | ---- | C] () -- C:\Documents and Settings\Todd\Application Data\PFP110JCM.{PB
[2004/04/14 20:11:24 | 000,001,922 | ---- | C] () -- C:\WINDOWS\cdPlayer.ini
[2004/03/09 12:48:57 | 000,000,061 | ---- | C] () -- C:\WINDOWS\smscfg.ini
[2004/03/09 12:42:26 | 000,149,504 | ---- | C] () -- C:\WINDOWS\UNWISE.EXE
[2004/03/09 12:38:23 | 000,000,258 | ---- | C] () -- C:\WINDOWS\System32\BDEMERGE.INI
[2004/03/09 12:36:54 | 001,048,576 | ---- | C] () -- C:\WINDOWS\System32\SFMAN.DAT
[2004/03/09 12:36:54 | 000,000,231 | ---- | C] () -- C:\WINDOWS\AC3API.INI
[2004/03/09 12:36:42 | 000,047,616 | ---- | C] () -- C:\WINDOWS\System32\P16X.dll
[2004/03/09 12:36:42 | 000,002,572 | ---- | C] () -- C:\WINDOWS\MIXDEF.INI
[2004/03/09 12:36:42 | 000,002,158 | ---- | C] () -- C:\WINDOWS\System32\P16X.ini
[2004/03/09 12:36:42 | 000,000,026 | ---- | C] () -- C:\WINDOWS\System32\ctzapxx.ini
[2004/03/09 12:36:41 | 000,000,064 | ---- | C] () -- C:\WINDOWS\P16x.ini
[2004/03/09 12:36:10 | 000,000,245 | ---- | C] () -- C:\WINDOWS\SBWIN.INI
[2004/03/09 12:35:13 | 000,000,138 | ---- | C] () -- C:\WINDOWS\WinInit.ini
[2004/03/09 12:32:15 | 000,000,780 | ---- | C] () -- C:\WINDOWS\orun32.ini
[2004/03/09 12:17:28 | 000,002,048 | --S- | C] () -- C:\WINDOWS\BOOTSTAT.DAT
[2004/03/09 12:14:52 | 000,441,552 | ---- | C] () -- C:\WINDOWS\System32\PERFH009.DAT
[2004/03/09 12:14:52 | 000,071,488 | ---- | C] () -- C:\WINDOWS\System32\PERFC009.DAT
[2004/03/09 12:01:22 | 000,000,546 | ---- | C] () -- C:\WINDOWS\System32\OEMINFO.INI
[2003/08/13 23:54:00 | 000,000,000 | ---- | C] () -- C:\WINDOWS\System32\px.ini
[2003/01/30 18:55:40 | 000,036,864 | ---- | C] () -- C:\WINDOWS\hpfsched.exe
[2003/01/30 18:54:28 | 000,003,691 | ---- | C] () -- C:\WINDOWS\hphinfs.dat
[2002/09/03 10:05:08 | 000,306,008 | ---- | C] () -- C:\WINDOWS\System32\FNTCACHE.DAT
[2002/09/03 09:59:14 | 000,004,161 | ---- | C] () -- C:\WINDOWS\ODBCINST.INI
[2002/09/03 09:56:30 | 000,021,640 | ---- | C] () -- C:\WINDOWS\System32\emptyregdb.dat
[2002/09/03 09:31:46 | 013,107,200 | ---- | C] () -- C:\WINDOWS\System32\oembios.bin
[2002/09/03 09:31:44 | 000,004,594 | ---- | C] () -- C:\WINDOWS\System32\oembios.dat
[2002/08/29 06:00:00 | 000,673,088 | ---- | C] () -- C:\WINDOWS\System32\MLANG.DAT
[2002/08/29 06:00:00 | 000,272,128 | ---- | C] () -- C:\WINDOWS\System32\PERFI009.DAT
[2002/08/29 06:00:00 | 000,218,003 | ---- | C] () -- C:\WINDOWS\System32\DSSEC.DAT
[2002/08/29 06:00:00 | 000,046,258 | ---- | C] () -- C:\WINDOWS\System32\MIB.BIN
[2002/08/29 06:00:00 | 000,028,626 | ---- | C] () -- C:\WINDOWS\System32\PERFD009.DAT
[2002/08/29 06:00:00 | 000,000,741 | ---- | C] () -- C:\WINDOWS\System32\NOISE.DAT
[1980/01/01 01:00:00 | 000,012,288 | ---- | C] () -- C:\WINDOWS\System32\e100bmsg.dll

========== Alternate Data Streams ==========

@Alternate Data Stream - 88 bytes -> C:\Documents and Settings\Todd\Desktop\Order in Suit to Modify Parent-Child Relationship02.doc:SummaryInformation

< End of report >


OTL Extras logfile created on: 9/10/2011 12:17:07 PM - Run 5
OTL by OldTimer - Version 3.2.27.0 Folder = C:\Documents and Settings\Todd\Desktop
Windows XP Home Edition Service Pack 3 (Version = 5.1.2600) - Type = NTWorkstation
Internet Explorer (Version = 8.0.6001.18702)
Locale: 00000409 | Country: United States | Language: ENU | Date Format: M/d/yyyy

2.50 Gb Total Physical Memory | 1.84 Gb Available Physical Memory | 73.75% Memory free
3.10 Gb Paging File | 2.71 Gb Available in Paging File | 87.26% Paging File free
Paging file location(s): C:\pagefile.sys 768 1536 [binary data]

%SystemDrive% = C: | %SystemRoot% = C:\WINDOWS | %ProgramFiles% = C:\Program Files
Drive C: | 74.47 Gb Total Space | 14.71 Gb Free Space | 19.76% Space Free | Partition Type: NTFS

Computer Name: BEDROOM | User Name: Todd | Logged in as Administrator.
Boot Mode: Normal | Scan Mode: Current user
Company Name Whitelist: Off | Skip Microsoft Files: Off | No Company Name Whitelist: On | File Age = 30 Days

========== Extra Registry (All) ==========


========== File Associations ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<extension>]
.bat [@ = batfile] -- "%1" %*
.chm [@ = chm.file] -- C:\WINDOWS\hh.exe (Microsoft Corporation)
.cmd [@ = cmdfile] -- "%1" %*
.com [@ = ComFile] -- "%1" %*
.cpl [@ = cplfile] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
.exe [@ = exefile] -- "%1" %*
.hlp [@ = hlpfile] -- C:\WINDOWS\System32\winhlp32.exe (Microsoft Corporation)
.hta [@ = htafile] -- C:\WINDOWS\System32\mshta.exe (Microsoft Corporation)
.html [@ = ChromeHTML] -- C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.)
.inf [@ = inffile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.ini [@ = inifile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.url [@ = InternetShortcut] -- rundll32.exe ieframe.dll,OpenURL %l
.js [@ = JSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.jse [@ = JSEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.pif [@ = piffile] -- "%1" %*
.reg [@ = regfile] -- C:\WINDOWS\regedit.exe (Microsoft Corporation)
.scr [@ = scrfile] -- "%1" /S
.txt [@ = txtfile] -- C:\WINDOWS\System32\NOTEPAD.EXE (Microsoft Corporation)
.vbe [@ = VBEFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.vbs [@ = VBSFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsf [@ = WSFFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)
.wsh [@ = WSHFile] -- C:\WINDOWS\System32\WScript.exe (Microsoft Corporation)

[HKEY_CURRENT_USER\SOFTWARE\Classes\<extension>]
.html [@ = ChromeHTML] -- Reg Error: Key error. File not found

========== Shell Spawning ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\<key>\shell\[command]\command]
batfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
batfile [open] -- "%1" %*
batfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
chm.file [open] -- "%SYSTEMROOT%\hh.exe" %1 (Microsoft Corporation)
cmdfile [edit] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
cmdfile [open] -- "%1" %*
cmdfile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
comfile [open] -- "%1" %*
cplfile [cplopen] -- rundll32.exe shell32.dll,Control_RunDLL "%1",%*
exefile [open] -- "%1" %*
helpfile [open] -- winhlp32.exe %1 (Microsoft Corporation)
hlpfile [open] -- %SystemRoot%\System32\winhlp32.exe %1 (Microsoft Corporation)
htafile [open] -- C:\WINDOWS\system32\mshta.exe "%1" %* (Microsoft Corporation)
htmlfile [edit] -- "C:\Program Files\Microsoft Office\Office12\msohtmed.exe" %1 (Microsoft Corporation)
htmlfile [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
htmlfile [opennew] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
htmlfile [print] -- rundll32.exe %SystemRoot%\system32\mshtml.dll,PrintHTML "%1" (Microsoft Corporation)
http [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" -nohome (Microsoft Corporation)
https [open] -- "C:\Program Files\Google\Chrome\Application\chrome.exe" -- "%1" (Google Inc.)
inffile [install] -- %SystemRoot%\System32\rundll32.exe setupapi,InstallHinfSection DefaultInstall 132 %1 (Microsoft Corporation)
inffile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inffile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
inifile [open] -- %SystemRoot%\System32\NOTEPAD.EXE %1 (Microsoft Corporation)
inifile [print] -- %SystemRoot%\System32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
InternetShortcut [open] -- rundll32.exe ieframe.dll,OpenURL %l
InternetShortcut [print] -- "C:\WINDOWS\system32\rundll32.exe" "C:\WINDOWS\system32\mshtml.dll",PrintHTML "%1" (Microsoft Corporation)
jsfile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
jsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsfile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
jsefile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
jsefile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
jsefile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
piffile [open] -- "%1" %*
regfile [edit] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
regfile [open] -- regedit.exe "%1" (Microsoft Corporation)
regfile [merge] -- Reg Error: Key error.
regfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
scrfile [config] -- "%1"
scrfile [install] -- rundll32.exe desk.cpl,InstallScreenSaver %l
scrfile [open] -- "%1" /S
txtfile [edit] -- Reg Error: Key error.
txtfile [open] -- %SystemRoot%\system32\NOTEPAD.EXE %1 (Microsoft Corporation)
txtfile [print] -- %SystemRoot%\system32\NOTEPAD.EXE /p %1 (Microsoft Corporation)
txtfile [printto] -- %SystemRoot%\system32\notepad.exe /pt "%1" "%2" "%3" "%4" (Microsoft Corporation)
vbefile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
vbefile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbefile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
vbsfile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
vbsfile [open] -- %SystemRoot%\System32\WScript.exe "%1" %* (Microsoft Corporation)
vbsfile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
wsffile [edit] -- C:\WINDOWS\System32\Notepad.exe %1 (Microsoft Corporation)
wsffile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
wsffile [print] -- C:\WINDOWS\System32\Notepad.exe /p %1 (Microsoft Corporation)
wshfile [open] -- C:\WINDOWS\System32\WScript.exe "%1" %* (Microsoft Corporation)
Unknown [openas] -- %SystemRoot%\system32\rundll32.exe %SystemRoot%\system32\shell32.dll,OpenAs_RunDLL %1
Directory [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Directory [OneNote.Open] -- C:\PROGRA~1\MI1933~1\Office12\ONENOTE.EXE "%L" (Microsoft Corporation)
Folder [open] -- %SystemRoot%\Explorer.exe /idlist,%I,%L (Microsoft Corporation)
Folder [explore] -- %SystemRoot%\Explorer.exe /e,/idlist,%I,%L (Microsoft Corporation)
Drive [find] -- %SystemRoot%\Explorer.exe (Microsoft Corporation)
Applications\iexplore.exe [open] -- "C:\Program Files\Internet Explorer\iexplore.exe" %1 (Microsoft Corporation)
CLSID\{871C5380-42A0-1069-A2EA-08002B30309D} [OpenHomePage] -- "%programfiles%\internet explorer\iexplore.exe" (Microsoft Corporation)

========== Security Center Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center]
"AntiVirusDisableNotify" = 0
"FirewallDisableNotify" = 0
"UpdatesDisableNotify" = 0
"AntiVirusOverride" = 1
"FirewallOverride" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\AhnlabAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ComputerAssociatesAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\KasperskyAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\McAfeeFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\PandaFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SophosAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\SymantecFirewall]
"DisableMonitoring" = 1

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TinyFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendAntiVirus]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\TrendFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\Monitoring\ZoneLabsFirewall]

========== System Restore Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\SystemRestore]
"DisableSR" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Sr]
"Start" = 0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SrService]
"Start" = 2

========== Firewall Settings ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\DomainProfile]

[HKEY_LOCAL_MACHINE\SOFTWARE\Policies\Microsoft\WindowsFirewall\StandardProfile]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"139:TCP" = 139:TCP:*:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:*:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:*:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:*:Enabled:@xpsp2res.dll,-22002

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile]
"EnableFirewall" = 0
"DoNotAllowExceptions" = 0
"DisableNotifications" = 1

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\GloballyOpenPorts\List]
"26675:TCP" = 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service
"1900:UDP" = 1900:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22007
"2869:TCP" = 2869:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22008
"139:TCP" = 139:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22004
"445:TCP" = 445:TCP:LocalSubNet:Enabled:@xpsp2res.dll,-22005
"137:UDP" = 137:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22001
"138:UDP" = 138:UDP:LocalSubNet:Enabled:@xpsp2res.dll,-22002

========== Authorized Applications List ==========

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\DomainProfile\AuthorizedApplications\List]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List]
"C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe" = C:\Program Files\Dell Computer\Dell Picture Studio v2.0\launch.exe:*:Enabled:Jasc Paint Shop Photo Album Application -- (Jasc Software)
"C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe" = C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:*:Enabled:Yahoo! Messenger -- (Yahoo! Inc.)
"C:\Program Files\Yahoo!\Messenger\YServer.exe" = C:\Program Files\Yahoo!\Messenger\YServer.exe:*:Enabled:Yahoo! FT Server -- (Yahoo! Inc.)
"C:\Program Files\uTorrent\uTorrent.exe" = C:\Program Files\uTorrent\uTorrent.exe:*:Enabled:µTorrent -- (BitTorrent, Inc.)
"C:\Program Files\Steam\SteamApps\tbinnerarity\counter-strike source\hl2.exe" = C:\Program Files\Steam\SteamApps\tbinnerarity\counter-strike source\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Steam\SteamApps\tbinnerarity\half-life 2 deathmatch\hl2.exe" = C:\Program Files\Steam\SteamApps\tbinnerarity\half-life 2 deathmatch\hl2.exe:*:Enabled:hl2 -- ()
"C:\Program Files\Adobe Media Player\Adobe Media Player.exe" = C:\Program Files\Adobe Media Player\Adobe Media Player.exe:*:Enabled:Adobe Media Player -- ()
"C:\Program Files\Google\Google Earth\client\googleearth.exe" = C:\Program Files\Google\Google Earth\client\googleearth.exe:*:Enabled:Google Earth -- (Google)
"C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe" = C:\Program Files\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe:*:Enabled:WebKit -- (Apple Inc.)


========== HKEY_LOCAL_MACHINE Uninstall List ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"{007811BF-E310-4285-BFC6-55DB29B3EDDE}" = WinPatrol
"{04410044-9149-45C6-A806-F2BF9CFCE762}" = Microsoft Encarta Encyclopedia Standard 2004
"{08C5815C-2C6E-44f8-8748-0E61BC9AFB68}" = Symantec KB-DocID:2003093015493306
"{09DA4F91-2A09-4232-AB8C-6BC740096DE3}" = Sonic Update Manager
"{11F1920A-56A2-4642-B6E0-3B31A12C9288}" = Dell Solution Center
"{1206EF92-2E83-4859-ACCB-2048C3CB7DA6}" = Sonic DLA
"{166E180E-9A3F-41AE-8B40-22D8FFF4AF87}" = McAfee Virtual Technician
"{18455581-E099-4BA8-BC6B-F34B2F06600C}" = Google Toolbar for Internet Explorer
"{1D643CD7-4DD6-11D7-A4E0-000874180BB3}" = Microsoft Money 2004
"{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
"{22DE1881-9D24-4981-B5CC-EC7E9F2F4D52}" = Rhapsody Player Engine
"{2318C2B1-4965-11d4-9B18-009027A5CD4F}" = Google Toolbar for Internet Explorer
"{2637C347-9DAD-11D6-9EA2-00055D0CA761}" = Dell Media Experience
"{26A24AE4-039D-4CA4-87B4-2F83216021FF}" = Java™ 6 Update 21
"{2D87E961-577B-492B-AD54-1368680FB9A7}" = Virtual Earth 3D (Beta)
"{2F28B3C9-2C89-4206-8B33-8ADC9577C49B}" = Scan
"{350C97B0-3D7C-4EE8-BAA9-00BCB3D54227}" = WebFldrs XP
"{4A03706F-666A-4037-7777-5F2748764D10}" = Java Auto Updater
"{4B9F45E8-E3CE-40B4-9463-80A9B3481DEF}" = Banctec Service Agreement
"{54F90B55-BEB3-4F0D-8802-228822FA5921}" = WordPerfect Office 11
"{601BE80D-247B-4084-94C7-7A54369DB7A2}" = Hallmark Card Studio 2010 Deluxe
"{63569CE9-FA00-469C-AF5C-E5D4D93ACF91}" = Windows Genuine Advantage v1.3.0254.0
"{66C8BE35-8BBB-472B-96C7-C7C9A499F988}" = ArcSoft Software Suite
"{6811CAA0-BF12-11D4-9EA1-0050BAE317E1}" = PowerDVD
"{68D60342-7686-45C9-B8EB-40EF843D0460}" = Dell Networking Guide
"{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"{69995C7A-062A-4A90-A4DF-8C22895DF522}" = iTunes
"{6A3F9D74-BB80-4451-8CA1-4B3A857F1359}" = Apple Application Support
"{735619D4-B42A-437A-958C-199BFCAEDB38}" = Safari
"{779DECD7-E072-4B56-9B6B-BEB5973EEEB5}" = MobileMe Control Panel
"{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}" = Apple Software Update
"{7EFA5E6F-74F7-4AFB-8AEA-AA790BD3A76D}" = DellSupport
"{81A34902-9D0B-4920-A25C-4CDC5D14B328}" = Jasc Paint Shop Pro 8 Dell Edition
"{86CE85E6-DBAC-3FFD-B977-E4B79F83C909}" = Microsoft Visual C++ 2008 Redistributable - KB2467174 - x86 9.0.30729.5570
"{8927E07C-97F7-4A54-88FB-D976F50DD46E}" = Turbo Lister 2
"{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}" = Microsoft Silverlight
"{8C64E145-54BA-11D6-91B1-00500462BE80}" = Microsoft Money 2004 System Pack
"{90120000-0010-0409-0000-0000000FF1CE}" = Microsoft Software Update for Web Folders (English) 12
"{90120000-0016-0409-0000-0000000FF1CE}" = Microsoft Office Excel MUI (English) 2007
"{90120000-0016-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0018-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint MUI (English) 2007
"{90120000-0018-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001B-0409-0000-0000000FF1CE}" = Microsoft Office Word MUI (English) 2007
"{90120000-001B-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-001F-0409-0000-0000000FF1CE}" = Microsoft Office Proof (English) 2007
"{90120000-001F-0409-0000-0000000FF1CE}_HOMESTUDENTR_{ABDDE972-355B-4AF1-89A8-DA50B7B5C045}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-040C-0000-0000000FF1CE}" = Microsoft Office Proof (French) 2007
"{90120000-001F-040C-0000-0000000FF1CE}_HOMESTUDENTR_{F580DDD5-8D37-4998-968E-EBB76BB86787}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-001F-0C0A-0000-0000000FF1CE}" = Microsoft Office Proof (Spanish) 2007
"{90120000-001F-0C0A-0000-0000000FF1CE}_HOMESTUDENTR_{187308AB-5FA7-4F14-9AB9-D290383A10D9}" = Microsoft Office Proofing Tools 2007 Service Pack 2 (SP2)
"{90120000-002C-0409-0000-0000000FF1CE}" = Microsoft Office Proofing (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}" = Microsoft Office Shared MUI (English) 2007
"{90120000-006E-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-00A1-0409-0000-0000000FF1CE}" = Microsoft Office OneNote MUI (English) 2007
"{90120000-00A1-0409-0000-0000000FF1CE}_HOMESTUDENTR_{2FC4457D-409E-466F-861F-FB0CB796B53E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90120000-0115-0409-0000-0000000FF1CE}" = Microsoft Office Shared Setup Metadata MUI (English) 2007
"{90120000-0115-0409-0000-0000000FF1CE}_HOMESTUDENTR_{DE5A002D-8122-4278-A7EE-3121E7EA254E}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{90140000-2005-0000-0000-0000000FF1CE}" = Microsoft Office File Validation Add-In
"{90D55A3F-1D99-4C94-A77E-46DC14F0BF08}" = Help and Support Customization
"{91120000-002F-0000-0000-0000000FF1CE}" = Microsoft Office Home and Student 2007
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{0B36C6D6-F5D8-4EAF-BF94-4376A230AD5B}" = Microsoft Office 2007 Service Pack 2 (SP2)
"{91120000-002F-0000-0000-0000000FF1CE}_HOMESTUDENTR_{3D019598-7B59-447A-80AE-815B703B84FF}" = Security Update for Microsoft Office system 2007 (972581)
"{95120000-00AF-0409-0000-0000000FF1CE}" = Microsoft Office PowerPoint Viewer 2007 (English)
"{9541FED0-327F-4DF0-8B96-EF57EF622F19}" = Sonic RecordNow!
"{96E16100-A77F-4B31-B9AD-FFBA040EE1BD}" = Sound Blaster Live!
"{976EA7B1-7562-483D-88DA-4323D263B7CD}" = DiMAGE Viewer
"{99052DB7-9592-4522-A558-5417BBAD48EE}" = Microsoft ActiveSync
"{9BE518E6-ECC6-35A9-88E4-87755C07200F}" = Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161
"{A06275F4-324B-4E85-95E6-87B2CD729401}" = Windows Defender
"{A3051CD0-2F64-3813-A88D-B8DCCDE8F8C7}" = Microsoft .NET Framework 3.0 Service Pack 2
"{A790BEB1-BCCF-4EC6-807B-5708B36E8A79}" = Intel® PROSet
"{A92DAB39-4E2C-4304-9AB6-BC44E68B55E2}" = Google Update Helper
"{ABEB838C-A1A7-4C5D-B7E1-8B4314600133}" = MSN Messenger 6.2
"{AC76BA86-7AD7-1033-7B44-A94000000001}" = Adobe Reader 9.4.5
"{ACF60000-22B9-4CE9-98D6-2CCF359BAC07}" = ABBYY FineReader 6.0 Sprint Plus
"{AF7FC1CA-79DF-43c3-90A3-33EFEB9294CE}" = AIO_Scan
"{B2C61EBB-F47C-48ba-B375-27A40F8F48F7}" = HP Deskjet All-In-One Software 9.0
"{B4F35A00-24FD-4fb3-BF5E-413D5423434D}" = DJ_AIO_Software_min
"{BE06114F-559D-11E0-B5A1-001D0926B1BF}" = Google Earth
"{C09FB3CD-3D0C-3F2D-899A-6A1D67F2073F}" = Microsoft .NET Framework 2.0 Service Pack 2
"{C23CD6DA-1958-43A5-ADD0-59396572E02E}" = Apple Mobile Device Support
"{C4868E88-F5B5-4E45-9592-C7062BD97441}" = Symantec Technical Support Web Controls
"{C7888C3F-0506-555F-7907-CDD3F81719A5}" = Adobe Media Player
"{C9E14402-3631-4182-B377-6B0DFB1C0339}" = QuickTime
"{CB011820-5484-4BC9-9644-88C17A69E708}" = WIZ1x0_105SR Configtool
"{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}" = Microsoft .NET Framework 1.1
"{CC000127-5E5D-4A1C-90CB-EEAAAC1E3AC0}" = Jasc Paint Shop Photo Album
"{CE2CDD62-0124-36CA-84D3-9F4DCF5C5BD9}" = Microsoft .NET Framework 3.5 SP1
"{D03482C5-9AD8-496D-B388-692AE04C93AF}" = Bonjour
"{D111D725-97AB-4654-B866-21700C703E86}" = HHD Software Hex Editor
"{DD0B4C27-B1D9-40BE-AC96-68228FAC2149}" = HyperLoad - Candystand Billiards
"{E9C18EBD-85BE-47D0-AA73-3FEDCC976B04}" = Toolbox
"{EA2BEBD6-87B9-41E5-95AC-7E4C165A9475}" = WexTech AnswerWorks
"{EBAE381B-60A6-4863-AA9F-FCAB755BC9E5}" = ScanToWeb
"{F1E63043-54FC-429B-AB2C-31AF9FBA4BC7}" = 32 Bit HP CIO Components Installer
"{FA54AFB1-5745-4389-B8C1-9F7509672ED1}" = iPhone Configuration Utility
"{FC4ED75D-916C-4A8C-BB67-3C6F6E06D62B}" = Banctec Service Agreement
"Adobe Flash Player ActiveX" = Adobe Flash Player 10 ActiveX
"Adobe Flash Player Plugin" = Adobe Flash Player 10 Plugin
"Adobe Shockwave Player" = Adobe Shockwave Player
"Audacity 1.3 Beta (Unicode)_is1" = Audacity 1.3.13 (Unicode)
"Autorun Eater_is1" = Autorun Eater v2.5
"avast" = avast! Free Antivirus
"Coupon Printer for Windows2.0" = Coupon Printer for Windows
"Coupon Printer for Windows5.0.0.1" = Coupon Printer for Windows
"Dell Digital Jukebox Driver" = Dell Digital Jukebox Driver
"DVD Decrypter" = DVD Decrypter (Remove Only)
"DVD Shrink_is1" = DVD Shrink 3.2
"Extreme HU 1.6" = Extreme HU 1.6
"Google Chrome" = Google Chrome
"Hex Workshop v4.20" = Hex Workshop v4.23
"HOMESTUDENTR" = Microsoft Office Home and Student 2007
"IDNMitigationAPIs" = Microsoft Internationalized Domain Names Mitigation APIs
"ie7" = Windows Internet Explorer 7
"ie8" = Windows Internet Explorer 8
"InstallShield_{69640730-B830-4C24-BB5C-222DA1260548}" = Turbo Lister 2
"KeyRipper" = KeyRipper 3.1
"LAME for Audacity_is1" = LAME v3.98.3 for Audacity
"Lexmark 3300 Series" = Lexmark 3300 Series
"Loader_is1" = Loader
"Malwarebytes' Anti-Malware_is1" = Malwarebytes' Anti-Malware version 1.51.1.1800
"Microsoft .NET Framework 1.1 (1033)" = Microsoft .NET Framework 1.1
"Microsoft .NET Framework 3.5 SP1" = Microsoft .NET Framework 3.5 SP1
"Mozilla Firefox 6.0.2 (x86 en-US)" = Mozilla Firefox 6.0.2 (x86 en-US)
"MSCompPackV1" = Microsoft Compression Client Pack 1.0 for Windows XP
"MSN Music Assistant" = MSN Music Assistant
"Nagra Master - ROM 102 Utility" = Nagra Master - ROM 102 Utility 1.3 (BETA)
"Nero - Burning Rom!UninstallKey" = Nero 6 Ultra Edition
"NeroVision!UninstallKey" = NeroVision Express 2
"NLSDownlevelMapping" = Microsoft National Language Support Downlevel APIs
"NMPUninstallKey" = Nero Media Player
"NVIDIA" = NVIDIA Windows 2000/XP Display Drivers
"PartyPoker" = PartyPoker
"Picasa 3" = Picasa 3
"PROSet" = Intel® PRO Network Adapters and Drivers
"PVRLoader_is1" = PVRLoader
"RealPlayer 6.0" = RealOne Player
"Sewer Run_is1" = Sewer Run
"Shockwave" = Shockwave
"ST6UNST #1" = FOXPRO Programmer
"Tier Creator for Dummies II" = Tier Creator for Dummies II
"Virtools3DLifePlayer" = Virtools 3D Life Player
"VSHD Loader_is1" = VSHD Loader 1.0
"Windows Audio Recorder Professional_is1" = Windows Audio Recorder Professional 5.00
"Windows Media Format Runtime" = Windows Media Format 11 runtime
"Windows Media Player" = Windows Media Player 11
"Windows Mobile Device Handbook" = Windows Mobile® Device Handbook
"Windows XP Service Pack" = Windows XP Service Pack 3
"WinRAR archiver" = WinRAR archiver
"WMFDist11" = Windows Media Format 11 runtime
"wmp11" = Windows Media Player 11
"Wudf01000" = Microsoft User-Mode Driver Framework Feature Pack 1.0
"Yahoo! Companion" = Yahoo! Toolbar
"Yahoo! Extras" = Yahoo! Browser Services
"Yahoo! Mail" = Yahoo! Internet Mail
"Yahoo! Messenger" = Yahoo! Messenger
"Yahoo! Toolbar" = Yahoo! Toolbar
"YInstHelper" = Yahoo! Install Manager

========== HKEY_CURRENT_USER Uninstall List ==========

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall]
"Move Networks Player - IE" = Move Networks Media Player for Internet Explorer
"uTorrent" = µTorrent

========== Last 10 Event Log Errors ==========

[ Application Events ]
Error - 6/26/2011 11:03:55 PM | Computer Name = BEDROOM | Source = MsiInstaller | ID = 11722
Description = Product: Apple Software Update -- Error 1722. There is a problem with
this Windows Installer package. A program run as part of the setup did not finish
as expected. Contact your support personnel or package vendor. Action SoftwareUpdate_RegServer,
location: C:\Program Files\Apple Software Update\SoftwareUpdate.exe, command: /RegServer


Error - 7/8/2011 05:10:00 PM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 7/13/2011 10:24:23 PM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/14/2011 06:00:31 PM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/14/2011 06:00:33 PM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 5.0.0.4183, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 8/19/2011 11:42:17 PM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.0.4240, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2011 08:29:01 PM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application pspa.exe, version 4.0.0.3, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

Error - 9/6/2011 08:32:01 PM | Computer Name = BEDROOM | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 9/6/2011 08:32:33 PM | Computer Name = BEDROOM | Source = MsiInstaller | ID = 11706
Description = Product: Microsoft ActiveSync -- Error.No valid source could be found
for product Microsoft ActiveSync. The Windows Installer cannot continue.

Error - 9/10/2011 12:54:36 AM | Computer Name = BEDROOM | Source = Application Hang | ID = 1002
Description = Hanging application firefox.exe, version 6.0.2.4262, hang module hungapp,
version 0.0.0.0, hang address 0x00000000.

[ System Events ]
Error - 8/31/2011 08:04:19 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The WMDM PMSP Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/31/2011 08:04:28 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 8/31/2011 08:04:28 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/7/2011 10:40:27 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The WMDM PMSP Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/7/2011 10:40:32 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Java Quick Starter service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/7/2011 10:40:37 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Creative Service for CDROM Access service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/7/2011 10:40:40 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The Bonjour Service service terminated unexpectedly. It has done
this 1 time(s).

Error - 9/9/2011 11:02:00 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The NVIDIA Driver Helper Service service terminated unexpectedly.
It has done this 1 time(s).

Error - 9/9/2011 11:02:00 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7031
Description = The Apple Mobile Device service terminated unexpectedly. It has done
this 1 time(s). The following corrective action will be taken in 60000 milliseconds:
Restart the service.

Error - 9/9/2011 11:02:01 PM | Computer Name = BEDROOM | Source = Service Control Manager | ID = 7034
Description = The iPod Service service terminated unexpectedly. It has done this
1 time(s).


< End of report >
  • 0

#9
RKinner
Posted 10 September 2011 - 11:53 AM

RKinner

    Malware Expert

  • Expert
  • 24,625 posts
  • MVP
Are you still getting redirected?

I don't see much left in your logs. There's a trace of an old vundo infection and some leftovers from McAfee and AVG. Let's make sure the vundo is really gone and also remove the mcafee stuff:


Copy the text between the lines of stars by highlighting and Ctrl + c.

******************************************

Killall::

RootKit::
c:\windows\system32\refobaju.dll
c:\windows\system32\vebimayo.dll
c:\windows\system32\kiduruka.dll
c:\windows\system32\goyetude.dll

Registry::
[-HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS]


******************************************

Now open notepad (Start, Run, notepad, OK) and Ctrl + V to paste the text into Notepad. Make sure you got it all then File, SAVE AS, (to your Desktop), CFScript , OK. Close notepad. (Overwrite the old one if it's still there.) You should see a file CFScript.txt on your desktop.

Pause your anti-virus.

Drag CFScript.txt over to Combofix and let go Combofix should start on its own.

Post the new log.

Ron
  • 0

#10
tammy111
Posted 10 September 2011 - 02:40 PM

tammy111

    Member

  • Topic Starter
  • Member
  • PipPip
  • 95 posts
combo fix ran but didnt produce a log. I tried earlier and did not get redirected so i guess its fixed....thanks so much for your help sweetie!!!
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP